You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by Apache Wiki <wi...@apache.org> on 2009/02/07 05:36:00 UTC

[Spamassassin Wiki] Update of "DnsBlocklists" by MattKettler

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Spamassassin Wiki" for change notification.

The following page has been changed by MattKettler:
http://wiki.apache.org/spamassassin/DnsBlocklists

The comment on the change is:
added note about query trigger rules and how to disable them.

------------------------------------------------------------------------------
  
  A: You're right.  You might look at the [http://spamassassin.apache.org/doc/Mail_SpamAssassin_Conf.html Mail::SpamAssassin::Conf] documentation page which I admit doesn't really say how to configure which DNSBL to use, or the rules file [http://spamassassin.apache.org/dist/rules/20_dnsbl_tests.cf 20_dnsbl_tests.cf], for internal details, but no clear examples of how to configure the inclusion of various DNSBLs either.  For the latest list of DNSBLs you want to be using a recent SpamAssassin version (3.2.x at the time of this correction) and [:RuleUpdates: sa-update], for the same reason that you wouldn't use an out-of-date virus scanner, but that also doesn't really have anything to do with the question. 
  
+ If you don't want ''any'' DNSBLs used, put a line like
+ 
+   skip_rbl_checks 1
+ 
+ in your local.cf
+ 
  To eliminate the use of a particular DNSBL, set the score to zero. Put lines like  
  
    score RCVD_IN_RFCI 0  
@@ -69, +75 @@

  
    score RCVD_IN_DSBL 0  
  
- in your local.cf if you don't want certain DNSBLs listed with RCVD_IN_* in [http://spamassassin.apache.org/dist/rules/50_scores.cf 50_scores.cf] to be used.  If you don't want ''any'' DNSBLs used, put a line like
+ in your local.cf if you don't want certain DNSBLs listed with RCVD_IN_* in [http://spamassassin.apache.org/dist/rules/50_scores.cf 50_scores.cf] to be used.  
  
-   skip_rbl_checks 1
  
- in your local.cf
+ Note: many of the DNSBLs that can return multiple lists with one DNS query are implemented using one, unscored, rule that triggers the DNS lookup and stores the result, and several scored rules that check against that stored result (ie: zen.spamhaus.org). For these sets, if you wish to completely disable the DNS lookup, you will need to disable this rule. It can be found by looking at 20_dnsbl_tests.cf, and find the rule implemented using "check_rbl" instead of "check_rbl_sub". 
  
+ At present, the query trigger rule for SpamHaus looks like this:
+ 
+ header __RCVD_IN_ZEN            eval:check_rbl('zen', 'zen.spamhaus.org.')
+ 
+ So to disable it you'd use:
+ 
+ score __RCVD_IN_ZEN 0
  
  
  '''Q: The dns-blocklists just don't appear to be used.  What is going wrong?'''