You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Michael Scheidell <sc...@secnap.net> on 2008/07/22 14:13:59 UTC

disabling rfci (dns_from_rfc*)

header DNS_FROM_RFC_DSN         eval:check_rbl_sub('rfci_envfrom', 
'127.0.0.2')
header DNS_FROM_RFC_BOGUSMX     eval:check_rbl_sub('rfci_envfrom', 
'127.0.0.8')
header __DNS_FROM_RFC_POST      eval:check_rbl_sub('rfci_envfrom', 
'127.0.0.3')
header __DNS_FROM_RFC_ABUSE     eval:check_rbl_sub('rfci_envfrom', 
'127.0.0.4')
header __DNS_FROM_RFC_WHOIS     eval:check_rbl_sub('rfci_envfrom', 
'127.0.0.5')


I know I can disable DNS_FROM_RFC_DSN and DNS_FROM_RDF_BOGUSMX by 
setting scores to 0.
but since __DNS_FROM_RFC_POST|ABUSE|WHOIS are metarules, do I disable 
them (prevent even the dns lookups) buy setting score to 0?
(aren't meta rules already score 0?)

also, since there are no rules anywhere anymore that reference 
_POST|ABUSE|WHOIS   , shouldn't they be removed anyway?

-- 
Michael Scheidell, President
Main: 561-999-5000, Office: 561-939-7259
 > *| *SECNAP Network Security Corporation
Winner 2008 Technosium hot company award.
www.technosium.com/hotcompanies/ <http://www.technosium.com/hotcompanies/>

_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com
_________________________________________________________________________

Re: disabling rfci (dns_from_rfc*)

Posted by Matt Kettler <mk...@verizon.net>.

Michael Scheidell wrote:
> header DNS_FROM_RFC_DSN         eval:check_rbl_sub('rfci_envfrom', 
> '127.0.0.2')
> header DNS_FROM_RFC_BOGUSMX     eval:check_rbl_sub('rfci_envfrom', 
> '127.0.0.8')
> header __DNS_FROM_RFC_POST      eval:check_rbl_sub('rfci_envfrom', 
> '127.0.0.3')
> header __DNS_FROM_RFC_ABUSE     eval:check_rbl_sub('rfci_envfrom', 
> '127.0.0.4')
> header __DNS_FROM_RFC_WHOIS     eval:check_rbl_sub('rfci_envfrom', 
> '127.0.0.5')
>
>
> I know I can disable DNS_FROM_RFC_DSN and DNS_FROM_RDF_BOGUSMX by 
> setting scores to 0.
> but since __DNS_FROM_RFC_POST|ABUSE|WHOIS are metarules, do I disable 
> them (prevent even the dns lookups) buy setting score to 0?
> (aren't meta rules already score 0?)
 rules starting with __ have no score, which is not the same as a score 
of 0. If you explicitly set them to 0, it disables them.
>
> also, since there are no rules anywhere anymore that reference 
> _POST|ABUSE|WHOIS   , shouldn't they be removed anyway?
>
They have little cost, so it's not really necessary. If you want to 
disable the DNS lookup to RFCI, you must zero the score of the rule that 
uses check_rbl, not the ones that use check_rbl_sub. All the "_sub" 
rules do is check the existing result generated by the original rule.