dns tests and scoring info for modification

[Robert - elists <li...@abbacomm.net>]

My searching came up a tad short on this...

I am guessing there is a howto already on this, I just didn't find it, so I
went digging in the internals some more.

Are all tests for DNS type RBL's in this default 20_dnsbl_tests.cf SA file?

Do I need to grep all the other files to check for where the scores are, or
is there only one default score file on this?

Whice one(s) please?

We currently have the skip_rbl_checks = 1 in local.cf

I want to change this to 0 (i.e. enabling dnsbl checks) and zero out any
default SA DNSBL type scoring, and then enable only one internal/external
DNSBL check source of our choice for testing...

Please advise and many thanks in advance

 - rh

RE: dns tests and scoring info for modification

[Robert - elists <li...@abbacomm.net>]

> 
> You probably know this, but make sure you put the zeroed-out scores in
> your local config dir (i.e. /etc/mail/spamassassin or the like) so that
> they won't be overwritten the next time you upgrade and/or run sa-update.
> 
> --
> Kelson Vibber
> SpeedGate Communications <www.speed.net>

Kelson

Thanks, I have to locate all the dns RBL stuff first.

Was looking for confirmation on that first.

I know there was a thread on it in the last 6 months, I just haven't located
it yet

 - rh

Re: dns tests and scoring info for modification

[Kelson <ke...@speed.net>]

Robert - elists wrote:
> Are all tests for DNS type RBL's in this default 20_dnsbl_tests.cf SA file?
> 
> Do I need to grep all the other files to check for where the scores are, or
> is there only one default score file on this?

If you use sa-update, there should also be some in 72_active.cf.  Either 
way, I believe all the default scores are in 50_scores.cf.

> I want to change this to 0 (i.e. enabling dnsbl checks) and zero out any
> default SA DNSBL type scoring, and then enable only one internal/external
> DNSBL check source of our choice for testing...

You probably know this, but make sure you put the zeroed-out scores in 
your local config dir (i.e. /etc/mail/spamassassin or the like) so that 
they won't be overwritten the next time you upgrade and/or run sa-update.

-- 
Kelson Vibber
SpeedGate Communications <www.speed.net>

Re: dns tests and scoring info for modification

[Matus UHLAR - fantomas <uh...@fantomas.sk>]

> > don't modify "standard" rule files.
> > 
> > instead, create a /path/to/site/rules/scores.cf (same directory where 
> > you have local.cf) and override the scores there (use a 0 score to 
> > disable a test). look at 50_scores.cf to get an idea.
> > 
> > I hope you have valid reasons to disable network tests. they are 
> > really useful.

On 04.04.08 12:59, Robert - elists wrote:
> I am not concerned with URI tests, I am concerned with dns RBL tests.

Why not using the skip_rbl_checks option then?

> We already have them off by default as we have another rbl checking system
> before it hits SA.
> 
> Much more effective to reject there.

SA checks more blacklist and they can change. IT also checks IP's in
Received: headers so it can check different thing you are checking. 

I think, even if you do RBL checks on different place, you can still use
them in SA
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool. 

Re: dns tests and scoring info for modification

[mouss <mo...@netoyen.net>]

Robert - elists wrote:
>> don't modify "standard" rule files.
>>
>> instead, create a /path/to/site/rules/scores.cf (same directory where 
>> you have local.cf) and override the scores there (use a 0 score to 
>> disable a test). look at 50_scores.cf to get an idea.
>>
>> I hope you have valid reasons to disable network tests. they are 
>> really useful.
>>     
>
> Mouss
>
> I wouldn't
>
> I am not concerned with URI tests, I am concerned with dns RBL tests.
>
> We already have them off by default as we have another rbl checking system
> before it hits SA.
>
> Much more effective to reject there.
>
> I just need to know where all the dns RBL tests are and if they are just in
> one file, or many.
>
> It appears just one file.
>   

almost all scores are in  $path/to/share/spamassassin/50_scores.cf.

# egrep "_(SBL|XBL|PBL|SPAMCOP|DSBL|SORBS|NJABL|AHBL|MAPS)" 
/path/to/share/spamassassin/50_scores.cf | grep -v URIBL | awk '{print 
"score " $2 " 0"}' > scores.cf

should do (MAPS is already disabled in the default config).
> Once I know that, then I can search out all the scoring issues and zero them
> out in local.cf or something that would not get overwritten on update.
>
> Thanks
>
>  - rh
>
>   

RE: dns tests and scoring info for modification

[Robert - elists <li...@abbacomm.net>]

> 
> don't modify "standard" rule files.
> 
> instead, create a /path/to/site/rules/scores.cf (same directory where 
> you have local.cf) and override the scores there (use a 0 score to 
> disable a test). look at 50_scores.cf to get an idea.
> 
> I hope you have valid reasons to disable network tests. they are 
> really useful.

Mouss

I wouldn't

I am not concerned with URI tests, I am concerned with dns RBL tests.

We already have them off by default as we have another rbl checking system
before it hits SA.

Much more effective to reject there.

I just need to know where all the dns RBL tests are and if they are just in
one file, or many.

It appears just one file.

Once I know that, then I can search out all the scoring issues and zero them
out in local.cf or something that would not get overwritten on update.

Thanks

 - rh

Re: dns tests and scoring info for modification

[mouss <mo...@netoyen.net>]

Robert - elists wrote:
> My searching came up a tad short on this...
>
> I am guessing there is a howto already on this, I just didn't find it, so I
> went digging in the internals some more.
>
> Are all tests for DNS type RBL's in this default 20_dnsbl_tests.cf SA file?
>
> Do I need to grep all the other files to check for where the scores are, or
> is there only one default score file on this?
>   
> Whice one(s) please?
>
> We currently have the skip_rbl_checks = 1 in local.cf
>
> I want to change this to 0 (i.e. enabling dnsbl checks) and zero out any
> default SA DNSBL type scoring, and then enable only one internal/external
> DNSBL check source of our choice for testing...
>   


don't modify "standard" rule files.

instead, create a /path/to/site/rules/scores.cf (same directory where 
you have local.cf) and override the scores there (use a 0 score to 
disable a test). look at 50_scores.cf to get an idea.

I hope you have valid reasons to disable network tests. they are really 
useful.