You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2013/03/28 19:56:34 UTC
[Bug 6922] New: DNSWL queries should use local data if possible
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6922
Bug ID: 6922
Summary: DNSWL queries should use local data if possible
Product: Spamassassin
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Rules
Assignee: dev@spamassassin.apache.org
Reporter: vesely@tana.it
Classification: Unclassified
Rules hard code 'list.dnswl.org' in the eval:check_rbl(). That string has to
be hardcoded somewhere, but possibly not there. Or, alternatively,
DNSEval::check_rbl() could verify whether an indirection exists.
The reason for this ticket is that if the server has a local copy of
dnswl.org's database for local lookups, it has no simple way to use it with
spamassassin.
In addition, a server can have already looked up the IP of the sending relay,
for example in order to whitelist SPF failures. A second lookup won't hurt
only when the server has a local caching DNS and no local copy of dnswl.
Recent betas of the Courier-MTA server can register the lookup in an
Authentication-Results: header field. That result could be retrieved using the
code attached to bug #6918 and no lookup at all.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6922] DNSWL queries should use local data if possible
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6922
Darxus <Da...@ChaosReigns.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #4 from Darxus <Da...@ChaosReigns.com> ---
> Yup, that works. Obvious as it may seem, one needs to leave skip_rbl_checks
Great.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6922] DNSWL queries should use local data if possible
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6922
Darxus <Da...@ChaosReigns.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |Darxus@ChaosReigns.com
--- Comment #1 from Darxus <Da...@ChaosReigns.com> ---
So you have the dnswl data in a local DNS Server? Can't you just copy and
paste the dnswl rules into your local.cf and replace the host name in them?
Maybe just the one that actually contains the host name?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6922] DNSWL queries should use local data if possible
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6922
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@pccc.com
--- Comment #2 from Kevin A. McGrail <km...@pccc.com> ---
(In reply to comment #1)
> So you have the dnswl data in a local DNS Server? Can't you just copy and
> paste the dnswl rules into your local.cf and replace the host name in them?
> Maybe just the one that actually contains the host name?
Or just a forward statement in your bind configuration to query your RBLDNSD
server? Is that your issue?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6922] DNSWL queries should use local data if possible
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6922
Alessandro Vesely <ve...@tana.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vesely@tana.it
--- Comment #3 from Alessandro Vesely <ve...@tana.it> ---
(In reply to comment #2)
> (In reply to comment #1)
> > So you have the dnswl data in a local DNS Server? Can't you just copy and
> > paste the dnswl rules into your local.cf and replace the host name in them?
> > Maybe just the one that actually contains the host name?
Yup, that works. Obvious as it may seem, one needs to leave skip_rbl_checks at
its default value for this to take effect. For BLACK lists, it is
straightforward that if the server had looked them up already and found a
positive result, then it would have rejected the message then.
> Or just a forward statement in your bind configuration to query your RBLDNSD
> server? Is that your issue?
I tried and interpret http://www.dnswl.org/tech#bind and set a non-global name
like so:
zone "dnswl.local" {
type forward;
forward only;
forwarders { 127.0.0.1 port 54; };
};
Then, for rbldnsd, I put -b 127.0.0.1/54.
My understanding is that if I had put "list.dnswl.org" instead, I would have
obscured the resolution for dnswl.org. For comparison, the setting for
Courier-MTA is -allow=dnswl.local=list.dnswl.org so that it knows both what to
query and what that means. With such setting, in the message headers I can
get:
Authentication-Results: wmail.tana.it;
dnswl=pass dns.zone=list.dnswl.org
policy.ip=127.0.4.3
policy.txt="apache.org http://dnswl.org/s?s=3084"
thus, reading the result directly from the message header could be yet another
possibility. What you think?
--
You are receiving this mail because:
You are the assignee for the bug.