You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2015/12/05 15:17:30 UTC
[Bug 7271] New: URIBL no longer compliant with BlackList inclusion
policy
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7271
Bug ID: 7271
Summary: URIBL no longer compliant with BlackList inclusion
policy
Product: Spamassassin
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P2
Component: Plugins
Assignee: dev@spamassassin.apache.org
Reporter: weby@we-bb.com
After being blocked by URIBL, with circa 500 messages per day (according to
postfix' logs) checked by their service, I tried to check the actual
limitations on their website.
...The only sentence I found, that describes the limits, is, quoting :
"Our public mirror infastructure consists of donated hardware and bandwidth. If
you abuse it, we will block your IP, or your nameserver IP that is producing
the excessive queries."
(http://uribl.com/about.shtml <- under "Abuse").
Now, the Blacklist inclusion policy clearly states :
"Must have a usage policy including any limits or restrictions that is clearly
documented and publicly visible using well defined terms. Terms such as "heavy
load" are not acceptable."
(https://wiki.apache.org/spamassassin/DnsBlocklistsInclusionPolicy)
I have sent an email to URIBL requesting those limits to be clearly visible on
their website, and I am awaiting for an answer.
But I think that if SpamAssassin sent the mail themselves, it would have a
bigger impact.
I also suggest SpamAssassin to remove the URIBL implementation, or at the very
least block it, until URIBL decides to comply with the policy again.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7271] URIBL no longer compliant with BlackList inclusion policy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7271
AXB <ax...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #1 from AXB <ax...@gmail.com> ---
The abuse codes are in
http://uribl.com/about.shtml#abuse
SA uses the URIBL_BLOCKED rule to notify you are abusing the free query quota
The quota applied by URIBL works for most small/medium sites.
Read http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block:
Q: My queries to a DNS-blocklist were blocked. What does this mean?
A: DNS-Blocklists often run on the "free for some" model and/or they may limit
the number of queries you can perform to maximize resources.
If you were directed to this link from a rule description, then you have a
DNS-Blocklist that is purposefully blocking your queries.
Resolving the block might be as simple as using your own non-forwarding caching
nameserver to avoid being lumped together with other users queries; setting up
your own mirror of the DNS-blocklist; or paying to use the blocklist. The
choice is up to the DNS-Blocklist administrator.
SpamAssassin supports the "free for some" model since it works for the majority
of SpamAssassin installations. However, we do not support methodologies that
purposefully return wrong answers and those DNS-Blocklists will be disabled by
default.
For further discussion, pls move this to the SA user's list
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7271] URIBL no longer compliant with BlackList inclusion policy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7271
Quanah Gibson-Mount <qu...@zimbra.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |quanah@zimbra.com
--- Comment #6 from Quanah Gibson-Mount <qu...@zimbra.com> ---
We certainly do much more than 500 messages a day, and are not blocked by
URIBL. I would guess something isn't working in the way in which you expect.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7271] URIBL no longer compliant with BlackList inclusion policy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7271
--- Comment #7 from RW <rw...@googlemail.com> ---
(In reply to Nicolas Glassey from comment #5)
> I reckon you don't know anything about me, or my technical abilities.
That's not possible unless you demonstrate an understanding of the issues,
which you do by ruling-out the obvious causes of a problem in advance.
> To answer you, I do have my own caching DNS server,
That doesn't answer me, because caching is not relevant, it's about whether
your lookups are recursive or forwarded.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7271] URIBL no longer compliant with BlackList inclusion policy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7271
Benny Pedersen <me...@junc.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |me@junc.eu
--- Comment #2 from Benny Pedersen <me...@junc.eu> ---
https://wiki.apache.org/spamassassin/DnsBlocklists
NOTE: As from SpamAssassin version 3.4 you may disable queries for any BL by
adding: (local.cf)
dns_query_restriction deny bldomain
for example:
dns_query_restriction deny sorbs.net
if your bind9 dns server supports rpz its more simple there :-)
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7271] URIBL no longer compliant with BlackList inclusion policy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7271
--- Comment #5 from Nicolas Glassey <we...@we-bb.com> ---
I reckon you don't know anything about me, or my technical abilities.
Please do know, however, that I wouldn't file such a "bug" without first
ensuring I had all the requirements met.
To answer you, I do have my own caching DNS server, it has been working for 2
years now. I can also tell you that my server hasn't been listed in any
red/grey/black list since I own it (has been in the past due to its previous
owner not being as cautious as me), that it is in a lot of good reputation
lists, that I have a DKIM signature that is working, a Dnssec on the
configuration process (waiting for my registrar to support it...), amavis
running and, of course, a full control on the outgoing mail, with no open smtp
port for unauthenticated people. And since I'm currently the only one using the
mail server (that is : having active email accounts), the probability to have
it listed anywhere is pretty slim.
I know that 500 messages per day is really small, other blocklists limit to
circa 100'000 a day, that is why I was trying to get the actual limitations
from their website.
And I don't see it a "technicality" to expect a service that is bundled with
free software to state their limitations. One should be clearly informed of
what a software can and cannot do. I don't rely heavily on URIBL, it is useful
indeed, but other people might need it.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7271] URIBL no longer compliant with BlackList inclusion policy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7271
Nicolas Glassey <we...@we-bb.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |weby@we-bb.com
--- Comment #3 from Nicolas Glassey <we...@we-bb.com> ---
Granted that this isn't really a bug, I really love how people don't even take
the time to read the entire bug report, and give answers that are totally
irrelevant.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7271] URIBL no longer compliant with BlackList inclusion policy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7271
RW <rw...@googlemail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rwmaillists@googlemail.com
--- Comment #4 from RW <rw...@googlemail.com> ---
I think removing something as useful as this on a technicality would be a bit
silly. I think the spirit of that rule is aimed at commercial services that are
trying to make a profit out of moderate users.
I doubt you are are being blocked purely for checking 500 emails a day, there's
likely some aggravating circumstance, for example you don't mention doing your
own recursive DNS look-ups
--
You are receiving this mail because:
You are the assignee for the bug.