You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2011/08/21 23:38:04 UTC
[Bug 6652] New: Enable/disable DNS lookups by domain
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6652
Bug #: 6652
Summary: Enable/disable DNS lookups by domain
Product: Spamassassin
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: spamassassin
AssignedTo: dev@spamassassin.apache.org
ReportedBy: jhardin@impsec.org
Classification: Unclassified
As an alternative to disabling individual DNS rules, add a configuration option
like:
nodnsquery spamhaus.org
which would disable any DNS lookup against any spamhaus,org subdomain.
A corresponding "enable" config would probably be prudent:
dnsquery spamhaus,org
...in case dev feel certain DNS lookups should be shipped as part of the base
rules but disabled by default, and require the end-user admin to explicitly
enable them.
Rationale: it's tedious to find all of the individual DNS lookup rules, and
more could be added via sa-update at any time.
Inspired by Marc Perkel.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6652] Enable/disable DNS lookups by domain
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6652
Mark Martinec <Ma...@ijs.si> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
Target Milestone|Undefined |3.4.0
--- Comment #2 from Mark Martinec <Ma...@ijs.si> ---
This was made possible by option dns_query_restriction,
probably in version 3.4.0. Closing.
dns_query_restriction (allow|deny) domain1 domain2 ...
Option allows disabling of rules which would result in a DNS query
to one of the listed domains. The first argument must be a literal
"allow" or "deny", remaining arguments are domains names.
Most DNS queries (with some exceptions) are subject to
dns_query_restriction. A domain to be queried is successively
stripped-off of its leading labels (thus yielding a series of its
parent domains), and on each iteration a check is made against an
associative array generated by dns_query_restriction options.
Search stops at the first match (i.e. the tightest match), and the
matching entry with its "allow" or "deny" value then controls
whether a DNS query is allowed to be launched.
If no match is found an implicit default is to allow a query. The
purpose of an explicit "allow" entry is to be able to override a
previously configured "deny" on the same domain or to override an
entry (possibly yet to be configured in subsequent config
directives) on one of its parent domains. Thus an 'allow
zen.spamhaus.org' with a 'deny spamhaus.org' would permit DNS
queries on a specific DNS BL zone but deny queries to other zones
under the same parent domain.
Domains are matched case-insensitively, no wildcards are
recognized, there should be no leading or trailing dot.
Specifying a block on querying a domain name has a similar effect
as setting a score of corresponding DNSBL and URIBL rules to zero,
and can be a handy alternative to hunting for such rules when a
site policy does not allow certain DNS block lists to be queried.
Example:
dns_query_restriction deny dnswl.org surbl.org
dns_query_restriction allow zen.spamhaus.org
dns_query_restriction deny spamhaus.org mailspike.net spamcop.net
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6652] Enable/disable DNS lookups by domain
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6652
Frank Urban <fr...@commerzbank.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |frank.urban@commerzbank.com
--- Comment #1 from Frank Urban <fr...@commerzbank.com> 2011-12-14 12:28:19 UTC ---
Good idear.
I have the same problem to disable spamhaus
Today I need to put this all in my local.cf
score RCVD_IN_SBL 0
score RCVD_IN_XBL 0
score RCVD_IN_PBL 0
score RCVD_IN_ZEN 0
score __RCVD_IN_ZEN 0
score URIBL_SBL 0
score URIBL_SBL_A 0
score URIBL_DBL_SPAM 0
score URIBL_DBL_REDIR 0
score URIBL_DBL_ERROR 0
to disable spamhaus
in the last rule update it seemed taht the rule URIBL_SBL was renamed to
URIBL_SBL_A and a new rule was added.
So I needed again to add new lines for that
score URIBL_SBL_A 0
score URIBL_DBL_REDIR 0
this all would be much easyer is there would be a way to disable the whole DNS
lookup to *.spamhaus.org
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.