You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Richard Frovarp <Ri...@sendit.nodak.edu> on 2006/11/15 18:51:55 UTC
check_rbl and DNSBL lookups
I am trying to go through and remove some of the DNSBL lookups that are
being performed. I have found previous posts that state just set the
meta rule to a score of 0 to disable. I have also found previous posts
that state only these evals are performing lookups: check_rbl,
check_rbl_txt and check_rbl_envfrom. And that check_rbl_sub do not
perform a lookup, but use previous rules. What about check_rbl_accreditor?
Furthermore, looking in 20_dnsbl_tests.cf I see this:
header __RCVD_IN_NJABL eval:check_rbl('njabl',
'combined.njabl.org.')
header RCVD_IN_NJABL_DUL eval:check_rbl('njabl-lastexternal',
'combined.njabl.org.', '127.0.0.3')
header __RCVD_IN_SORBS eval:check_rbl('sorbs',
'dnsbl.sorbs.net.')
header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-lastexternal',
'dnsbl.sorbs.net.', '127.0.0.10')
header __RCVD_IN_SBL_XBL eval:check_rbl('sblxbl',
'sbl-xbl.spamhaus.org.')
header RCVD_IN_XBL eval:check_rbl('sblxbl-lastexternal',
'sbl-xbl.spamhaus.org.', '127.0.0.[456]')
Am I missing something? It seems to me that all of the -lastexternal
lines will perform duplicate DNS lookups from the previous line, perhaps
just a little bit later. I of course run a caching name server, but it
does seem to be an extra query and those lines could be changed into
check_rbl_sub.
Thanks,
Richard
Re: check_rbl and DNSBL lookups
Posted by Richard Frovarp <Ri...@sendit.nodak.edu>.
From what I can tell, you give a score of 0 to the check_rbl,
check_rbl_txt, and check_rbl_envfrom rules you don't want to run.
check_rbl_sub are based off of those rules. However, I have not been
able to find the documentation for this.
From my testing, you would give __RCVD_IN_SBL_XBL a score of 0 to
disable RCVD_IN_SBL. You would then need to give RCVD_IN_XBL a score of
0 to disable that lookup. From what I can tell, that list is checked
twice based off of those rules.
Richard
Jeremy Fairbrass wrote:
> A further question to this: if I want to disable one of those rules in
> 20_dnsbl_tests.cf, do I only need to give a score of 0 (in local.cf) to the
> rule with the check_rbl part, or do I need to give a score of 0 to each of
> the 'sub' rules?
>
> For example, there are three sections to the Spamhaus lookups, as follows:
>
> header __RCVD_IN_SBL_XBL eval:check_rbl('sblxbl', 'sbl-xbl.spamhaus.org.')
> describe __RCVD_IN_SBL_XBL Received via a relay in Spamhaus SBL+XBL
> tflags __RCVD_IN_SBL_XBL net
>
> header RCVD_IN_SBL eval:check_rbl_sub('sblxbl', '127.0.0.2')
> describe RCVD_IN_SBL Received via a relay in Spamhaus SBL
> tflags RCVD_IN_SBL net
>
> header RCVD_IN_XBL eval:check_rbl('sblxbl-lastexternal',
> 'sbl-xbl.spamhaus.org.', '127.0.0.[456]')
> describe RCVD_IN_XBL Received via a relay in Spamhaus XBL
> tflags RCVD_IN_XBL net
>
>
> So if I were wanting to disable them all, should I only need to give a 0
> score to __RCVD_IN_SBL_XBL (ie. the first one), or do I need to give a 0
> score to both RCVD_IN_SBL and RCVD_IN_XBL?
>
> I guess what I'm really wanting to know is, is it possible to give a 0 score
> to any rule starting with a double-underscore (__SOMETHING) in order to
> disable it? As I know that double-underscore rules are kinda special and
> don't normally count for any score in the first place.
>
> Thanks!
>
>
>
> "Richard Frovarp" <Ri...@sendit.nodak.edu> wrote in message
> news:455B53BB.80905@sendit.nodak.edu...
>
>> I am trying to go through and remove some of the DNSBL lookups that are
>> being performed. I have found previous posts that state just set the meta
>> rule to a score of 0 to disable. I have also found previous posts that
>> state only these evals are performing lookups: check_rbl, check_rbl_txt and
>> check_rbl_envfrom. And that check_rbl_sub do not perform a lookup, but use
>> previous rules. What about check_rbl_accreditor?
>>
>> Furthermore, looking in 20_dnsbl_tests.cf I see this:
>>
>> header __RCVD_IN_NJABL eval:check_rbl('njabl',
>> 'combined.njabl.org.')
>> header RCVD_IN_NJABL_DUL eval:check_rbl('njabl-lastexternal',
>> 'combined.njabl.org.', '127.0.0.3')
>> header __RCVD_IN_SORBS eval:check_rbl('sorbs',
>> 'dnsbl.sorbs.net.')
>> header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-lastexternal',
>> 'dnsbl.sorbs.net.', '127.0.0.10')
>> header __RCVD_IN_SBL_XBL eval:check_rbl('sblxbl',
>> 'sbl-xbl.spamhaus.org.')
>> header RCVD_IN_XBL eval:check_rbl('sblxbl-lastexternal',
>> 'sbl-xbl.spamhaus.org.', '127.0.0.[456]')
>>
>> Am I missing something? It seems to me that all of the -lastexternal lines
>> will perform duplicate DNS lookups from the previous line, perhaps just a
>> little bit later. I of course run a caching name server, but it does seem
>> to be an extra query and those lines could be changed into check_rbl_sub.
>>
>> Thanks,
>>
>> Richard
>>
>>
>>
>
>
>
>
>
Re: check_rbl and DNSBL lookups
Posted by Jeremy Fairbrass <jf...@hotmail.com>.
A further question to this: if I want to disable one of those rules in
20_dnsbl_tests.cf, do I only need to give a score of 0 (in local.cf) to the
rule with the check_rbl part, or do I need to give a score of 0 to each of
the 'sub' rules?
For example, there are three sections to the Spamhaus lookups, as follows:
header __RCVD_IN_SBL_XBL eval:check_rbl('sblxbl', 'sbl-xbl.spamhaus.org.')
describe __RCVD_IN_SBL_XBL Received via a relay in Spamhaus SBL+XBL
tflags __RCVD_IN_SBL_XBL net
header RCVD_IN_SBL eval:check_rbl_sub('sblxbl', '127.0.0.2')
describe RCVD_IN_SBL Received via a relay in Spamhaus SBL
tflags RCVD_IN_SBL net
header RCVD_IN_XBL eval:check_rbl('sblxbl-lastexternal',
'sbl-xbl.spamhaus.org.', '127.0.0.[456]')
describe RCVD_IN_XBL Received via a relay in Spamhaus XBL
tflags RCVD_IN_XBL net
So if I were wanting to disable them all, should I only need to give a 0
score to __RCVD_IN_SBL_XBL (ie. the first one), or do I need to give a 0
score to both RCVD_IN_SBL and RCVD_IN_XBL?
I guess what I'm really wanting to know is, is it possible to give a 0 score
to any rule starting with a double-underscore (__SOMETHING) in order to
disable it? As I know that double-underscore rules are kinda special and
don't normally count for any score in the first place.
Thanks!
"Richard Frovarp" <Ri...@sendit.nodak.edu> wrote in message
news:455B53BB.80905@sendit.nodak.edu...
>I am trying to go through and remove some of the DNSBL lookups that are
>being performed. I have found previous posts that state just set the meta
>rule to a score of 0 to disable. I have also found previous posts that
>state only these evals are performing lookups: check_rbl, check_rbl_txt and
>check_rbl_envfrom. And that check_rbl_sub do not perform a lookup, but use
>previous rules. What about check_rbl_accreditor?
>
> Furthermore, looking in 20_dnsbl_tests.cf I see this:
>
> header __RCVD_IN_NJABL eval:check_rbl('njabl',
> 'combined.njabl.org.')
> header RCVD_IN_NJABL_DUL eval:check_rbl('njabl-lastexternal',
> 'combined.njabl.org.', '127.0.0.3')
> header __RCVD_IN_SORBS eval:check_rbl('sorbs',
> 'dnsbl.sorbs.net.')
> header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-lastexternal',
> 'dnsbl.sorbs.net.', '127.0.0.10')
> header __RCVD_IN_SBL_XBL eval:check_rbl('sblxbl',
> 'sbl-xbl.spamhaus.org.')
> header RCVD_IN_XBL eval:check_rbl('sblxbl-lastexternal',
> 'sbl-xbl.spamhaus.org.', '127.0.0.[456]')
>
> Am I missing something? It seems to me that all of the -lastexternal lines
> will perform duplicate DNS lookups from the previous line, perhaps just a
> little bit later. I of course run a caching name server, but it does seem
> to be an extra query and those lines could be changed into check_rbl_sub.
>
> Thanks,
>
> Richard
>
>