On Tue, 8 Jul 2003, SpamAssassin wrote:
> Any ideas on how to get SpamAssassin to query one of the
> osirusoft mirrors? (Osirusoft has been experiencing
> DOS/DDOS on and off for a few weeks, but some of the other
> (not *.osirusoft.com) authoritive DNS seem to be working fine.)
>
> The SA config is as follows
> header RCVD_IN_OSIRUSOFT_COM rbleval:check_rbl('osirusoft,
> 'relays.osirusoft.com.')
>
> Seems like no way to specify the server to query,
> and the query suffix separately.
>
> I can query some of the mirrors by hand,
> (taz.net.au, allevil.dishone.st, bl2.bl.xs4all.nl)
> Question:
> Name=2.0.0.127.relays.osirusoft.com, QTYPE=ALL, QCLASS=1
> Answer Section:
> - Name=2.0.0.127.relays.osirusoft.com
> Type=A, Class=1, TTL=43200 (12 Hours), RDLENGTH=4
> IP Address=127.0.0.3
> - Name=2.0.0.127.relays.osirusoft.com
> Type=TXT, Class=1, TTL=43200 (12 Hours), RDLENGTH=48
> TXT="http://spamhaus.org/SBL/sbl.lasso?query=SBL0001";
> - Name=2.0.0.127.relays.osirusoft.com
> Type=A, Class=1, TTL=43200 (12 Hours), RDLENGTH=4
> IP Address=127.0.0.6
> - Name=2.0.0.127.relays.osirusoft.com
> Type=TXT, Class=1, TTL=43200 (12 Hours), RDLENGTH=42
> TXT="[1] TEST, see http://spews.org/ask.cgi?S1";
> ...
> Queries of 2.0.0.127.relays.osirusoft.com to taz.net.au work
> Queries of 2.0.0.127.taz.net.au to taz.net.au fail
> Queries of 2.0.0.127.relays.osirusoft.com.taz.net.au to taz.net.au fail
SA uses the standard DNS client libraries which just hand the query
to your DNS servers as configured in your resolv.conf and lets
the servers figure things out.
Rather than try to hack your SA configuration, attack this problem
at the DNS level. (i'll assume that you have a "bind" DNS server
running on some machine in your org that your SA machine sends its
queries to).
On your DNS machine, add an entry to your named.conf file that sets
up a 'type forward' zone for each zone that you wish to customize.
Then you can list an explicit set of forwarders hosts that point
to the "good" servers and ignore the "bad" ones.
Note that if you go this route, you'll have to remember to keep that
explict forwarders list up-to-date.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
