Henrik K <h...@hege.li> writes: > On Thu, May 13, 2021 at 01:34:37PM -0400, Greg Troxel wrote: >> >> I wonder if it would be sensible for spamassassin to have a >> configuration option for all default-on dnsrbls (one option, applying to >> all): >> >> disabled >> auto >> enabled >> >> where the default is auto, and auto means "enabled if resolver is >> 127.0.0.1, ::1 or localhost, else disabled". > > No. Local resolver could be configured to forward everything to Google. Or > all servers could have one central nameserver in the local network.
Why does the existence of that possibility mean "no'? As it is, we have it's on by default which leads to if the resolver SA is using is just for that instance of SA and somehow local, things are ok if the resolver chains to something big, it's not ok and you have to disable dnsbl queries What I proposed merely moves the default for non-local resolver addresses, which means relatibe to the above: people with non-local resolver addresses that can be used have to enable dnsbls people with non-local resolver addresses that shouldn't be used, used to have a duty to disable and now it will be taken care of It doesn't change anything for anybody else.
signature.asc
Description: PGP signature
