Maybe disable VALIDITY rule as well... They also have 10k limit in 30 days window ..
Regards,G ________________________________ From: Bill Cole <billc...@apache.org> Sent: Monday, September 23, 2024 19:03 To: SpamAssassin-Users Subject: ATTENTION: DNSWL to be disabled by default. Context: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8193 https://www.dnswl.org/?p=120 TL;DR: Rather than using an in-band signal of a special reply value to queries from blocked users, as do other DNS-Based List operators, DNSWL.org sends back a "listed high" response to all queries. I was unaware of this until bug 8193 was opened and linked to the DNSWL statement of that policy. As I write in a comment on that bug, no one should ever be using DNSBLs of any sort blindly and the onus is on the configuring user of SA to select them prudently as they all have limits. I believe this is a problem that needs fixing, but it's a change that may surprise some users. Consider yourself warned... Right now, there's a comment in 50_scores.cf (the file for manually-set scores) that I had not previously seen: # DNSWL is a commercial service that requires payment for servers over 100K queries daily. # Unfortunately, they will return true answers for DNS servers they consider abusive so # SA Admins must enable these rules manually. And yet, the scores following that comment *enables* the rules. Note that as of 2024-03-01 (as documented at the DNSWL link above) they have reduced the free limit to 10,000 queries per 30 days. A site feeding 350 messages/day to SpamAssassin will exceed that limit. That is small even for "personal" systems. Pending a discussion on the issue reaching some other consensus, I am immediately changing all those scores to zero in 50_scores.cf so that the rules WILL BE DISABLED by default as documented in the comment. I am also correcting the rate cited in that comment. This change should take effect in the rules distribution in the next couple of days. Whether or not you want to use DNSWL is very much a local choice. At 10k queries/month, MOST sites will need to either register (and likely pay DNSWL) or leave the rules disabled. b...@scconsult.com or billc...@apache.org (AKA @grumpybozo@toad.social and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
