Benny Pedersen wrote: > On søn 11 okt 2009 07:19:47 CEST, Adam Katz wrote > >> different return code to indicate the hit anyway so that I can act on it >> anyway. *Especially* while DNSWLs lack an abuse-reporting mechanism. > > spamassassin have firsttrusted for dnsbl same can go for dnswl testing > > that mean if you have none or just very few trusted_networks dnswl cant > hit if used with firsttrusted
I have a properly configured trusted_networks on my system, so last-external/firsttrusted is set up correctly. I'm not sure what else you mean. DNSWLs examine only the lastexternal relay since that's the only one you can trust as legitimate. > in case of dnswl.org send email to abuse with the ip or there id you > like to change for sending spam I sent a few such reports to the addresses that seemed applicable (it's not well documented; the site is far more geared towards getting ON the list and reminding admins that since it's a whitelist, you don't need to request removal). None of my reports gave me a response, so I stopped. As I noted in the GP, I think it is unwise to cleanse a DNSBL with a DNSWL. However, going the other way seems quite wise. > and default sa does not have much trusted_networks, where is the problem > hidded ? Please revisit the documentation. You can't ship default trusted_networks. They have to represent your own deployment's trusted edge networks, which will depend on where your network lives. Other than that use, trusted_networks can be used as a form of whitelisting, but based on your email's final line, you think that unwise. > abuse ?, http://www.dnswl.org/ i have no problem with abuse > do you refer maybe to another whitelist that are ip based ? You're lucky. Maybe you don't have users with common usernames on a 20-year-old three-letter .com domain. >> I have seen SO much DNSWL'd spam that I've had to migrate to using >> confirmation; like whitelist_from vs whitelist_auth on a DNSWL level. > > whitelist_from is a joke (read candidate for being removed in sa) > whitelist_auth is power Uh. Thanks, that was my point. >> In my khop-bl sa-update channel, any DNSWL'd message that doesn't pass >> DKIM or SPF gains a point while any that does loses 2.25 (unless it's >> already been lowered by overlapping DNSWL scores). ... actually, I'm >> surprised I gave it such a swing given spammers' increasing use of SPF >> and DKIM. > > thats why newer make such stupid meta rules :) I assume you mean "that's why I never make ..." I stand by my rules. They essentially convert DNSWLs from whitelist_from to whitelist_auth, which you've already stated is "power." > only whitelist non spammers, if a spf or dkim spams remove from whitelist > > did you blindly do whitelist_auth *...@hotmail.com ? :) Does hotmail have servers on DNS whitelists? No, it doesn't qualify. Please revisit what I said. I'm *restricting* the whitelist aspect of DNSWLs to _auth "power" and blessing that while punishing the very thing you're also condemning.
