On Thu, Jan 21, 2010 at 11:59:25AM +0100, Per Jessen wrote:
> Henrik K wrote:
>
> > On Wed, Jan 20, 2010 at 04:16:29PM +1000, Res wrote:
> >> On Wed, 20 Jan 2010, Henrik K wrote:
> >>
> >>>>>> (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}
> [3-9]\d\d+)\.\d+\.\d+\.\d+
> >>>>>
> >>>>> Thats crazy! It's wrong since 1/8 is now allocated, it also does
> >>>>> not detect most other bogon ranges, What is the point of this...
> >>>>> Another rule I now need to disable.
> >>>>
> >>>> Please open a bug...
> >>>
> >>> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6295
> >>
> >> Thanks for logging that.
> >>
> >> I do think we need a better way to catch them, including the other
> >> 20 or so plus bogon ranges it currently ignores. I can see where DNS
> >> checks would be better suited (bogons.cymru.com), or, at the very
> >> least, a ruleset, which can be updated in the "daily updates run"
> >> when new ranges are allocated.
> >
> > DNS checks would be overkill for a list that doesn't change that
> > often.
>
> Overkill yes, but "affordable", especially with results being cached.
> Personally I would favor DNS for data that _does_ change, even if only
> very rarely.
It just doesn't make sense. Do you know how many requests they would be
flooded with if it was default SA option? It would query _all_ untrusted ip
and by -clauses in Received path? How is that "affordable"?
There is even a mailing list for updates in the list (which happen only
every few months). It's hardly a problem for few SA devs to subscribe and
update as needed. It's common expectation to sa-update daily.
