Henrik K wrote:
> On Thu, Jan 21, 2010 at 11:59:25AM +0100, Per Jessen wrote:
>> Henrik K wrote:
>>
>> > On Wed, Jan 20, 2010 at 04:16:29PM +1000, Res wrote:
>> >> On Wed, 20 Jan 2010, Henrik K wrote:
>> >>
>> >>>>>> (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}
>> [3-9]\d\d+)\.\d+\.\d+\.\d+
>> >>>>>
>> >>>>> Thats crazy! It's wrong since 1/8 is now allocated, it also
>> >>>>> does not detect most other bogon ranges, What is the point of
>> >>>>> this... Another rule I now need to disable.
>> >>>>
>> >>>> Please open a bug...
>> >>>
>> >>> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6295
>> >>
>> >> Thanks for logging that.
>> >>
>> >> I do think we need a better way to catch them, including the other
>> >> 20 or so plus bogon ranges it currently ignores. I can see where
>> >> DNS checks would be better suited (bogons.cymru.com), or, at the
>> >> very least, a ruleset, which can be updated in the "daily updates
>> >> run" when new ranges are allocated.
>> >
>> > DNS checks would be overkill for a list that doesn't change that
>> > often.
>>
>> Overkill yes, but "affordable", especially with results being cached.
>> Personally I would favor DNS for data that _does_ change, even if
>> only very rarely.
>
> It just doesn't make sense. Do you know how many requests they would
> be flooded with if it was default SA option? It would query _all_
> untrusted ip and by -clauses in Received path? How is that
> "affordable"?
Well, it obviously depends on your setup, but even if you don't have
your own DNS, the results can be cached locally (nscd), so the overhead
is still not a lot (IMHO).
Anyway, like I said, it's just my personal preference.
/Per Jessen, Zürich
