Michael, > can we use the askdns.pm for SA 3.3 or do we have some missing dependencies? > (I noticed some rules in latest couple of saupdates: > > 20_dnsbl_tests.cf:askdns DKIMDOMAIN_IN_DWL > _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT /^([a-z]+ > )*(transaction|list|all)( [a-z]+)*$/ > 20_dnsbl_tests.cf:tflags DKIMDOMAIN_IN_DWL net nice > 20_dnsbl_tests.cf:describe DKIMDOMAIN_IN_DWL Signing domain listed in > Spamhaus DWL > 20_dnsbl_tests.cf:askdns __DKIMDOMAIN_IN_DWL_ANY > _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT > 20_dnsbl_tests.cf:tflags __DKIMDOMAIN_IN_DWL_ANY net nice > 20_dnsbl_tests.cf:describe __DKIMDOMAIN_IN_DWL_ANY Any TXT response > received from a Spamhaus DWL > 20_dnsbl_tests.cf:meta DKIMDOMAIN_IN_DWL_UNKNOWN > __DKIMDOMAIN_IN_DWL_ANY && !DKIMDOMAIN_IN_DWL > 20_dnsbl_tests.cf:tflags DKIMDOMAIN_IN_DWL_UNKNOWN net nice > 20_dnsbl_tests.cf:describe DKIMDOMAIN_IN_DWL_UNKNOWN Unrecognized > response from Spamhaus DWL > 50_scores.cf:score DKIMDOMAIN_IN_DWL 0 -3.5 0 -3.5 > 50_scores.cf:score DKIMDOMAIN_IN_DWL_UNKNOWN 0 -0.01 0 -0.01 > > looks like it combines an rbl check with a check for a valid dkim signature.
See: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6518 https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6499 > > can we use the askdns.pm for SA 3.3 or do we have some missing > > dependencies? > Dec 6 16:20:21.941 [44960] warn: plugin: eval failed: Can't call method > "is_dns_available" on unblessed reference at > /usr/local/etc/mail/spamassassin/AskDNS.pm line 300. > how to I bless it? You can't use AskDNS plugin with SA 3.3, it needs some new infrastructure that is only available with 3.4 (i.e. SVN trunk). The Spamhaus DWL lookups rule DKIMDOMAIN_IN_DWL cannot be implemented with what is available in 3.3 (unless you backport it all, effectively making it a 3.4 :) > Ok then next question. How safe is 3.4 ? It is running at several sites (mid to large sized) in production. I have more faith in 3.4 (trunk) than in 3.3.1 (or 3.3(.2) SVN): fixes bugs quicker than get approved for 3.3, and it is the version constantly under observation, at least by me. > Plus I would need to add the signing header to outgoing to have > if accepted anyway. Yes, to benefit from Spamhaus DWL as a sender, you need to have outgoing mail signed with DKIM (and apply for Spamhaus DWL whitelisting). The VBR-Info header field (RFC - Vouch By Reference) is optional though, usage policy of Spamhaus DWL does not require it. Mark
