On Mon, 2011-10-31 at 02:33 +0000, Jeremy McSpadden wrote:
> Thanks Ned, my question being now - why create a rule that can reduce
> the spam count when the provider decides to enforce such a policy; and
> start returning incorrect queries.
It's almost irrelevant whether the score is negative or positive.
Almost, since FPs are much worse than FNs.
Anyway, the answer to that "why" would be very easy to answer yourself,
if you carefully would have read the links pointed out, and their
respective dates. And the release date of your SA version. DNSWL policy
changed just recently.
> Although I personally am not doing 100k look-ups, the DNS resolvers at
> the DC very well may.
My previous post early in this thread asked for exactly this. No
response, so merely a dangling pointer... *shrug*
> I have setup bind to do name-caching and no longer doing forwarding. I
> will continue to examine longs and monitor the system. Thanks for
> those who took the time to reply w/ enough information, rather than
> smart comments; or vague 1 liners.
Using a local caching resolver is mentioned in the wiki docs, as well as
semi frequently discussed on this list. Not only does it prevent exactly
such issues, but also speed up DNS RBL queries.
> On Oct 30, 2011, at 5:56 PM, Ned Slider wrote:
> > Now they have your attention, the solution if you want to continue
> > using DNSWL is to deploy your own local DNS caching server assuming
> > you can stay under the free usage terms, or buy a data feed, or
> > disable the DNSWL rules in SA by scoring them at zero:
Ned, you forgot to meta out __RCVD_IN_DNSWL to actually prevent the DNS
query at all.
> > all of which has previously been stated.
Yup, also mentioned previously. ;) And commonly forgot...
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
