On 12/12/11 19:50, Ted Mittelstaedt wrote:
I concur 100%. Daniel is wrong. The problem isn't
dnswl.org the problem is the person who made the decision in
SpamAssassin to have the default for the dnswl plugin ENABLED
by default. That decision has been recognized to have been a
mistake which is why SA is making an update that will
turn it off by default.
This is not a "blame the user for stupid configuration mistakes"
problem this is a "blame the software developer for a stupid
configuration mistake" And the software developer has
acknowledged it was a mistake. So why people are calling
SA users "abusive" is beyond me.
Anyone who produces software understands that the users of
the software are not as knowledgeable about whatever it is
the software does - in a word, they are ignorant. That is
why there are software developers and software users.
If the users knew as much as the developer did they could write their
own software and they wouldn't need the developers. Thus, the developer
has an obligation to be somewhat responsible in not putting
in defaults that shoot people in the foot. If those users
want to enable things that shoot themselves in the foot that
is their affair.
The SA developers understand this, I don't see why it's so difficult
a concept for others to grasp.
Ted
So does this mean SA should disable ALL network based tests by default
as they all have the same potential to return false positives/negatives
to get the attention of (abusive) sysadmins? About the only difference
is dnswl.org got to hit folks with a -5 score whereas most others would
have significantly less scoring impact available, but the potential
threat is the same.
I can understand the decision if dnswl.org have requested SA disable
lookups by default, but otherwise it's a last resort attempt to get the
attention of someone after all other reasonable efforts to communicate
the issue have failed. I personally don't think it unreasonable.
Either way, I appreciate the heads up here so we (SA users) may make the
decision whether or not to re-enable dnswl.org on our own setups.
