On Fri, 2014-07-25 at 03:30 +0200, me wrote:
> On Thu, 2014-07-24 at 17:32 -0700, jdebert wrote:
> > Sprint, which I use for net access is hijacking DNS.
> > I cannot trust that the response received by sa-update is valid. Is
> > there another method to check for updates?
Let me clarify a little.
> If you really cannot trust *.updates.spamassassin.org DNS responses, you
False results here would in almost any case simply mean failing
sa-update. The odds for false TXT records, that (a) still are a valid
revision number and (b) do not result in either lint check failure or
simply downgrade to a previous working rule set are close to zero.
In other words, no rules update with an alert via cron. Or at worst,
revert to a previous known-to-work state.
> cannot trust *any* DNS response. Including all the DNSxLs SA uses by
> default. And rDNS rules. And your own SMTP's Received header.
False responses in those cases easily can result in both, FPs and FNs.
Lot's of them.
Thus, if you cannot even trust your ISP('s DNS) to get sa-updates right,
worrying about sa-update is the least of your problems.
(Unless, again, your issue actually is not running a local resolver.)
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
