On Thu, 24 Jul 2014 18:56:10 -0700 jdebert wrote:
> > > > > I cannot trust that the response received by sa-update is valid. > > > Is there another method to check for updates? > > > > If you really cannot trust *.updates.spamassassin.org DNS responses, > > you cannot trust *any* DNS response. Including all the DNSxLs SA > > uses by default. And rDNS rules. And your own SMTP's Received > > header. > > Wow. I never thought of that. :\ Do you have any reason to think they are modifying TXT records? I'd be surprised if they are. Typically the way this kind of thing works is that they modify negative A-record results, or the DNS for malicious sites. I don't, so far, see a reason why this need have a significant impact on SpamAssassin. It will probably affect NO_DNS_FOR_FROM. It might cause problems with DNSxL per IP limits, but that depends on how it's implemented.
