Am 10.02.2015 um 15:43 schrieb Axb:
On 02/10/2015 03:38 PM, Kevin A. McGrail wrote:On 2/9/2015 8:25 AM, Benny Pedersen wrote:uridnssub URIBL_SBL zen.spamhaus.org. A 127.0.0.2 body URIBL_SBL eval:check_uridnsbl('URIBL_SBL') describe URIBL_SBL Contains an URL's NS IP listed in the SBL blocklist tflags URIBL_SBL net reuse URIBL_SBL if (version >= 3.004000) ifplugin Mail::SpamAssassin::Plugin::URIDNSBL uridnsbl URIBL_SBL_A sbl.spamhaus.org. A body URIBL_SBL_A eval:check_uridnsbl('URIBL_SBL_A') describe URIBL_SBL_A Contains URL's A record listed in the SBL blocklist tflags URIBL_SBL_A net a endif endif can the URIBL_SBL_A not use zen.spamhaus.org A 127.0.0.2 to save one more dns request ?Seems feasible. Have you tested adding reuse to the tflags on the URIBL_SBL_A rule?URIBL_SBL_A shouldn't be "reuse"d as it includeds IPs of shared hacked servers with very short listing periods or listings which were not removed by ISPs.
i can't parse thisthe "reuse" just saves a DNS request and it don't matter if you ask "sbl.spamhaus.org" or "zen.spamhaus.org" and look if the response is 127.0.0.2 which is the whole purpose of zen.spamhaus.org
even if you would not use the "reuse" flag the local resolver would have a cachehit from one of the two requests to the next
spamhaus has anyways a very low TTL, one reason more to reduce the amount of queries given there is a usage limit without payment
http://www.spamhaus.org/zen/
URIBL_SBL_A has a huge FP potential
well, that don't change by the way how you do the request
signature.asc
Description: OpenPGP digital signature
