On 02/10/2015 03:55 PM, Reindl Harald wrote:
Am 10.02.2015 um 15:43 schrieb Axb:
On 02/10/2015 03:38 PM, Kevin A. McGrail wrote:
On 2/9/2015 8:25 AM, Benny Pedersen wrote:
uridnssub URIBL_SBL zen.spamhaus.org. A 127.0.0.2
body URIBL_SBL eval:check_uridnsbl('URIBL_SBL')
describe URIBL_SBL Contains an URL's NS IP listed in the
SBL blocklist
tflags URIBL_SBL net
reuse URIBL_SBL
if (version >= 3.004000)
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
uridnsbl URIBL_SBL_A sbl.spamhaus.org. A
body URIBL_SBL_A eval:check_uridnsbl('URIBL_SBL_A')
describe URIBL_SBL_A Contains URL's A record listed in
the SBL blocklist
tflags URIBL_SBL_A net a
endif
endif
can the URIBL_SBL_A not use zen.spamhaus.org A 127.0.0.2
to save one more dns request ?
Seems feasible. Have you tested adding reuse to the tflags on the
URIBL_SBL_A rule?
URIBL_SBL_A shouldn't be "reuse"d as it includeds IPs of shared hacked
servers with very short listing periods or listings which were not
removed by ISPs.
i can't parse this
the "reuse" just saves a DNS request and it don't matter if you ask
"sbl.spamhaus.org" or "zen.spamhaus.org" and look if the response is
127.0.0.2 which is the whole purpose of zen.spamhaus.org
even if you would not use the "reuse" flag the local resolver would have
a cachehit from one of the two requests to the next
spamhaus has anyways a very low TTL, one reason more to reduce the
amount of queries given there is a usage limit without payment
http://www.spamhaus.org/zen/
URIBL_SBL_A has a huge FP potential
well, that don't change by the way how you do the request
have you tested URIBL_SBL_A using zen. instead of sbl. ?
can you and Benny confirm it works?
Please open a bug so we have a documented change.
(including the rule you used)
