Am 24.11.2015 um 20:36 schrieb David Jones:
From: Reindl Harald <h.rei...@thelounge.net> Sent: Tuesday, November 24, 2015 1:20 PM To: users@spamassassin.apache.org Subject: Re: question re/ RDNS_NONEAm 24.11.2015 um 20:16 schrieb David Jones:From: Reindl Harald <h.rei...@thelounge.net> and that is why i call it harmful to completly rely on the Received header instead doing the DNS lookup based on the IP which would have a lot of advantages:* less error prone * even when the MTA had a timeout a chance that this DNS rqeuest get answered properly, the MTA treats a timeout *completty* different and would *not* reject a mail if the answer is not an NXDOMAIN even if it is configured for reject clients without a PTR * SpamAssassin has *no clue* what the "unknown" means it could have been a timeout or a NXDOMAINdisadvantages - zero - there is no overhead for a chached DNS queryI agree with you if the SA server is configured with a local caching DNS server that is not forwarding and the /etc/resolv.conf is pointing to 127.0.0.1. We have seen a number of people ask for help on this mailing list because their DNS was not setup like this which means SA would generate a lot more queries to the ISP or Internet DNS servers compounding the problem with free usage limits on some RBLsnot true at all - the ISP server would cache anyways while at the same time you mix different things - what has the PTR query to do with any RBL?Good grief you are too literal about everything. Relax a little. I was only talking cached DNS queries in general. Someone else on the list earlier mentioned that SA uses pseudo headers to keep the DNS queries down so if the MTA did a PTR lookup, then SA did the same PTR lookup, that would be multiple queries to the ISP DNS server of which you have no control over the configuration. It could be caching things too short or to long ignoring the record TTLs or it could be returning altered responses. You never know for sure
i am relaxed if you want have control -> install a local resolverthe price which is currently paied for save a single dns query for the PTR lookup is that you also have no control *what* that "unkonwn" means, it can be anything from
* bad MTA header * DNS timeout to the resolver (which you have no control) * connectivity issues on the ISP resolver * timeouts on the autoritative nameserver for the reverse zone * network issues on the autoritative nameserver for the reverse zone * FCrDNS failure * a *real* NXDOMAIN which is the only valid RDNS_NONE triggerand they are all scored identical while a NXDOMAIn deserves a very high score, a DNS timeout a very low one because you have no clue at that moment and a no-FCrDNS deserves something between
signature.asc
Description: OpenPGP digital signature
