Re: URIBL_BLOCKED - which one?

Fri, 13 Oct 2017 06:17:37 -0700 

On 10/13/2017 08:01 AM, Reindl Harald wrote:



Am 13.10.2017 um 14:57 schrieb David Jones:

To disable queries to multi.uribl.com, put this in your local.cf or 
equivalent in /etc/mail/spamassassin:


score URIBL_BLACK 0
score URIBL_GREY 0
score URIBL_RED 0


Based on my mail flow and other RBLs, I didn't miss this RBL when I 
disabled it years ago.  It may be valuable to some but Spamhaus and 
IVM do most of the heavy lifting on my mail filters



terrible bad idea and not a solution at all when likely his server is 
not using 127.0.0.1 as the only DNS and so other RBL's also won#t work 
as expected - when you see URIBL_BLACK you have a problem which needs to 
be solved and not burried





His server's /etc/resolv.conf could be pointed to 127.0.0.1 and still 
have too high of volume to hit URLBL_BLOCKED like mine was years ago.



But yes, make sure you have unbound setup and working properly and 
/etc/resolv.conf is pointing to 127.0.0.1.  Then do a manual query to 
127.0.0.1 to confirm it's working:


# dig @127.0.0.1 test.dbl.spamhaus.org

;; ANSWER SECTION:
test.dbl.spamhaus.org.  60      IN      A       127.0.1.2


be sure i scored it not to 6.5 just for fun based on a 8.0 milter-reject 
score


BLOCKED: 1512
URIBL_BLACK: 512

[root@mail-gw:~]$ sa-score.sh URIBL_BLACK
/usr/share/spamassassin
score URIBL_BLACK 0 1.7 0 1.7 # n=0 n=2

/var/lib/spamassassin/3.004001/updates_spamassassin_org
score URIBL_BLACK 0 1.7 0 1.7 # n=0 n=2

/etc/mail/spamassassin/local-*.cf
score URIBL_BLACK 6.5



Like I said, disabling URIBL didn't impact my mail filtering because of 
other RBLs and my specific mail flow.  Different mail flow from 
different locations around the world/Internet will cause SA to be a 
little different for everyone.  There's no one-size-fits-all with mail 
filtering and SA but we have common issues like URIBL_BLOCKED that are 
generally solved the same way.  If your volume is low enough, you can 
keep it and setup your local DNS server to do full recursive lookups. 
If you volume is too high for their free usage limit, then disable it an 
use other RBLs that could be better for your locale.


--
David Jones






















					Reply via email to