spamassassin-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryl C. W. O'Shea" <spamassas...@dostech.ca>
Subject Re: net mass-checks triggering (URI)DNSBL provider blocks?
Date Thu, 06 Sep 2007 03:49:10 GMT
Theo Van Dinter wrote:
> On Wed, Sep 05, 2007 at 10:16:21PM -0400, Daryl C. W. O'Shea wrote:
>> If we do more frequent --net mass-checks we may individually run the 
>> chance of being blocked by the providers of the (URI)DNSBLs such as 
>> Spamhaus.
>>
>> Has anyone been blocked to date?  Probably not given the once a week 
>> frequency.
> 
> If done correctly, this isn't an issue.  This is another benefit of
> --reuse.  :)
> 
>> Are the hit-rates of the lists high enough that the results that aren't 
>> cached by the use of --reuse low enough to fall under the block 
>> triggering level?  Either way, I guess we should get around to figuring 
> 
> You want as much as possible to be able to use --reuse.
> 
>> out a way of caching the non-hits.  I'm thinking of a method that 
> 
> It does this now, doesn't it?  IIRC, --reuse says that if there is a X-Spam-Status
> header, it's assumed all the net rules were run and so they're not run again.

Well sort of... (as below) new rules can't be distinguished from no hit 
or never tried.  Not sure why I was thinking a rule was run if there was 
no indication of it hitting before.

>> assumes you ran the rules (based on the SA version in the message 
>> header) unless you've specifically told it you don't run a particular rule.
> 
> I started working on, but never fully implemented, the NetCache plugin.
> The idea is that all network requests and responses (or lack thereof)
> would be stored as a header in the message.  Then on the mass-check run, that
> data would be used for responses.  This way, even some new rules could use
> this information depending on what they're looking for...

I had remembered you wanting to do this and had forgotten all about the 
NetCache plugin.

>> Should we look at getting zone transfers from the various providers and 
>> hosting a copy on the zone that committers could use?
> 
> That's great if we use the zone machine for DNS, that doesn't really work for
> individuals running on our own machines...  ;)

Well of course.  You'd have to forward those zones in your local caching 
server (like anyone else using rbldnsd), or transfer/rsync the zones to 
your own machine for it to be of any use.  Pretty much a non-issue 
though given that --reuse doesn't allow the queries like I was thinking.


Daryl


Mime
View raw message