Return-Path: X-Original-To: apmail-spamassassin-users-archive@www.apache.org Delivered-To: apmail-spamassassin-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2CE5042F8 for ; Thu, 7 Jul 2011 13:10:12 +0000 (UTC) Received: (qmail 67303 invoked by uid 500); 7 Jul 2011 13:10:09 -0000 Delivered-To: apmail-spamassassin-users-archive@spamassassin.apache.org Received: (qmail 67217 invoked by uid 500); 7 Jul 2011 13:10:08 -0000 Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@spamassassin.apache.org Received: (qmail 67210 invoked by uid 99); 7 Jul 2011 13:10:08 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jul 2011 13:10:08 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=10.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of dfs@roaringpenguin.com designates 70.38.112.54 as permitted sender) Received: from [70.38.112.54] (HELO colo3.roaringpenguin.com) (70.38.112.54) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jul 2011 13:10:03 +0000 Received: from vanadium.roaringpenguin.com (vanadium.roaringpenguin.com [192.168.10.23]) by colo3.roaringpenguin.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id p67D9gMw008639 for ; Thu, 7 Jul 2011 09:09:42 -0400 Received: from hydrogen.roaringpenguin.com (hydrogen.roaringpenguin.com [192.168.10.1]) by vanadium.roaringpenguin.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id p67D9fpc018696 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for ; Thu, 7 Jul 2011 09:09:42 -0400 Date: Thu, 7 Jul 2011 09:09:40 -0400 From: "David F. Skoll" To: users@spamassassin.apache.org Subject: Re: TTL and DNSBLs (was Re: SpamTips.org: Why run your own DNS server?) Message-ID: <20110707090940.43f76681@hydrogen.roaringpenguin.com> In-Reply-To: <20110707123948.GA14431@fantomas.sk> References: <4E1199F7.9010908@gmail.com> <4E11A960.6010305@gmail.com> <20110704092419.36e1936d@hydrogen.roaringpenguin.com> <20110705102018.GL4017@michelle1> <20110705163714.677a975b@hydrogen.roaringpenguin.com> <20110707095044.GA12105@fantomas.sk> <20110707082629.586dfdb5@shishi.roaringpenguin.com> <20110707123948.GA14431@fantomas.sk> Organization: Roaring Penguin Software Inc. X-Mailer: Claws Mail 3.7.6 (GTK+ 2.20.1; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=roaringpenguin.com; h=date :from:to:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=beta; bh=Trlm6QDaYQrY UuyrDcmMKtoNLiA=; b=ha1/0e0ylDKgl5++rZHRAPlAcdK8Z7gP1znoJnGhPbt1 ks4Ad+mA73PyfZQ36YKAmp8pxkSWN/Oj/f31rYYLT93AGPRrjKAt4zGYF2Fx1pzn e1/J1ybigp9+JZx6W6/EXqYxJ5nXjfsloW7RySd2Cf0gM6T90FeDfcDJfk4c5ME= X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.168.7.18 X-Scanned-By: MIMEDefang 2.72 on 192.168.10.23 X-Spam-Score: undef - spam scanning disabled X-CanIt-Geo: No geolocation information available for 192.168.10.23 X-CanItPRO-Stream: outgoing (inherits from default) X-CanIt-Archive-Cluster: SQVyZJxqklY5buiWXYCN4T/BjiM X-CanIt-Archived-As: base/20110707 / 01F519GpP On Thu, 7 Jul 2011 14:39:48 +0200 Matus UHLAR - fantomas wrote: > On 07.07.11 08:26, David F. Skoll wrote: > >The point is that by definition, you can't have a per-IP > >negative-cache TTL. > We can have per-IP positive cache and per-zone negative cache. That does not help. > And in case of repeating the same IP's (which happens especially with > remote mailservers) the negative cache helps much. No, it does not. I have run experiments on real mail servers. I'm not just making this up. If you like, I can send you my log analysis code so you can run the same experiments on your own mail servers. > In fact, I think that DNSBL's operators should provide the same TTL > for both positive and negative answers, that can be even as big as > 12-24h for dynamic/policy block lists. As I mentioned, it's not in their interests to do that (if they sell access to heavy users.) Additionally, though I haven't experimented very extensively, my tests show that cache effectiveness is not very sensitive to TTL. Real mail servers tend to be hit by a *lot* of different IP addresses, many of which don't repeat for hours (if ever). Regards, David.