spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jones <djo...@ena.com>
Subject Re: question re/ RDNS_NONE
Date Tue, 24 Nov 2015 19:36:01 GMT
>From: Reindl Harald <h.reindl@thelounge.net>
>Sent: Tuesday, November 24, 2015 1:20 PM
>To: users@spamassassin.apache.org
>Subject: Re: question re/ RDNS_NONE

>Am 24.11.2015 um 20:16 schrieb David Jones:
>>> From: Reindl Harald <h.reindl@thelounge.net>
>>> and that is why i call it harmful to completly rely on the Received
>>> header instead doing the DNS lookup based on the IP which would have a
>>> lot of advantages:
>>
>>> * less error prone
>>> * even when the MTA had a timeout a chance that this
>>>    DNS rqeuest get answered properly, the MTA treats
>>>    a timeout *completty* different and would *not*
>>>    reject a mail if the answer is not an NXDOMAIN even
>>>    if it is configured for reject clients without a PTR
>>> * SpamAssassin has *no clue* what the "unknown" means
>>>   it could have been a timeout or a NXDOMAIN
>>
>>> disadvantages - zero - there is no overhead for a chached DNS query
>>
>> I agree with you if the SA server is configured with a local caching
>> DNS server that is not forwarding and the /etc/resolv.conf is
>> pointing to 127.0.0.1.
>>
>> We have seen a number of people ask for help on this mailing
>> list because their DNS was not setup like this which means SA
>> would generate a lot more queries to the ISP or Internet DNS
>> servers compounding the problem with free usage limits on
>> some RBLs

>not true at all - the ISP server would cache anyways while at the same
>time you mix different things - what has the PTR query to do with any RBL?

Good grief you are too literal about everything.  Relax a little.
I was only talking cached DNS queries in general.  Someone else
on the list earlier mentioned that SA uses pseudo headers to keep
the DNS queries down so if the MTA did a PTR lookup, then SA did
the same PTR lookup, that would be multiple queries to the ISP
DNS server of which you have no control over the configuration.
It could be caching things too short or to long ignoring the record
TTLs or it could be returning altered responses.  You never know
for sure.
Mime
View raw message