OK, we know that the popular domains like yahoo.com and such are hard coded into SA to be skipped on DNSRBL lookups. But it would be great to have a function to add more locally.
Thinking one step bigger, it would be even better to feed this a file. This way maybe SURBL can create a file for the top hit legit domains. Then using SARE and RDJ, people could update that. This would reduce a lot of traffic and time.
This might also help with the mysterious bug we have seen where some local domains are being flagged as SURBL hit, when they aren't in SURBL. Perhaps whitelisting local domains so they are skipped would do away with this.
Thoughts, suggestions, or coffee?
Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin
Chris Santerre wrote:
OK, we know that the popular domains like yahoo.com and such are hard coded into SA to be skipped on DNSRBL lookups. But it would be great to have a function to add more locally.
Thinking one step bigger, it would be even better to feed this a file. This way maybe SURBL can create a file for the top hit legit domains. Then using SARE and RDJ, people could update that. This would reduce a lot of traffic and time.
This might also help with the mysterious bug we have seen where some local domains are being flagged as SURBL hit, when they aren't in SURBL. Perhaps whitelisting local domains so they are skipped would do away with this.
Thoughts, suggestions, or coffee?
First, where's that coffee?
then: I keep a .cf file with a quite a few lines like.
uridnsbl_skip_domain ibill.com blabla.tld local-boobie-site.dom
I assume that if you pick up Jeff's white list and transform that into a .cf then we'll see the sa-blacklist effect, LOTS of ram needed. For local domains and those you see most according to your client base the above works fine (for me)
more coffee?
Alex
We run a local rbldnsd daemon on the mail server and have an update script to add/modify whitelisted domain names with a bitmask of 0 in the multi.surbl.org.rbldnsd list whenever it is rsynced. (example: "upenn.edu :127.0.0.0:Whitelisted")
This way spamd does not take up extra memory in each of its process (6 running) and just increase rbldnsd memory usage. This is redundant but it prevents against accidental blacklisting on any of the SURBLs and satisfies the business managers.
We also modify the URIDNSBL.pm in spamassassin to use DNS lookup with a local resolv.conf file containing 127.0.0.1 so that rbldnsd can run in the mail server without affecting normal DNS lookup operations. This isn't documented anywhere but it could be a useful feature to allow URIDNSBL.pm to choose the resolving hosts instead of using the system default.
On Wednesday, December 8, 2004, 8:00:40 AM, Tomo Takebe wrote:
We run a local rbldnsd daemon on the mail server and have an update script to add/modify whitelisted domain names with a bitmask of 0 in the multi.surbl.org.rbldnsd list whenever it is rsynced. (example: "upenn.edu :127.0.0.0:Whitelisted")
This way spamd does not take up extra memory in each of its process (6 running) and just increase rbldnsd memory usage. This is redundant but it prevents against accidental blacklisting on any of the SURBLs and satisfies the business managers.
If we want to locally whitelist domains or IPs, there is already a built-in URIDNSBL function for that:
http://spamassassin.apache.org/full/3.0.x/dist/rules/25_uribl.cf
# Top 125 domains whitelisted by SURBL uridnsbl_skip_domain yahoo.com w3.org msn.com com.com yimg.com uridnsbl_skip_domain hotmail.com doubleclick.net flowgo.com ebaystatic.com aol.com [...]
SpamCopURI also has a built-in whitelist function:
http://sourceforge.net/projects/spamcopuri/
whitelist_spamcop_uri *.yahoo.com
http://www.surbl.org/spamcop_uri.cf.022-updated.txt
IMO using either of these would probably be a better, simpler solution, especially since they are built in and designed for that purpose.
They both prevent those specific domains from being checked. They do not provide a negative score or bypass the message around other testing, including any other URIs that happen to be in the message. So if a message has a URI for yahoo.com and hugepillspammer.com, hugepillspammer.com will *still* get checked.
We also modify the URIDNSBL.pm in spamassassin to use DNS lookup with a local resolv.conf file containing 127.0.0.1 so that rbldnsd can run in the mail server without affecting normal DNS lookup operations. This isn't documented anywhere but it could be a useful feature to allow URIDNSBL.pm to choose the resolving hosts instead of using the system default.
A more standard way to do this is to run rbldnsd on address 127.0.0.1 and tell BIND to forward requests for multi.surbl.org over to 127.0.0.1. Please see:
http://njabl.org/rsync.html http://www.surbl.org/rbldnsd-bind-freebsd.html http://www.surbl.org/rbldnsd-howto.html
Hope this helps,
Jeff C. -- "If it appears in hams, then don't list it."
-
Alex Broens -
Chris Santerre -
Jeff Chan -
Tomo Takebe