> From: Kostik > > "-Bset:white -Bset:URL" should work and does work for me just now in a > > quick test. It seems unlikely to be widely useful, because the bad guys > > could include whitelisted URLs in their spam. > > Bit is not it. I mean, that would exclude URLs coming from the DNSBL > blacklist. A whitelist for URLs are already in DNSBL but which for some > reason I think is not bad.
It sounds as if you want to override a DNSBL. I do not really understand that goal, because I think it involves the fundamental problem with third party blacklists. Using a third party or outside blacklist means that you are delegating decisions about which mail you will receive to outsiders. Using an outside DNSBL amounts to letting outsiders censor your mail. I think you should not worry about entries in the outside blacklist with which you know you disagree, but entries that you do not know about. Regardless of my skepticism, one way to override some entries in a DNSBL is to edit the list while copying the entire zone to your own DNS servers. If the target DNSBL is available by rsync, you could use a cron job that would fetch new versions of zone by rsync and apply `sed` or `grep -v` to delete some entries before installing it in your own DNS servers. If the target DNSBL allows zone transfers, you could use a cron job and sed or grep to generate your edited zone file from the local copy generated by IXFR or AXFR. Another way might be to apply a response policy zones. Because NXDOMAIN from most DNSBLs means "not listed," qname response policy rewriting using a record like this should work: okdomain.exampe.com.dbl.spamhaus.org CNAME . See http://www.isc.org/community/blog/201007/taking-back-dns-0 http://www.google.com/search?q=vixie+dns+response+policy ftp://ftp.isc.org/isc/dnsrpz/isc-tn-2010-1.txt Vernon Schryver [email protected] _______________________________________________ DCC mailing list [email protected] http://www.rhyolite.com/mailman/listinfo/dcc
