https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6668
D. Stussy <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |software+spamassassin@kd6lv | |w.ampr.org --- Comment #16 from D. Stussy <[email protected]> 2011-10-05 20:18:14 UTC --- What DNSBLs should do is return a result which is not within the 127.0.0.0/8 subnet to indicate an answer which doesn't constitute listing -- especially if they decide not to issue a DNS RC of "refused." That way, there will be no confusion should some other DNSBL define "127.0.0.255" as a valid reply. It also works in the case of a shut down DNSBL where a valid IP address from a domain squatter is returned (especially by use of a wildcarded DNS response). As to detecting an "excessive query" condition and scoring it with a value sufficiently near zero (e.g. 0.001), I am in favor of such an approach. Future queries to any DNS based list should not happen if a given DNS list returns a "REFUSED" answer (until SA is restarted). For classic lists, a query returning an A record outside of 127/8 should also be interpreted as "refused." If "127.0.0.255" is to be treated as a special case of "refused," it should be handled by a rule on a per DNSBL basis. In other words, I suggest that this type of response is not preferred. Since classic DNSBLs are all supposed to return "127.0.0.2" for a query for IPv4 address 127.0.0.2, maybe upon SA startup, each DNSBL should be tested for the value. However, there is a good reason for not performing "unnecessary" queries. If the entire world rebooted at the same time, would the DNSBLs be DOS'ed with a flood of queries? -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
