https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6724
--- Comment #3 from Kevin A. McGrail <[email protected]> 2011-12-13 15:14:43 UTC --- FYI, per URIBL: We block at the bind level with split horizon. So we return an NS record which resolves to 127.0.0.255. So a recursive NS would receive that NS record and have no where else to go. Effectively black holing it. Perhaps this should be changed to something other than 127.0.0.255 to avoid confusion... maybe 127.0.0.1 would be better, or 127.0.0.0. We do not respond with REFUSED at the bind level, as that just creates unnecessary added volume. The only reason we use acl.rbldnsd at the rbldnsd level is to :refuse queries that are made directly to the rbldnsd nodes. So if someone tries to bypass the split-horizon response upstream by hard-coding known good public mirrors IPs, they will still get a :refuse. So the policy differs from implementation and hopefully URIBL will follow suit with a BLOCKED rule as noted above. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
