Re: [courier-users] RBL answers

[Sam Varshavchik]

David Niklas writes:


On Fri, 24 Mar 2017 16:41:35 -0400
Sam Varshavchik  wrote:
>
> I think they're smart enough to understand how DNS works. I don't need
> to tell them that.
>
> I can't quite put my finger on why exactly I believe that this would be
> a waste of energy, trying to fight it. Call it a sixth sense, of sorts,
> of me being involved in this industry for a while.

If I brought the matter before them referencing this thread would you
mind?
(Not that I don't have better things to do but it's worth a try...)


Feel free. This is a public mailing list. I always thought that it was quite  
silly for anyone on a public mailing list, that's probably archived and  
searchable in a bunch of places, to have some kind of an issue with their  
public scribblings being forwarded all over the place.


pgpZLSQjf6heo.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RBL answers

[David Niklas]

On Fri, 24 Mar 2017 16:41:35 -0400
Sam Varshavchik  wrote:
> David Niklas writes:
> 
> > On 03/10/2017(Fri) 15:35  
> > > That's the other thing that the blacklists definitely don't want:
> > > excessi ve queries. Making two queries instead of one will put extra
> > > load on the blacklists, and slow down your mail delivery.  
> > Well isn't that what they want, two quires instead of one?  
> 
> No. From the looks of it, they want either an A or a TXT query.
> 
> > > That's why I think that getting rid of ANY is counter-productive.
> > > But, it 's their call to make, so we'll go with that.  
> > Why not tell them that courier has a valid use case for the ANY
> > query?  
> 
> I think they're smart enough to understand how DNS works. I don't need
> to tell them that.
> 
> I can't quite put my finger on why exactly I believe that this would be
> a waste of energy, trying to fight it. Call it a sixth sense, of sorts,
> of me being involved in this industry for a while.

If I brought the matter before them referencing this thread would you
mind?
(Not that I don't have better things to do but it's worth a try...)

Thanks,
David

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RBL answers

[Sam Varshavchik]

David Niklas writes:


On 03/10/2017(Fri) 15:35
> That's the other thing that the blacklists definitely don't want:
> excessi ve queries. Making two queries instead of one will put extra
> load on the blacklists, and slow down your mail delivery.
Well isn't that what they want, two quires instead of one?


No. From the looks of it, they want either an A or a TXT query.


> That's why I think that getting rid of ANY is counter-productive. But,
> it 's their call to make, so we'll go with that.
Why not tell them that courier has a valid use case for the ANY query?


I think they're smart enough to understand how DNS works. I don't need to  
tell them that.


I can't quite put my finger on why exactly I believe that this would be a  
waste of energy, trying to fight it. Call it a sixth sense, of sorts, of me  
being involved in this industry for a while.






pgpkOv8TlGNkS.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RBL answers

[Matus UHLAR - fantomas]

>On 03/10/2017(Fri) 15:35
>Sam Varshavchik  wrote:
>> SZÉPE Viktor writes:
>>
>> > Idézem/Quoting Sam Varshavchik :
>> >
>> > > In the long run this will be counterproductive, since the existing
>> > > blacklists will now result in a generic "Access denied." bounces,
>> > > instead of the blacklist-provided message that will point back to
>> > > the blacklist. But, it's their decision to make.
>> >
>> > I think Courier should issue an A query and if it is positive than a
>> > TXT one to get the description.
>> >
>> > What do you think about it?
>>
>> That's the other thing that the blacklists definitely don't want:
>> excessi ve queries. Making two queries instead of one will put extra
>> load on the blacklists, and slow down your mail delivery.
>Well isn't that what they want, two quires instead of one?
>
>> That's why I think that getting rid of ANY is counter-productive. But,
>> it 's their call to make, so we'll go with that.


On 24.03.17 16:09, David Niklas wrote:
>Why not tell them that courier has a valid use case for the ANY query?

why do you think they would listen?
They need to learn the hard way...

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RBL answers

[David Niklas]

On 03/10/2017(Fri) 15:35
Sam Varshavchik  wrote:
> SZÉPE Viktor writes:
> 
> > Idézem/Quoting Sam Varshavchik :
> >  
> > > In the long run this will be counterproductive, since the existing
> > > blacklists will now result in a generic "Access denied." bounces,
> > > instead of the blacklist-provided message that will point back to
> > > the blacklist. But, it's their decision to make.  
> >
> > I think Courier should issue an A query and if it is positive than a
> > TXT one to get the description.
> >
> > What do you think about it?  
> 
> That's the other thing that the blacklists definitely don't want:
> excessi ve queries. Making two queries instead of one will put extra
> load on the blacklists, and slow down your mail delivery.
Well isn't that what they want, two quires instead of one?

> That's why I think that getting rid of ANY is counter-productive. But,
> it 's their call to make, so we'll go with that.
Why not tell them that courier has a valid use case for the ANY query?


Thanks,
David

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RBL answers

[Sam Varshavchik]

Matus UHLAR - fantomas writes:


>Is it worth considering A and TXT record lookups rather than ANY, given
>the request to stop sending requests for ANY result?  Might that request
>indicate that requests for ANY will not be supported in the future?

I got angry in the past at cloudflare for the stupid draft and already
blocked a domain using their DNS because of that.


I agree that this is somewhat dumb, and stupid. I understand the underlying  
technical factors. But it's still dumb, and stupid. Things have been working  
just fine, as is, for decades, with those same technical factors being  
present and everyone simply ignoring them. Nobody cares.


This is nothing more than some pointy-headed academician, or a bunch of  
them, suddenly figuring out the problem with ANY that nobody cared about,  
ever, and thinks that he is the first one, ever, to figure it out, and this  
is nothing more than a public demonstration of how smart these boneheads,  
who are pushing for this, are. Because, see, they're smarter than everyone  
else, for figuring out this horrible flaw in DNS's design.


But this is a battle that I cannot win. There will come a point that the  
blacklist operators will realize their short-sightedness in backing this  
idiocy. But, by that point, there will be nothing that they will be able to  
do about it. The cat's already out of the bag.




pgpi_Z_v1ew9s.pgp
Description: PGP signature
--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RBL answers

[Matus UHLAR - fantomas]

On 10.03.17 10:51, Gordon Messmer wrote:
>I was checking the RBL queries and answers on a server this morning,
>when I noticed this in the responses:
> Please stop asking for ANY.See draft-ietf-dnsop-refuse-any
>
>Both spamhaus and abuseat provide this text in their replies to
>Courier's RBL lookups.

I have checked spamhaus now, and it returns:

;; QUESTION SECTION:
;242.241.43.39.zen.spamhaus.org.IN  ANY

;; ANSWER SECTION:
242.241.43.39.zen.spamhaus.org. 900 IN  TXT 
"https://www.spamhaus.org/query/ip/39.43.241.242;
242.241.43.39.zen.spamhaus.org. 900 IN  A   127.0.0.11
242.241.43.39.zen.spamhaus.org. 900 IN  A   127.0.0.4

>Is it worth considering A and TXT record lookups rather than ANY, given
>the request to stop sending requests for ANY result?  Might that request
>indicate that requests for ANY will not be supported in the future?

I got angry in the past at cloudflare for the stupid draft and already
blocked a domain using their DNS because of that.

I really think I should publish "digany" script that will dig for any
supported RRs so I _will_ be able to look at all configured records, if
anyone's so stupid to disable ANY queries...

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete

--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RBL answers

[Alessandro Vesely]

On Fri 10/Mar/2017 21:00:23 +0100 SZÉPE Viktor wrote:
> Idézem/Quoting Sam Varshavchik :
>> Gordon Messmer writes:
>>
>>> I was checking the RBL queries and answers on a server this morning,
>>> when I noticed this in the responses:
>>> Please stop asking for ANY.See draft-ietf-dnsop-refuse-any
>>
>> Right now you can explicitly specify a message, to issue an A query:
>>
>> "-block=zen.spamhaus.org,Go away!"
> 
> I think Courier should issue an A query and if it is positive than a  
> TXT one to get the description.
> 
> What do you think about it?

Rather than "Go away!" one can refer to the RBL, e.g. something like:

"-block=zen.spamhaus.org,BLOCK1,\"550 Rejected - see 
http://www.spamhaus.org/query/bl?ip=@\";
(I copied the line above from my current settings.
Check http://www.courier-mta.org/couriertcpd.html#idm255210649136)

Couriertcpd replaces @ by IP;  I guess that needs to be better documented.

hth
Ale
-- 






















--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RBL answers

[Sam Varshavchik]

SZÉPE Viktor writes:


Idézem/Quoting Sam Varshavchik :

> In the long run this will be counterproductive, since the existing
> blacklists will now result in a generic "Access denied." bounces,
> instead of the blacklist-provided message that will point back to
> the blacklist. But, it's their decision to make.

I think Courier should issue an A query and if it is positive than a
TXT one to get the description.

What do you think about it?


That's the other thing that the blacklists definitely don't want: excessive  
queries. Making two queries instead of one will put extra load on the  
blacklists, and slow down your mail delivery.


That's why I think that getting rid of ANY is counter-productive. But, it's  
their call to make, so we'll go with that.




pgp22qgBGRjND.pgp
Description: PGP signature
--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RBL answers

[SZÉPE Viktor]

Idézem/Quoting Sam Varshavchik :

> Gordon Messmer writes:
>
>> I was checking the RBL queries and answers on a server this morning,
>> when I noticed this in the responses:
>> Please stop asking for ANY.See draft-ietf-dnsop-refuse-any
>>
>> Both spamhaus and abuseat provide this text in their replies to
>> Courier's RBL lookups.
>>
>> Is it worth considering A and TXT record lookups rather than ANY, given
>> the request to stop sending requests for ANY result?  Might that request
>> indicate that requests for ANY will not be supported in the future?
>
> Right now you can explicitly specify a message, to issue an A query:
>
> "-block=zen.spamhaus.org,Go away!"
>
> and this will result in an A query instead of an ANY.
>
> ANY was a convenient way to get both an IP address code from the  
> blocklist, as well as the blacklist-provided custom message.
>
> The referenced document is a general DNS document, not particular to  
> blacklists. But, because they're returning this response, this means  
> they're on board with this, and don't want ANY requests. Have to  
> respect that.
>
> I'll change the logic to always request for A record, unless the  
> custom message is explicitly set to '*', which will result in a TXT  
> query.
>
> In the long run this will be counterproductive, since the existing  
> blacklists will now result in a generic "Access denied." bounces,  
> instead of the blacklist-provided message that will point back to  
> the blacklist. But, it's their decision to make.

I think Courier should issue an A query and if it is positive than a  
TXT one to get the description.

What do you think about it?



SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
-- 
+36-20-4242498  s...@szepe.net  skype: szepe.viktor
Budapest, III. kerület





--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RBL answers

[Sam Varshavchik]

Gordon Messmer writes:


I was checking the RBL queries and answers on a server this morning,
when I noticed this in the responses:
 Please stop asking for ANY.See draft-ietf-dnsop-refuse-any

Both spamhaus and abuseat provide this text in their replies to
Courier's RBL lookups.

Is it worth considering A and TXT record lookups rather than ANY, given
the request to stop sending requests for ANY result?  Might that request
indicate that requests for ANY will not be supported in the future?


Right now you can explicitly specify a message, to issue an A query:

"-block=zen.spamhaus.org,Go away!"

and this will result in an A query instead of an ANY.

ANY was a convenient way to get both an IP address code from the blocklist,  
as well as the blacklist-provided custom message.


The referenced document is a general DNS document, not particular to  
blacklists. But, because they're returning this response, this means they're  
on board with this, and don't want ANY requests. Have to respect that.


I'll change the logic to always request for A record, unless the custom  
message is explicitly set to '*', which will result in a TXT query.


In the long run this will be counterproductive, since the existing  
blacklists will now result in a generic "Access denied." bounces, instead of  
the blacklist-provided message that will point back to the blacklist. But,  
it's their decision to make.






pgp7NNXww7zjl.pgp
Description: PGP signature
--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RBL answers

[Gordon Messmer]

On 03/10/2017 11:00 AM, SZÉPE Viktor wrote:
> CloudFlare is also retiring ANY queries.
>
> https://blog.cloudflare.com/deprecating-dns-any-meta-query-type/

"We aware of only two programs that issue ANY queries:
 Un-patched versions qmaild..."

I laughed at that one.  :)

--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RBL answers

[SZÉPE Viktor]

CloudFlare is also retiring ANY queries.

https://blog.cloudflare.com/deprecating-dns-any-meta-query-type/


Idézem/Quoting Gordon Messmer :

> I was checking the RBL queries and answers on a server this morning,
> when I noticed this in the responses:
>  Please stop asking for ANY.See draft-ietf-dnsop-refuse-any
>
> Both spamhaus and abuseat provide this text in their replies to
> Courier's RBL lookups.
>
> Is it worth considering A and TXT record lookups rather than ANY, given
> the request to stop sending requests for ANY result?  Might that request
> indicate that requests for ANY will not be supported in the future?
>
> --
> Announcing the Oxford Dictionaries API! The API offers world-renowned
> dictionary content that is easy and intuitive to access. Sign up for an
> account today to start using our lexical data to power your apps and
> projects. Get started today and enter our developer competition.
> http://sdm.link/oxford
> ___
> courier-users mailing list
> courier-users@lists.sourceforge.net
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users



SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
-- 
+36-20-4242498  s...@szepe.net  skype: szepe.viktor
Budapest, III. kerület





--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users