The most pertinent stuff I found was this this Confluence page: https://cwiki.apache.org/confluence/display/SPAMASSASSIN/CachingNameserver <https://cwiki.apache.org/confluence/display/SPAMASSASSIN/CachingNameserver>
So it looks as though I have to install a primary nameserver and a secondary rbldnsd. I’m trying to translate this – Rsync the feed files into /var/lib/rbldnsd which seems to be this set dul.dnsbl.sorbs.net:ip4set:dul.dnsbl.sorbs.net http.dnsbl.sorbs.net:dnset:http.dnsbl.sorbs.net smtp.dnsbl.sorbs.net:ip4set:smtp.dnsbl.sorbs.net new.spam.dnsbl.sorbs.net:ip4set:new.spam.dnsbl.sorbs.net dnsbl-1.uceprotect.net:ip4set:dnsbl-1.uceprotect.net <http://dnsbl-1.uceprotect.net/> which is also dropped (for pdns-recursor) in forward-zones, like so dul.dnsbl.sorbs.net=127.0.0.1:530 http.dnsbl.sorbs.net=127.0.0.1:530 smtp.dnsbl.sorbs.net=127.0.0.1:530 new.spam.dnsbl.sorbs.net=127.0.0.1:530 dnsbl-1.uceprotect.net=127.0.0.1:530 Apparently, and ip4set is a set of ip4 addresses, while a dnsset is a set of domain names. I still don’t know how to translate – Rsync the feed files into /var/lib/rbldnsd And I don’t know whether I am supposed to rely only on sorbs + uceprotect, or whether I am supposed to somehow cobble similar sets together for Mailspike, SpamCop, Spamhaus ZEN, SURBL and URIBL (which circles me back to the original mail header notation which brought me here.) See https://cwiki.apache.org/confluence/display/spamassassin/DnsBlocklists#dnsbl-block <https://cwiki.apache.org/confluence/display/spamassassin/DnsBlocklists#dnsbl-block> I am impressed by the level of obscurity, not to mention the sprawling vastness of spamassassin. Further assistance is needed. — p...@ehealth.id.au “…an hour is coming when all who are in the tombs will hear his voice and come out…” > On 15 Mar 2021, at 1:29 am, John Hardin <jhar...@impsec.org> wrote: > > On Sun, 14 Mar 2021, jwmi...@gmail.com wrote: > >> Peter West writes: >> >> And You might want to fix the URIBL_BLOCKED issue. Fixing the >> URIBL_BLOCKED issue will do far more to fix your issues than adding >> rules. > > Seconded. The keywords here are "local, caching, *NON-FORWARDING* DNS server > for SpamAssassin". > > If that isn't enough to set you on the right path, search the mailing list > archives for "URIBL-BLOCKED" or "URIBL DNS" for previous discussions of this > topic. If that history isn't enough, feel free to ask for assistance. > > -- > John Hardin KA7OHZ http://www.impsec.org/~jhardin/ > jhar...@impsec.org pgpk -a jhar...@impsec.org > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > ----------------------------------------------------------------------- > Failure to plan ahead on someone else's part does not constitute > an emergency on my part. -- David W. Barts in a.s.r > ----------------------------------------------------------------------- > Today: Daylight Saving Time begins in U.S. - Spring Forward
