Context:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8193
https://www.dnswl.org/?p=120
TL;DR: Rather than using an in-band signal of a special reply value to
queries from blocked users, as do other DNS-Based List operators,
DNSWL.org sends back a "listed high" response to all queries. I was
unaware of this until bug 8193 was opened and linked to the DNSWL
statement of that policy. As I write in a comment on that bug, no one
should ever be using DNSBLs of any sort blindly and the onus is on the
configuring user of SA to select them prudently as they all have limits.
I believe this is a problem that needs fixing, but it's a change that
may surprise some users. Consider yourself warned...
Right now, there's a comment in 50_scores.cf (the file for manually-set
scores) that I had not previously seen:
# DNSWL is a commercial service that requires payment for servers over
100K queries daily.
# Unfortunately, they will return true answers for DNS servers they
consider abusive so
# SA Admins must enable these rules manually.
And yet, the scores following that comment *enables* the rules. Note
that as of 2024-03-01 (as documented at the DNSWL link above) they have
reduced the free limit to 10,000 queries per 30 days. A site feeding 350
messages/day to SpamAssassin will exceed that limit. That is small even
for "personal" systems.
Pending a discussion on the issue reaching some other consensus, I am
immediately changing all those scores to zero in 50_scores.cf so that
the rules WILL BE DISABLED by default as documented in the comment. I am
also correcting the rate cited in that comment. This change should take
effect in the rules distribution in the next couple of days.
Whether or not you want to use DNSWL is very much a local choice. At 10k
queries/month, MOST sites will need to either register (and likely pay
DNSWL) or leave the rules disabled.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
