On 24-09-2024 20:43, Matthias Leisi wrote:
Root Cause Analysis (in order):
1) DNSWL does not provide blocked codes. That deviates from most
DNS-query based systems.
This is wrong.
I agree. This DNSWL website clearly defines a list of specific response
codes, otherwise spamassassin would not be able to differ between
lo/med/hi trust levels.
The special case response code "listed, hi" is no different from the
special response code tied t x_BLOCKED rules that other RBL providers
provide. Maybe Matthias can acknowledge that the code is not used for
any other purpose than the one we're talking about, i.e. signalling
severe abusive behavior?
The DNSWL approach may be non-standard, and their policy may be a bit
hazardous for people not paying attention at all, but as we say in mail
filter country: my server, my rules. DNSWL has their own set of rules.
if you want to use the service, RFTM.
Adding some changes in 'rules/25_dnswl.cf' to support this special case
seem trivial, and helps SA users to not shoot themselves in the foot:
Update 1 line:
header RCVD_IN_DNSWL_HI eval:check_rbl_sub('dnswl-firsttrusted',
'^127\.0\.\[0-9]\.3$')
Add a new rule:
header RCVD_IN_DNSWL_BLOCKED_SEVERE_ABUSE
eval:check_rbl_sub('dnswl-firsttrusted', '^127\.0\.\10\.3$')
describe RCVD_IN_DNSWL_BLOCKED_SEVERE_ABUSE ADMINISTRATOR NOTICE: The
query to DNSWL was blocked due to severe abuse. See
http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more
information.
The new rule can have an informative score, as SA can't do anything
about the situation. This will however remove the mechanism DNSWL is
trying to apply, but in the bug I don't see any discussion on that
stance. Maybe apply -2 in stead of -5 for this special case?
Or did I overlook something?
PS Not posting to the dev- list as I'm not subscribed there.
Kind regards,
Tom
