On Thu, 14 Sep 2006, Dhaval Patel wrote:
3. I did not clear explaination on how exactly the rbl_checks work. Can I specify which rbl to use and not use? I also could not find any information on which connections to allow on the firewall to allow these checks. Our server is not allowed to make any outgoing connections, we limit ougoing connections to certain ip/ports.
Hrm, that's going to be problematic for you. You can specify what rbls to use by enabling/disabling/writing your own rules. RBLs (and URIBLs) run via DNS.
Is there any info on how to enable/disable/write my own rules?
SpamAssassin comes with a whole bunch of rules by default. The best thing is to look at those rules and see what they're doing. There's probably real documentation somewhere, but there is so much example code that you may not need it.
So to see if an ip or hostname is in the RBL it would make a request to the RBL servers on port 53 just like DNS queries?
It's not just like regular DNS queries. It *is* a regular DNS query. It doesn't go against any extra, third-party servers. I believe SpamAssassin uses its own resolver code, but it looks at /etc/resolv.conf just like anything else and uses the nameserver (nameservers?) it finds in there.
I have my firewall setup to only allow DNS queries to go out to my DNS servers. If spamassassin tries to query another DNS server, it will fail,
That should be fine then. SpamAssassin relies on exactly the same set of servers you use right now. The DNS-based real-time blacklists are a part of the regular DNS namespace. They are just a subtree of the main hierarchy. This means your existing DNS server can query them and cache them and so on. The corollary to this is that you will need to make sure your existing DNS server can handle the load. But if you have only 15 users, you should be OK on that. :-) - Logan
