On Fri, 11 Jun 2010, Karsten Br?ckelmann wrote: > On Fri, 2010-06-11 at 10:42 -0400, Andy Dills wrote: > > score URIBL_DBL_SPAM 0 > > score URIBL_DBL_ERROR 0 > > score RCVD_IN_ZEN 0 > > > > I think those are the only queries that generate lookups against Spamhaus, > > but I'm not positive. > > IIRC that doesn't disable all DNS lookups against ZEN. You'd also need > to disable the non-scoring eval() that does the actual lookup. > > meta __RCVD_IN_ZEN (0) > > You also missed XBL, PBL, and URIBL_SBL.
I misunderstood the documentation. http://wiki.apache.org/spamassassin/DnsBlocklists --- At present, the query trigger rule for SpamHaus looks like this: header RCVD_IN_ZEN eval:check_rbl('zen', 'zen.spamhaus.org.') So to disable it you'd use: score RCVD_IN_ZEN 0 --- I grepped the ruleset before I even googled, so I misunderstood that to mean that by setting that rule score, I was disabling the meta, and thus disabling the other rules that query zen.spamhaus.org (which to me seems like a reasonable design choice, so I didn't question it). Afterall, there's no longer a rule "RCVD_IN_ZEN", and I've yet to have any need to address meta rules. Which is why I didn't include any of the other tests you mention, because they all query zen. Clearly they do not, and I've explicitly scored everything to 0. > The most important argument for me to keep it enabled by default is > simple. Small organizations and home users DO NOT have the knowledge and > admin power to care about all that stuff themselves. For them, SA should > work as good a possible out of the box. On the other hand, large > organizations that generate a *substantial* amount of BL queries per day > DO have the required power to tweak SA according to their specific needs > and environment. That's fair. Except, we're not a "large organization" by any stretch of the imagination. To be fair, they've contacted me asking for feedback, which I figured I would give publically: As much as I respect that people should get compensated for their contributions, that doesn't negate the economics of value. What they're charging is unreasonable for the utility it provides. DCC is a great example of how I think it should be handled. He has a free (to all) service, and a paid (to all) service. The free service in fact generates the data from which he determines the reputations of sending IPs, which is the basis of the paid service, so it's a win-win. The more people he has querying the free product, the more his paying customers benefit. We've run a (free) DCC peer for many years now, and I can't remember Vernon ever pushing his paid service. I bet it's great, I've read about it and considered it in the past, and if I find that disabling the spamhaus queries affects FN rates, I'd more likely consider paying him to add his reputation-based scoring tool (which is certainly more valuable than "just another blacklist"). > That said, better documentation on this issue would not hurt. However... Yeah, that's probably the root of the issue. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
