Discussion:
[Assp-test] Sender: noreply+feedproxy@google.com
Paul K. Dickson
2010-01-27 14:58:52 UTC
Permalink
If that is in the headers and that address is on the whitelist, AND
whitelisted email is set not to be bayesian scanned, shouldn¹t the mail
pass????


Paul K. Dickson
Systems Administrator
Frederick County Government, IIT
***@frederickcountymd.gov
301-600-2399/x12399
Graziano
2010-01-27 18:13:17 UTC
Permalink
spamhaus RBL with public DNS like google or openDNS will return all
invalid checks
http://www.spamhaus.org/faq/answers.lasso?section=DNSBL Usage#261

So... if you are using google or openDNS for your ASSP DNS checks , you
may remove spamhaus RBL since it will not work .

Graziano
GrayHat
2010-01-27 18:24:58 UTC
Permalink
Post by Graziano
spamhaus RBL with public DNS like google or openDNS will return
all invalid checks
http://www.spamhaus.org/faq/answers.lasso?section=DNSBL Usage#261
So... if you are using google or openDNS for your ASSP DNS checks ,
you may remove spamhaus RBL since it will not work .
no surprise here, probably the number of people using those "open
resolvers" went above the "limit" so the spamhaus query rate limiter
kicked in and now all the queries return a "not listed" <g> I already
wrote about the fact that, if you're serious about your setup you should
use your own DNS resolver(s) and NOT whatever external one(s)
and btw that's what I've been doing for years now all in all setting up
a caching resolver (be it BIND, unbound or whatever floats your boat)
isn't all that difficult and would avoid you a lot of headaches (not to
say that it will ALSO allow you to play some interesting "tricks")
GrayHat
2010-01-29 08:20:39 UTC
Permalink
Post by Graziano
spamhaus RBL with public DNS like google or openDNS will return
all invalid checks
just in case, the reason for this

http://www.spamhaus.org/faq/answers.lasso?section=DNSBL#261

can be found here

http://www.spamhaus.org/organization/dnsblusage.html

if you setup your mailserver (or the DNS it uses) to forward queries
to a public resolver like (e.g.) google, opendns, level-3 and so on,
the spamhaus DNS servers hosting the DNSBLs and which will get
queried, will "see" the IP of the public resolver(s) you're using, now,
imagine a number of mailservers all around the world using some
open dns resolver, the amount of queries from the resolvers IPs
will quickly go over the SpamHaus query limit (for free usage) so
the rate limiter will kick in and all further queries will receive an
"NXDOMAIN" (aka not listed/present) answer which will in effect
make totally useless the queries to the DNSBL... uh, and by the way
the same issue applies to several other DNSBLs not just to the
spamhaus ones

Bottom line, use your own DNS resolver(s) this way the DNSBLs
will only see YOUR IPs and you'll be in control, btw, then, in case
your query rate is over the "free" limits you'll have to sign up for
a paid account and/or (better) setup your own, local, rbldnsd and
locally host copies of the DNSBL zones you want to use (and
btw this will speed up lookups a whole lot) as described here

http://www.spamhaus.org/faq/answers.lasso?section=DNSBL#204

Loading...