Re: [PLUG] spamassassin help: create a rule to score by sender TLD

[Rich Kulawiec <rsk@gsp.org>]

On Sun, Oct 23, 2016 at 11:25:14PM -0400, Greg Helledy wrote:
> I have written to Arvixe about this; they control that, not me.

Yep.  Good move.  They *should* understand the need for FCrDNS on
anything that's a mail server, and well, on anything that's a server
in general.  Hopefully they'll fix it ASAP.  (And they should do it for
free.  It's one line of typing.)

> Well, we've never generated any spam, but apparently one can get on a list
> even so.  

That's true, you can.  There are hundreds of DNSBLs out there, each with
their own criteria.  (RFC 5782 discusses the general idea of DNSBLs
in depth and is a good read, by the way.)  Some DNSBLs leave entries in
place indefinitely; some don't.  Some DNSBLs escalate listings from single
IP addresses to blocks of them; some don't.  Some DNSBLs evaluate entire
providers and treat them as a single entity; some don't.  Some DNSBLs
list domains (in which case they're sometimes referred  to as a RHSBL:
RHS for right-hand-side, since domains appear to the right of the @ in
an Internet-style email address.)

And so on.  There's no requirement for any DNSBL to use any particular
policy, but it's pretty clear that they should use the policy that they
say they do...so that anyone choosing to use the DNSBL is getting what
they think they are.

I followed up the listing I found for you yesterday, and you can ignore it.
You're on the AHBL, which is defunct and -- hopefully -- no longer used by
anyone, because they decided to wildcard all addresses.  (To explain:
shutting down a DNSBL turns out to be a tricky thing, because lots of
people don't pay attention to their own logs.  They'll continue to reference
a DNSBL in their mail system configuration indefinitely.  This in turn means 
that DNS queries will continue to arrive at the DNSBL host.  Sometimes LOTS
of DNS queries.  This causes problems.  So one approach used by some DNSBLs,
after they've exhausted every means they have to get people to stop using
them, is to wildcard every address, in the hope that those folks still
using them will notice, investigate, and remove them from their mail
system configuration.  This is a somewhat controversial tactic, because
of the adverse consequences, but nobody is obligated to run a DNSBL
forever and nobody is obligated to accomodate mail system operators who
aren't paying attention to their own servers.)  Since you're not seeing
any of those adverse consequences, that either means (a) nobody you're
sending mail to uses the AHBL or (b) nobody you're sending mail to uses
the AHBL as a single accept/reject criteria.

In either case, like I said, you can ignore it.  Sufficient time has passed
since the AHBL put the wildcard in that if you were going to have problems,
you would have had them by now.

---rsk
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug