Mailscanner RBL checks
Richard Frovarp
Richard.Frovarp at sendit.nodak.edu
Tue Aug 14 16:56:08 IST 2007
grep through the rules. URIBLs seem to be in 25_uribl.cf and DNSBLs seem
to be in 20_dnsbl_tests.cf
Vlad Mazek wrote:
> Thing is, skip_rbl_checks =1 would skip them all, I just want to
> restrict which ones are being queried.
>
> Here are the queries that are launched by MailScanner:
> [2351] dbg: dns: URIBL_RED lookup start
> [2351] dbg: dns: URIBL_GREY lookup start
> [2351] dbg: dns: WHOIS_SECUREWHOIS lookup start
> [2351] dbg: dns: WHOIS_MYPRIVREG lookup start
> [2351] dbg: dns: WHOIS_NETSOLPR lookup start
> [2351] dbg: dns: WHOIS_AITPRIV lookup start
> [2351] dbg: dns: URIBL_SC_SURBL lookup start
> [2351] dbg: dns: URIBL_AB_SURBL lookup start
> [2351] dbg: dns: WHOIS_CONTACTPRIV lookup start
> [2351] dbg: dns: WHOIS_NAMEKING lookup start
> [2351] dbg: dns: WHOIS_PRIVPROT lookup start
> [2351] dbg: dns: WHOIS_WHOISGUARD lookup start
> [2351] dbg: dns: URIBL_PH_SURBL lookup start
> [2351] dbg: dns: URIBL_BLACK lookup start
> [2351] dbg: dns: WHOIS_PRIVACYPOST lookup start
> [2351] dbg: dns: URIBL_RHS_DOB lookup start
> [2351] dbg: dns: URIBL_JP_SURBL lookup start
> [2351] dbg: dns: URIBL_WS_SURBL lookup start
> [2351] dbg: dns: URIBL_OB_SURBL lookup start
> [2351] dbg: dns: WHOIS_DMNBYPROXY lookup start
> [2351] dbg: dns: WHOIS_REGISTERFLY lookup start
> [2351] dbg: dns: WHOIS_UNLISTED lookup start
> [2351] dbg: dns: WHOIS_MONIKER_PRIV lookup start
> [2351] dbg: dns: URIBL_SBL lookup start
>
> How do I find out which rule/definition is causing all these lookups
> to launch?
>
> -Vlad
>
> On 8/9/07, *Steve Campbell* <campbell at cnpapers.com
> <mailto:campbell at cnpapers.com>> wrote:
>
> I believe you can do this, but my versions are a little old:
>
> In MailScanner.conf, try setting the following:
>
> Spam List =
> Spam Domain List =
>
> This turns off RBLs and the like in MS.
>
> In either mailscanner.cf <http://mailscanner.cf>, local.cf
> <http://local.cf>, or spam.assassin.prefs.conf, set the
> following:
> skip_rbl_checks = 1
>
> This turns off RBLs in SA.
>
> Make sure they are not commented if they already exist.
>
> I may be wrong on this, so anyone can correct me if I am.
>
> Steve Campbell
>
> Mikael Syska wrote:
> > Scott Silva wrote:
> >> Vlad Mazek spake the following on 8/9/2007 9:59 AM:
> >>
> >>> I'm sorry I am just not following; my mailscanner.cf
> <http://mailscanner.cf>
> >>> <http://mailscanner.cf> has only one line:
> >>>
> >>> dns_available yes
> >>>
> >>> Yet, it seems to be querying the external RBL's:
> >>> SpamAssassin (not cached, score= 16.885, required 5,
> >>> autolearn=disabled,
> >>> FH_RELAY_NODNS 1.25, HELO_EQ_IP_ADDR 1.12, HTML_MESSAGE 0.00,
> >>> HTML_OBFUSCATE_05_10 0.57, MIME_HTML_ONLY 1.67,
> RCVD_IN_BL_SPAMCOP_NET
> >>> 2.19, RCVD_IN_PBL 0.51, RDNS_NONE 0.10, URIBL_BLACK 1.96,
> >>> URIBL_JP_SURBL
> >>> 2.86, URIBL_OB_SURBL 2.13, URIBL_SC_SURBL 2.52
> >>>
> >>> My question is simply where/what is telling SpamAssassin to
> query all
> >>> these RBLs because my MailScanner.cf doesn't list any RBLs to
> be called
> >>> (line is commented out completely)
> >>>
> >> Spamassassin has several tests it does all by itself that are
> >> indepentent of
> >> mailscanner. Spamassassin tests rbl's and gives a score that is
> added
> >> together. When you use rbl's in mailscanner they are just
> flagged as
> >> spam if
> >> they hit, independent of how reliable a rbl might be.
> >>
> >> As you were told in the last mail, if you do not want rbl tests in
> >> spamassassin, you have to add a line for each one in
> mailscanner.cf <http://mailscanner.cf>.
> >> As an example, if you didn't want to test for
> RCVD_IN_BL_SPAMCOP_NET
> >> you add the following line;
> >> score RCVD_IN_BL_SPAMCOP_NET 0
> >>
> >> Does this clear things up a little more?
> >>
> > Little off-topic:
> > Can't the lookups be completely disabled, so its possible to
> avoid the
> > the DNS query ?
> >
> > As I understand SA, it will still make the lookup even if the
> score is
> > 0 ... or am I wrong here ?
> >
> > // ouT
>
More information about the MailScanner
mailing list