https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6048
--- Comment #24 from Steve Freegard <[email protected]> 2009-01-22 11:48:09 PST --- (In reply to comment #23) Thanks for the technical explanation. > I'm okay with whatever SA wants to do. I dont think URIBL ACL policy needs > to > change. With the public DNS infastructure we have, I dont see any other > effective way to stem the abuse. Just an idea - unless I'm missing something - why don't you simply move the ACLs up a level instead to the uribl.com zone so that if you blacklist an IP then it prevents the IP address from being able to query the NS records for black/grey/red.uribl.com (e.g. the nameserver returns 'REFUSED'; although NXDOMAIN might work better for negative caching) granted you'll have to wait up to 24 hours before the host will actually be prevented from querying; but it would still do what you need it to. That way the traffic stops dead at Prolexic nameservers instead of the public mirrors and everyone's happy. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
