https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7757
Bug ID: 7757
Summary: Spamhaus zones and new return codes
Product: Spamassassin
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Rules
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: Undefined
Hello everyone,
I'd like to bring to your attention that we are planning to start using new
return codes in our zones detailing possible errors or wrong usage.
In particular, the important codes to care about are:
127.255.255.254: This means that the query is coming through a public/open
resolver, and we do not support that (please use your own recursive resolver).
Details: https://www.spamhaus.org/returnc/pub/
127.255.255.255: Excessive number of queries, meaning that your are either
exceeding the number of DNS queries for free usage of our data or using them in
violation of our TOS[1]: Details: https://www.spamhaus.org/returnc/vol/
Please note that those return codes should never be interpreted as a "ip/domain
is listed" ; they are purely informative.
I then propose adding the following rules to SA ruleset:
header RCVD_IN_ZEN_OPENDNS eval:check_rbl('zen', 'zen.spamhaus.org.',
'^127\.255\.255\.254$')
describe RCVD_IN_ZEN_OPENDNS ADMINISTRATOR NOTICE: The query to
zen.spamhaus.org was blocked due to usage of an open resolver. See
https://www.spamhaus.org/returnc/pub/
tflags RCVD_IN_ZEN_OPENDNS net
score RCVD_IN_ZEN_OPENDNS 0.001
header RCVD_IN_ZEN_BLOCKED eval:check_rbl('zen', 'zen.spamhaus.org.',
'^127\.255\.255\.255$')
describe RCVD_IN_ZEN_BLOCKED ADMINISTRATOR NOTICE: The query to
zen.spamhaus.org was blocked. See https://www.spamhaus.org/returnc/vol/
tflags RCVD_IN_ZEN_BLOCKED net
score RCVD_IN_ZEN_BLOCKED 0.001
uridnssub URIBL_ZEN_OPENDNS zen.spamhaus.org. A 127.255.255.254
describe URIBL_ZEN_OPENDNS ADMINISTRATOR NOTICE: The query to
zen.spamhaus.org was blocked due to usage of an open resolver. See
https://www.spamhaus.org/returnc/pub/
tflags URIBL_ZEN_OPENDNS net
score URIBL_ZEN_OPENDNS 0.001
uridnssub URIBL_ZEN_BLOCKED zen.spamhaus.org. A 127.255.255.255
describe URIBL_ZEN_BLOCKED ADMINISTRATOR NOTICE: The query to
zen.spamhaus.org was blocked. See https://www.spamhaus.org/returnc/vol/
tflags URIBL_ZEN_BLOCKED net
score URIBL_ZEN_BLOCKED 0.001
urirhssub URIBL_DBL_OPENDNS dbl.spamhaus.org. A 127.255.255.254
describe URIBL_DBL_OPENDNS ADMINISTRATOR NOTICE: The query to
zen.spamhaus.org was blocked due to usage of an open resolver. See
https://www.spamhaus.org/returnc/pub/
tflags URIBL_DBL_OPENDNS net
score URIBL_DBL_OPENDNS 0.001
urirhssub URIBL_DBL_BLOCKED dbl.spamhaus.org. A 127.255.255.255
describe URIBL_DBL_BLOCKED ADMINISTRATOR NOTICE: The query to
zen.spamhaus.org was blocked. See https://www.spamhaus.org/returnc/vol/
tflags URIBL_DBL_BLOCKED net
score URIBL_DBL_BLOCKED 0.001
This is just my initial proposal, I'm sure that maybe there is a more elegant
way to write those, and if you have suggestions please let's discuss.
[1] https://www.spamhaus.org/organization/dnsblusage/
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
--
You are receiving this mail because:
You are the assignee for the bug.
