Well I think the FAQ note is a good idea, since a hyperactive
DNS server wasn't the first thing I thought of when I saw
this problem. However, turning off the OpenDNS hyperactivity
does require a fixed IP address to originate the queries - I
found it easier to use OpenDNS for my desktops, and switch
to something else for the SpamAssassin server.
cheers,
Don Craig
Jeff Chan wrote:
On Wednesday, September 27, 2006, 11:17:59 PM, Donald Craig wrote:
And Theo Van Dinter pointed out:
You're not by chance using the opendns.{com,org} folks for DNS, are you?
Of course. I'm an idiot. I switched to OpenDNS a couple of weeks back.
Time to return from whence I came. Thank you,
Don Craig
I'm getting matches whenever I have an embedded URL
on URIBL_AB_SURBL and URIBL_PH_SURBL -
unless the URL is actually in URIBL_SBL, in which case the
logic for all the flavors of URIBL_XX_SURBL seems
to work correctly. I have verified the
absence of the incorrectly matching URLs from SURBL
with lookups in http://www.rulesemporium.com/cgi-bin/uribl.c
This is SpamAssassin 3.1.5, all was fine in 3.1.2.
For now I have set both those tests to 0.00.
Don Craig
Thanks for the reminder guys. I've added the following note
about OpenDNS compatibility to the SURBL FAQ:
__
http://www.surbl.org/faq.html#opendns
"I'm using OpenDNS and getting wrong answers to SURBL DNS queries
OpenDNS is a service that changes the responses to some DNS
queries in order to prevent users from visiting spam, phishing,
etc., sites. It also has a "typo correction" feature that directs
mistyped domain names to custom sites controlled by OpenDNS
instead of sites controlled by typosquatters, phishers, etc.
When using SURBLs with an OpenDNS nameserver it's important to
disable the typo correction feature, or the responses to
non-matching SURBL queries will be incorrect to a SURBL
application. The reason is that the OpenDNS nameservers return an
IP address of their own web site in those cases, and that
modified IP address will have an incorrect effect on SURBL list
identification that depends on where the bit patterns happen to
be in the modified response.
SURBLs will work with OpenDNS if their typo correction feature is
disabled on servers or clients doing SURBL queries."
__
Does that look about right?
Jeff C.
