Why is this a problem?
I understand a number of years ago when Spamhaus decided to charge they
set the former free stuff to report -everything- as spam to encourage
people to stop querying them
However, I just installed SA - using defaults - and it's not marking
every piece of mail spam. So I have to conclude that either SA removed
that rule or Spamhaus stopped doing that.
As for the rest of the commercial operators, if their go-to is to simply
block incoming queries - then why should I go to a lot of trouble to not
send them queries from a default rule in SA?
There has been a Balkanization of RBLs IMHO. The most valuable RBL is
one that everyone is not only using but everyone is feeding ham and spam
to. And querying since the RBL can use the numbers of queries coming on
in a specific IP to tell if it's spamming or not.
But the formerly free RBLs that charge money shrink the data they can
train off of as a result their RBL becomes more useless, is used by
fewer people, etc Vicious circle on the ride down to irrelevance.
If you are going to pay money to filter for spam, then you get a better
bang for the buck by paying for far more than just spam filtering, you
want to pay for virus filtering and porn filtering and a bunch of other
stuff - and RBL querying is a small art of that - you get way more bang
for the buck to pay a commercial email filtering service provider.
Whether that company is turning around and paying Spamhaus I don't know
- but I highly doubt it. I think the major commercial filters are
running their own RBL in-house.
Ted
On 4/23/2026 12:42 PM, Charles Sprickman wrote:
Hi all,
Recently another sysadmin friend and I were toying with various
(conflicting and quite old) suggestions from the Google about how to
disable all the RBLs/URIBLs that are included in spamassassin that
require payment. Most of the things we saw involved setting the score
of various spamhaus tests to "0", and as best I can tell that doesn't
work (I still see queries going out even if i don't see the warning in
the score summary of the scanned emails).
For example, we had something similar to this:
# remove spamhaus tests, they want $thousands
# need to include the first base rule or DNS still triggers but is ignored
## commented out for trial
score __RCVD_IN_ZEN 0
score RCVD_IN_SBL 0
score RCVD_IN_XBL 0
score RCVD_IN_PBL 0
score URIBL_SBL 0
score URIBL_CSS 0
score URIBL_SBL_A 0
score URIBL_CSS_A 0
score URIBL_DBL_SPAM 0
score URIBL_DBL_PHISH 0
score URIBL_DBL_MALWARE 0
score URIBL_DBL_BOTNETCC 0
score URIBL_DBL_ABUSE_SPAM 0
score URIBL_DBL_ABUSE_REDIR 0
score URIBL_DBL_ABUSE_PHISH 0
score URIBL_DBL_ABUSE_MALW 0
score URIBL_DBL_ABUSE_BOTCC 0
Another variation is this:
dns_query_restriction deny spamhaus.org
We were both working with really dated versions though, so maybe
things changed somewhere along the way.
So two hopefully very simple questions:
1 - I could have sworn there was discussion on here that resulted in
the default being to NOT query any lists that are not free or any
lists that require an account. Did I dream that? And if so, I highly
suggest you look at what Spamhaus is charging these days and
reconsider. And also at that 1 second TTL they use that sort of...
inflates the number of queries generated. For a small ISP where email
is just like a free add-on for other services or legacy customers, it
was just close to being the same we'd pay to simply outsource all
email. And it's not a full spam filtering service, just an RBL.
2 - In 4.x what is the proper method to disable spamhaus (and anything
else lurking in there I'm not aware of that will start popping
messages about query limits)? And where is that documented?
Thanks,
Charles
--
Charles Sprickman
NetEng/SysAdmin
Bway.net - New York's Best Internet www.bway.net
[email protected] - 212.982.9800
