On Mon, 8 Oct 2007, Rob McEwen wrote:
Therefore, I recommend that you re-think your choices here! Don't let your
quest for "guaranteed long-term perfection" keep you from making
**substantial** progress today!
Rob,
Then help rally the SA team to include those RBLs that you mentioned in
the stock config.
Also, rally them to update the documentation on the wiki on how to
configure SA for third-party DNSBL's, because it
blows (and refers to years-old versions of SA). Yes, I know the point of
a wiki is that ANYONE can update it, but I'm not about to update it with
information I don't understand for certain.
((Q: This documentation doesn't seem to cover how to configure
dns-blocklists. It says "Support for these is built-in" but I can't
believe that all free BL's is called each time a mail is beeing checked.
There must be a way to configure which to use.
A: You're right. You might look at the [WWW] Mail::SpamAssassin::Conf
documentation page which I admit doesn't really say how to configure which
DNSBL to use, or the rules file [WWW] 20_dnsbl_tests.cf, for internal
details, but no clear examples of how to configure the inclusion of
various DNSBLs either. For the latest list of DNSBLs you want to be using
SpamAssassin version 2.63 or 3.0.0-pre2, for the same reason that you
wouldn't use an out-of-date virus scanner, but that also doesn't really
have anything to do with the question.))
Finally, rally them to pay attention to the topic I'm proposing here,
which is: allow users to run their own RBL + feeder so that they can
auto-rbl and floodgate themselves (and yes, it allows me to combine your
corpus, plus my corpus, plus HIS corpus) in a scoring config, which is
FUN...or it lets you say, quite simply "SA said you sent too much spam,
now sendmail won't listen for X hours per spam run".
<soapbox>
While I've had a long history of getting decent responses from the
developers on this list some of the time -- nobody has managed to answer
the questions I've asked in the previous thread:
* can we do something with the ironport headers
* can we do something with the SPF softfail which my MTA registered but SA
didn't (and why didn't it?)
* can we do something with the X-Originating-IP: 127:1 (is it a legit
header, or is it there to evade filters?)
* can we fix something about the DKIM_POLICY_SIGNSOME,
* and after I changed the topic: Can we get a plugin that lets us feed our
own blocklists, currently I get dictionary floods that are enough to
overload SA (even right now).
and many is the time I've just sent an email out to this list on a given
topic, seen a lack of useful answer, and shrugged it off.
</soapbox>
--
"Check it out, it's just like Christmas. Except it sucks."
-Jason Seguerra, 3/2/05
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------