On Thu, 2014-07-24 at 17:32 -0700, jdebert wrote: > Sprint, which I use for net access is hijacking DNS.
What exactly do you mean hijacking? Routing NXDOMAIN to some sort of advertising web-server? Or serious packet-sniffing tampering with *any* DNS query crossing their hardware? > I cannot trust that the response received by sa-update is valid. Is > there another method to check for updates? If you really cannot trust *.updates.spamassassin.org DNS responses, you cannot trust *any* DNS response. Including all the DNSxLs SA uses by default. And rDNS rules. And your own SMTP's Received header. In that case, I don't see how you can run SA at all, or even a trusted SMTP MX. (Without VPN'ing out to a trusted DNS...) And just in case your problem merely is with using your ISPs DNS server, don't. Run your own local, caching DNS resolver (non-forwarding). Unless we're really talking intercepting raw DNS traffic, that should do. -- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}