On Thu, 2014-07-24 at 17:32 -0700, jdebert wrote:
> Sprint, which I use for net access is hijacking DNS.
What exactly do you mean hijacking? Routing NXDOMAIN to some sort of
advertising web-server? Or serious packet-sniffing tampering with *any*
DNS query crossing their hardware?
> I cannot trust that the response received by sa-update is valid. Is
> there another method to check for updates?
If you really cannot trust *.updates.spamassassin.org DNS responses, you
cannot trust *any* DNS response. Including all the DNSxLs SA uses by
default. And rDNS rules. And your own SMTP's Received header.
In that case, I don't see how you can run SA at all, or even a trusted
SMTP MX. (Without VPN'ing out to a trusted DNS...)
And just in case your problem merely is with using your ISPs DNS server,
don't. Run your own local, caching DNS resolver (non-forwarding).
Unless we're really talking intercepting raw DNS traffic, that should
do.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
