Byteplant Forum

Home » CleanMail Support » CleanMail Server Talk » DNSBL and SpamAssasin RBL
DNSBL and SpamAssasin RBL [message #1720] Thu, 31 May 2007 09:43
Joris
Messages: 7
Registered: May 2007
Junior Member
I have installed a DNSBL filter in NST wich deletes alle incoming mail from blacklisted relays.

Is it a good idea to disable RBL checks in the SpamAssasin filter? Is there a difference between the RBL checks in SpamAssasin and the working of the DNSBL filter?

Thx for your comment ...
Re: DNSBL and SpamAssasin RBL [message #1721 is a reply to message #1720] Thu, 31 May 2007 10:28 Go to previous message
support
Messages: 919
Registered: April 2004
Senior Member
Joris wrote:

> I have installed a DNSBL filter in NST wich deletes alle
> incoming mail from blacklisted relays.
>
> Is it a good idea to disable RBL checks in the SpamAssasin
> filter? Is there a difference between the RBL checks in
> SpamAssasin and the working of the DNSBL filter?

SpamcopURI (the SpamAssassin plugin looking for the URLs of spam-advertised sites within messages) still requires RBL checks to be enabled, so I'd say leave it enabled for now.



Customer Support
Byteplant GmbH
Re: DNSBL and SpamAssasin RBL [message #1722 is a reply to message #1720] Wed, 25 July 2007 16:52 Go to previous message
Jon
Messages: 15
Registered: February 2005
Junior Member
So, are you saying that the new DNSBL filter and SA's SpamcopURI plugin play subtly different roles? i.e. that DNSBL checks the sending machine, while SpamcopURI checks the content for blacklisted links? I'd always assumed they both performed the DNSBL task??

I added the DNSBL filter earlier today and am already seeing fantastic results - lots of blatant spam messages being blocked (reject/delete'd) at the gateway. Good stuff!

Jon
Re: DNSBL and SpamAssasin RBL [message #1723 is a reply to message #1720] Wed, 25 July 2007 19:26 Go to previous message
James Wilkinson
Messages: 14
Registered: July 2007
Junior Member
Four points:

One is that a conventional DNSBL lists IP addresses (e.g. 127.6.8.34), usually of computers that have sent spam, of computers that should not be sending e-mail directly (but should be sending through their ISP -- hence anything coming directly is almost certainly spam or a virus), or of networks with serious spam problems. (You have to manually set up the last category in NoSpamToday, which is a Good Thing -- they tend to catch a fair amount of non-spam).

A URIBL (NoSpamToday comes with several configured) will list domain names (URIs, or approximations thereto, such as www.quick-cheap-pills.example.com) which might be advertised in spam messages. The spams probably won't have gone anywhere near the computers which are hosting the domains, but the presence of the link makes a very good spam indicator.

Both reuse the DNS mechanism as a quick, lightweight, cacheable query mechanism, and both could be considered DNSBLs.

I believe that NoSpamToday's DNSBL *filter* doesn't handle URIBLs (while SpamAssassin does).

Secondly, a DNSBL filter is an all-or-nothing filter -- if a correspondent gets on a DNSBL, you won't get any e-mail from them until you whitelist them. Using DNSBLs in SpamAssassin, on the other hand, means that the AWL, Bayes, and local negatively-scoring rules can over-rule a DNSBL if the message really looks like non-spam. This means you don't have to place quite so much trust in the maintainers of the DNSBL (and can be more adventurous in your choice of DNSBL).

It also means that you spend more processor time running SpamAssassin. Personally, I find the trade-off worthwhile.

Thirdly, SpamAssassin will look inside Received: headers to see if a message originally came from a server on certain DNSBLs. Most DNSBL filters won't do this. (I presume NoSpamToday doesn't).

Fourthly, while NoSpamToday used the 3.2.x version of SpamAssassin, I was rather impressed with the DayOldBread URIBL, listing domains that have recently been registered. I've put the appropriate rule-set into a local .cf file.

Re: DNSBL and SpamAssasin RBL [message #1724 is a reply to message #1723] Thu, 26 July 2007 10:50 Go to previous message
support
Messages: 919
Registered: April 2004
Senior Member
Thank you for this fine summary!

Let me add that the DNSBL filter in NoSpamToday! *does* look inside all the received headers in a message.



Customer Support
Byteplant GmbH
Re: DNSBL and SpamAssasin RBL [message #1725 is a reply to message #1720] Wed, 01 August 2007 11:42 Go to previous message
Jon
Messages: 15
Registered: February 2005
Junior Member
Wow - good stuff! That is much clearer now; thank you for taking the time to explain this in such cleare detail.

Jon
Previous Topic: Rating LOG
Next Topic: Lizenznehmer
Goto Forum:
  


Current Time: Sun Dec 11 05:04:46 CET 2016