Versions Compared

Old Version 65

changes.mady.by.user ASF Infrabot

Saved on

compared with

New Version 66

changes.mady.by.user ASF Infrabot

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: [Original edit by JohnHardin] Make local DNS server more highly recommended, fix config examples being parsed as formatting codes

...

_Note that Spamhaus is NOT free for commercial or high volume use, see: http://www.spamhaus.org/organization/dnsblusage.html_ and CachingNameserver.

SPAMCOP http://www.spamcop.net/

...

The following DNSBLs are not specifically about spam, but instead abou't about sites which break net policies and conventions... practices which are often associated with spammers.

...

Some people disable or score down the RFC Ignorant list because they get false positives from sites which aren't maintained well. Others prefer not to accept their mail.

Whitelists

The following dns DNS checks are actually for WHITE lists, or sites which are certified by someone to be a reasonable sender.

DNSWL http://www.dnswl.org/

WARNING: DNSWL imposes usage limits for free (unregistered) DNS lookups and will return false results leading to FPs if you are configured to forward DNS requests through a busy ISP nameserver which exceeds those limits. See CachingNameserver.

Sender Score Certified & Sender Score Safe List http://www.senderscorecertified.com/ (formerly Ironport Bonded Sender & Habeas Safelist)

...

If you don't want any DNSBLs used, put a line like

skip_rbl_checks 1

in your local.cf

To eliminate the use of a particular DNSBL, set the score to zero. Put lines like

score RCVD_IN_RFCI 0

score RCVD_IN_ORBS 0

score RCVD_IN_DSBL 0

in your local.cf if you don't want certain DNSBLs listed with RCVD_IN_* in 50_scores.cf to be used.

...

At present, the query trigger rule for SpamHaus looks like this:

header __RCVD_IN_ZEN eval:check_rbl('zen', 'zen.spamhaus.org.')

So to disable it you'd use:

score __RCVD_IN_ZEN 0

Q: The dns-blocklists just don't appear to be used. What is going wrong?

...

Q. Wouldn't it be a good idea to run a local nameserver anyway? So, you can run caching-nameserver to cache blocklist query results.

  1. Yes! In fact, doing this is important to avoid false results from some DNS lists (e.g. DNSWL) if you have a large ISP and, if you're running a busy mailserver, this is essential for efficiency. See CachingNameserver.

...