5 Dec
2011
5 Dec
'11
9:57 a.m.
Hi all
I've moved my mailserver over to my Bitfolk VPS and I've configured it to use
several spam-reducing tools. I'm also using Bitfolk's shared spamassassin
instance as described here:
http://bitfolk.com/customer_information.html#toc_3_SpamAssassin___London__UK
(many thanks for providing this, by the way!)
It occurred to me that this service might be doing some of the same things as
I've configured locally and that this might be unnecessary duplication.
I've looked for an explanation of the configuration on the wiki but I
couldn't find one. I can see from the headers on incoming spam that Bitfolk's
spamds check messages against at least bl.spamcop.net, dnsbl.sorbs.net and
psbl.surriel.com:
X-Spam-Report:
...
* 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
* 0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
* 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
...
(IP addresses redacted to protect the guilty!)
Andy / Bitfolk people: Would it be possible to list the external services
against which your Spamassassin service is configured to check so that we can
avoid double-checking them? For the record I'm adding zen.spamhaus.org to the
mix as well as doing SPF and DKIM/ADSP checking (which might be duplicating
DNS queries if Bitfolk's spamds are doing the same).
Regards
Richard.
--
http://richardskingdom.net/
Twitter: @graphiclunarkid
5 Dec
5 Dec
3:48 p.m.
Hi Richard,
On Mon, Dec 05, 2011 at 09:57:58AM +0000, Richard King wrote:
Andy / Bitfolk people: Would it be possible to list
the external services
against which your Spamassassin service is configured to check so that we can
avoid double-checking them? For the record I'm adding zen.spamhaus.org to the
mix as well as doing SPF and DKIM/ADSP checking (which might be duplicating
DNS queries if Bitfolk's spamds are doing the same).
It's just a default Debian spamassassin configuration with Bayes
disabled. Here's the relevant part of the local.cf:
ok_locales en
dns_available yes
asn_lookup asn.routeviews.org _ASN_ _ASNCIDR_
That's it. So whatever DNSBLs "dns_available" checks again. If you
know how to list those off, let me know and I will.
Personally I wouldn't be worrying about duplicating DNSBL checks
since they will come from DNS cache anyway.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
6 Dec
6 Dec
12:35 p.m.
Hi Andy
On Mon, Dec 05, 2011 at 03:48:22PM +0000, Andy Smith wrote:
Hi Richard,
On Mon, Dec 05, 2011 at 09:57:58AM +0000, Richard King wrote:
I looked up the default configuration and found this:
http://wiki.apache.org/spamassassin/DnsBlocklists
"Q: This documentation doesn't seem to cover how to configure dns-blocklists.
It says 'Support for these is built-in' but I can't believe that all free
BL's is called each time a mail is beeing checked. There must be a way to
configure which to use.
"A: ... For the latest list of DNSBLs you want to be using a recent
SpamAssassin version ... and sa-update, for the same reason that you wouldn't
use an out-of-date virus scanner..."
It seems the list of dns-blocklists changes frequently.
Andy / Bitfolk people: Would it be possible to
list the external services
against which your Spamassassin service is configured to check so that we
can
avoid double-checking them? For the record I'm adding zen.spamhaus.org to
the
mix as well as doing SPF and DKIM/ADSP checking (which might be
duplicating
DNS queries if Bitfolk's spamds are doing the same).
It's just a default Debian spamassassin configuration with Bayes
disabled. Here's the relevant part of the local.cf:
ok_locales en
dns_available yes
asn_lookup asn.routeviews.org _ASN_ _ASNCIDR_
That's it. So whatever DNSBLs "dns_available" checks again. If you
know how to list those off, let me know and I will. Personally I wouldn't be worrying about
duplicating DNSBL checks
since they will come from DNS cache anyway.
Good point.
I guess we can make our own decisions about whether to reject against
blacklists up-front (thus consuming fewer network and spamd resources) or let
spamassassin do the checking and then filter based on its report (thus
reducing the impact of false positives). Either way the DNSBL check will end
up in the DNS cache for others to use.
Thanks for your help!
Richard.
--
http://richardskingdom.net/
Twitter: @graphiclunarkid
4764
days inactive
4765
days old
2 comments
2 participants
participants (2)
-
Andy Smith -
Richard King