disabling rfci (dns_from_rfc*) - SpamAssassin

This is a discussion on disabling rfci (dns_from_rfc*) - SpamAssassin ; header DNS_FROM_RFC_DSN eval:check_rbl_sub('rfci_envfrom', '127.0.0.2') header DNS_FROM_RFC_BOGUSMX eval:check_rbl_sub('rfci_envfrom', '127.0.0.8') header __DNS_FROM_RFC_POST eval:check_rbl_sub('rfci_envfrom', '127.0.0.3') header __DNS_FROM_RFC_ABUSE eval:check_rbl_sub('rfci_envfrom', '127.0.0.4') header __DNS_FROM_RFC_WHOIS eval:check_rbl_sub('rfci_envfrom', '127.0.0.5') I know I can disable DNS_FROM_RFC_DSN and DNS_FROM_RDF_BOGUSMX by setting scores to 0. but since __DNS_FROM_RFC_POST|ABUSE|WHOIS are metarules, do I ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: disabling rfci (dns_from_rfc*)

  1. disabling rfci (dns_from_rfc*)

    header DNS_FROM_RFC_DSN eval:check_rbl_sub('rfci_envfrom',
    '127.0.0.2')
    header DNS_FROM_RFC_BOGUSMX eval:check_rbl_sub('rfci_envfrom',
    '127.0.0.8')
    header __DNS_FROM_RFC_POST eval:check_rbl_sub('rfci_envfrom',
    '127.0.0.3')
    header __DNS_FROM_RFC_ABUSE eval:check_rbl_sub('rfci_envfrom',
    '127.0.0.4')
    header __DNS_FROM_RFC_WHOIS eval:check_rbl_sub('rfci_envfrom',
    '127.0.0.5')


    I know I can disable DNS_FROM_RFC_DSN and DNS_FROM_RDF_BOGUSMX by
    setting scores to 0.
    but since __DNS_FROM_RFC_POST|ABUSE|WHOIS are metarules, do I disable
    them (prevent even the dns lookups) buy setting score to 0?
    (aren't meta rules already score 0?)

    also, since there are no rules anywhere anymore that reference
    _POST|ABUSE|WHOIS , shouldn't they be removed anyway?

    --
    Michael Scheidell, President
    Main: 561-999-5000, Office: 561-939-7259
    > *| *SECNAP Network Security Corporation

    Winner 2008 Technosium hot company award.
    www.technosium.com/hotcompanies/

    __________________________________________________ _______________________
    This email has been scanned and certified safe by SpammerTrap(r).
    For Information please see http://www.spammertrap.com
    __________________________________________________ _______________________


  2. Re: disabling rfci (dns_from_rfc*)

    Michael Scheidell wrote:
    > header DNS_FROM_RFC_DSN eval:check_rbl_sub('rfci_envfrom',
    > '127.0.0.2')
    > header DNS_FROM_RFC_BOGUSMX eval:check_rbl_sub('rfci_envfrom',
    > '127.0.0.8')
    > header __DNS_FROM_RFC_POST eval:check_rbl_sub('rfci_envfrom',
    > '127.0.0.3')
    > header __DNS_FROM_RFC_ABUSE eval:check_rbl_sub('rfci_envfrom',
    > '127.0.0.4')
    > header __DNS_FROM_RFC_WHOIS eval:check_rbl_sub('rfci_envfrom',
    > '127.0.0.5')
    >
    >
    > I know I can disable DNS_FROM_RFC_DSN and DNS_FROM_RDF_BOGUSMX by
    > setting scores to 0.
    > but since __DNS_FROM_RFC_POST|ABUSE|WHOIS are metarules, do I disable
    > them (prevent even the dns lookups) buy setting score to 0?
    > (aren't meta rules already score 0?)

    rules starting with __ have no score, which is not the same as a score
    of 0. If you explicitly set them to 0, it disables them.
    >
    > also, since there are no rules anywhere anymore that reference
    > _POST|ABUSE|WHOIS , shouldn't they be removed anyway?
    >

    They have little cost, so it's not really necessary. If you want to
    disable the DNS lookup to RFCI, you must zero the score of the rule that
    uses check_rbl, not the ones that use check_rbl_sub. All the "_sub"
    rules do is check the existing result generated by the original rule.


+ Reply to Thread