[antispam-f] Re: Weight keyword and blocklists
- From: Frank de Bruijn <antispam@xxxxxxxxx>
- To: antispam@xxxxxxxxxxxxx
- Date: Fri, 11 Apr 2008 19:09:23 +0200
In article <4f8e6a78fdrobin@xxxxxxxxxxxxx>,
Robin Hampshire <robin@xxxxxxxxxxxxx> wrote:
> In article <4f8e618636antispam@xxxxxxxxx>,
> Frank de Bruijn <antispam@xxxxxxxxx> wrote:
> > All you need to know to *use* block lists with AntiSpam, is that you
> > shouldn't delete any messages on Weight values less than 10
> > (depending on the block list service providers used this value may
> > change, so I decided against 'hard coding' it in the program).
> Does AS contact the various DNSBL providers for every message, or does
> it download a local database for use on the fly?
Actually, the block list system uses the standard domain name system so
there's never any direct contact with the providers. The program just
asks your default nameserver for the IP address of a particular host and
the response is the block list entry [1]. This is quite fast, in my
experience (DNS queries are very small messages).
> Which providers does it use as default,
See the file !AntiSpam.Resources.!NSQ.Settings. The ones in the [DNSBL]
section are used.
> and if more than one then how does it resolve conflicts between them
> (I don't want to know on a technical level - a bit of layman's
> narrative is enough :-) )
It simply adds all the weights from all the queries together. Even if
the result is only 10 (i.e. only present in one block list), that should
be enough to act on. The providers used are well respected and quite
reliable (there's always the occasional mishap, of course - see the
start of this thread).
> Anyway, I shall try it and see what happens.
Let me know if you have more questions or if things don't (seem to) work
as expected.
In article <4f8e6d1a6erobin@xxxxxxxxxxxxx>,
Robin Hampshire <robin@xxxxxxxxxxxxx> wrote:
> Well I've tried it and it works a treat.
Good. :-)
> Many thanks.
You're welcome.
Regards,
Frank
[1] That's the 'compact' explanation. You want details? Read on...
When AntiSpam scans the Received: headers of a message and finds
something that looks like an IP address, it tells the NSQ module to send
a DNS query about the following hosts (let's assume the IP address is
11.22.33.44):
44.33.22.11.zen.spamhaus.org
44.33.22.11.bl.spamcop.net
44.33.22.11.db.wpbl.info
These queries travel along the DNS until some server can answer them.
The response will be either a code in the form of an address in the
127.x.x.x range or a message that the host isn't listed. The response is
interpreted by NSQ, using the tables in the Settings file, and returned
to AntiSpam.
AntiSpam gathers all responses to do with that message (there's usually
more than one Received: header) and acts on the Weight rule if the sum
of all responses is larger than the value given.
Other related posts:
