Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
[Spamhaus Notice] Reminder of changes to the Spamhaus beta Domain Blocklist & request for feedback
riccardo.alfieri at spamteq
Dec 15, 2021, 12:00 PM
Post #1 of 7 (770 views)
Permalink
We’d like to say a big “thank you” to all of you who have been testing
the beta version of the Spamhaus Domain Blocklist (DBL) with hostnames.

How are you getting on with it? Have you encountered issues? Are you
noticing a reduction in false positives with the abused-legit component
of the DBL? How’s the plug-in (with the recommended configuration
changes) working for you?

If you could find the time to let us know we would really appreciate it.

REMINDER - Access to the beta version of the DBL with hostnames is
through the free Public Mirrors until January 31st, 2022. However, when
it moves to production on February 1st, 2022, it will only be available
via the Data Query Service (DQS) or rsync, i.e., not the Public Mirrors.
The DQS is available for free to non-commercial users;
_https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account/_.


This means that if you have changed your plug-in config to test the beta
DBL you will need to upgrade it to use the production DBL. An updated
plug-in will be released on Jan 11^th , 2022. We will continue to make
the beta zone available for two weeks after the Production version of
the blocklist goes live to provide time to ensure these config changes
are made.

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/
Re: [Spamhaus Notice] Reminder of changes to the Spamhaus beta Domain Blocklist & request for feedback [ In reply to ]
gtaylor at tnetconsulting
Dec 15, 2021, 1:42 PM
Post #2 of 7 (770 views)
Permalink
On 12/15/21 1:00 PM, Riccardo Alfieri wrote:
> We’d like to say a big “thank you” to all of you who have been testing
> the beta version of the Spamhaus Domain Blocklist (DBL) with hostnames.

:-)

You're welcome. Thank you for making it available.

> How are you getting on with it? Have you encountered issues? Are you
> noticing a reduction in false positives with the abused-legit component
> of the DBL? How’s the plug-in (with the recommended configuration
> changes) working for you?
>
> If you could find the time to let us know we would really appreciate it.

I've noticed a small down turn in the amount of spam entering my
personal systems. My personal systems are small enough that I don't
have good counters of before / after to share.

> This means that if you have changed your plug-in config to test the beta
> DBL you will need to upgrade it to use the production DBL. An updated
> plug-in will be released on Jan 11^th , 2022.

Will free / non-commercial DQS subscribers need to do anything other
than upgrading the plugin come January 11th?

Am I correct in assuming that you will be sending out notification(s)
around the time you make the changes on January 11th?

> We will continue to make the beta zone available for two weeks after
> the Production version of the blocklist goes live to provide time to
> ensure these config changes are made.

What will happen to the beta zone after the two week window? Will it
remain with increasingly stale data? Will the zone be emptied to start
answering as if nothing was listed? Will it have a wildcard to start
inducing false positives a la. fail hard / fail fast? Again, just
trying to set my expectations.

Thank you again.



--
Grant. . . .
unix || die

Attached Files:

Re: [Spamhaus Notice] Reminder of changes to the Spamhaus beta Domain Blocklist & request for feedback [ In reply to ]
riccardo.alfieri at spamteq
Dec 16, 2021, 8:35 AM
Post #3 of 7 (766 views)
Permalink
Hi Grant,

On 15/12/21 22:42, Grant Taylor wrote:
>
> I've noticed a small down turn in the amount of spam entering my
> personal systems.  My personal systems are small enough that I don't
> have good counters of before / after to share.
Good to hear
>
> Will free / non-commercial DQS subscribers need to do anything other
> than upgrading the plugin come January 11th?
You will just need to update the plugin
>
> Am I correct in assuming that you will be sending out notification(s)
> around the time you make the changes on January 11th?
We'll send probably another reminder before 11/01 , and for sure one on
the 11th itself.
>
> What will happen to the beta zone after the two week window?  Will it
> remain with increasingly stale data?  Will the zone be emptied to
> start answering as if nothing was listed?  Will it have a wildcard to
> start inducing false positives a la. fail hard / fail fast?  Again,
> just trying to set my expectations.
We'll follow what is suggested here:
https://datatracker.ietf.org/doc/html/rfc6471#section-3.4

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/
Re: [Spamhaus Notice] Reminder of changes to the Spamhaus beta Domain Blocklist & request for feedback [ In reply to ]
dominic at timedicer
Jan 4, 2022, 4:38 AM
Post #4 of 7 (758 views)
Permalink
On 15/12/2021 20:00, Riccardo Alfieri wrote:
> We’d like to say a big “thank you” to all of you who have been testing
> the beta version of the Spamhaus Domain Blocklist (DBL) with hostnames.
>
> How are you getting on with it? Have you encountered issues? Are you
> noticing a reduction in false positives with the abused-legit component
> of the DBL? How’s the plug-in (with the recommended configuration
> changes) working for you?
>
> If you could find the time to let us know we would really appreciate it...
I haven't tried using the new plug-in with SA, but I have been using the
list in a postfix restriction list (in place of
redacted.dbl.dq.spamhaus.net) on several of my mailservers:

reject_rhsbl_sender redacted.dbl-beta.dq.spamhaus.net=127.0.[0..2].[0..255]
reject_rhsbl_reverse_client
redacted.dbl-beta.dq.spamhaus.net=127.0.[0..2].[0..255]
reject_rhsbl_helo redacted.dbl-beta.dq.spamhaus.net=127.0.[0..2].[0..255]

Since I started in early December 2021 these restrictions have not
caught any incoming mail, whereas the same but using dbl.dq.spamhaus.net
on another of my mail servers continue to pick up many (with minimal fps).

Am I doing something wrong, or is this expected behaviour?
Re: [Spamhaus Notice] Reminder of changes to the Spamhaus beta Domain Blocklist & request for feedback [ In reply to ]
riccardo.alfieri at spamteq
Jan 4, 2022, 5:17 AM
Post #5 of 7 (758 views)
Permalink
On 04/01/22 13:38, Dominic Raferd wrote:

> I haven't tried using the new plug-in with SA, but I have been using
> the list in a postfix restriction list (in place of
> redacted.dbl.dq.spamhaus.net) on several of my mailservers:
>
> reject_rhsbl_sender
> redacted.dbl-beta.dq.spamhaus.net=127.0.[0..2].[0..255]
> reject_rhsbl_reverse_client
> redacted.dbl-beta.dq.spamhaus.net=127.0.[0..2].[0..255]
> reject_rhsbl_helo redacted.dbl-beta.dq.spamhaus.net=127.0.[0..2].[0..255]
>
> Since I started in early December 2021 these restrictions have not
> caught any incoming mail, whereas the same but using
> dbl.dq.spamhaus.net on another of my mail servers continue to pick up
> many (with minimal fps).
>
> Am I doing something wrong, or is this expected behaviour?
>
Hi,

you are not supposed to use the abused-legit component of DBL in
Postfix, because the target of that DNSBL is to list abused websites
mostly seen in the email body, that are often used as redirectors to
more spammy domains. Doing the rejections your way can unfortunately
only lead to more FPs

The correct way to do it is by checking the URLs in the email body,
either by using our plugin or in some other ways.

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/
Re: [Spamhaus Notice] Reminder of changes to the Spamhaus beta Domain Blocklist & request for feedback [ In reply to ]
riccardo.alfieri at spamteq
Jan 4, 2022, 5:51 AM
Post #6 of 7 (758 views)
Permalink
On 04/01/22 13:38, Dominic Raferd wrote:

>
> reject_rhsbl_sender
> redacted.dbl-beta.dq.spamhaus.net=127.0.[0..2].[0..255]
> reject_rhsbl_reverse_client
> redacted.dbl-beta.dq.spamhaus.net=127.0.[0..2].[0..255]
> reject_rhsbl_helo redacted.dbl-beta.dq.spamhaus.net=127.0.[0..2].[0..255]
>
>
A quick addon to what I wrote before..  I noticed that you are using the
wrong hostname :) The correct one, for the time being and up until the
beta ends, is dbl-beta.spamhaus.org

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/
Re: [Spamhaus Notice] Reminder of changes to the Spamhaus beta Domain Blocklist & request for feedback [ In reply to ]
dominic at timedicer
Jan 4, 2022, 8:01 AM
Post #7 of 7 (758 views)
Permalink
On 04/01/2022 13:51, Riccardo Alfieri wrote:
> On 04/01/22 13:38, Dominic Raferd wrote:
>
>> reject_rhsbl_sender
>> redacted.dbl-beta.dq.spamhaus.net=127.0.[0..2].[0..255]
>> reject_rhsbl_reverse_client
>> redacted.dbl-beta.dq.spamhaus.net=127.0.[0..2].[0..255]
>> reject_rhsbl_helo redacted.dbl-beta.dq.spamhaus.net=127.0.[0..2].[0..255]
>>
>>
> A quick addon to what I wrote before..  I noticed that you are using the
> wrong hostname :) The correct one, for the time being and up until the
> beta ends, is dbl-beta.spamhaus.org
>
Ah yes, which explains why there were no resulting blocks. But I am now
trying the modified SA plug-in instead.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal