DNSBL -Bset:URL mode

Vernon Schryver vjs@calcite.rhyolite.com
Tue Nov 2 15:08:24 UTC 2010


> From: Kostik 

> > "-Bset:white -Bset:URL" should work and does work for me just now in a 
> > quick test.  It seems unlikely to be widely useful, because the bad guys 
> > could include whitelisted URLs in their spam.
>
> Bit is not it. I mean, that would exclude URLs coming from the DNSBL
> blacklist. A whitelist for URLs are already in DNSBL but which for some
> reason I think is not bad.

It sounds as if you want to override a DNSBL.

I do not really understand that goal, because I think it involves
the fundamental problem with third party blacklists.  Using a third
party or outside blacklist means that you are delegating decisions
about which mail you will receive to outsiders.  Using an outside
DNSBL amounts to letting outsiders censor your mail.  I think you
should not worry about entries in the outside blacklist with which
you know you disagree, but entries that you do not know about.

Regardless of my skepticism, one way to override some entries in a
DNSBL is to edit the list while copying the entire zone to your own
DNS servers.  If the target DNSBL is available by rsync, you could use
a cron job that would fetch new versions of zone by rsync and apply
`sed` or `grep -v` to delete some entries before installing it in your
own DNS servers.

If the target DNSBL allows zone transfers, you could use a cron job
and sed or grep to generate your edited zone file from the local
copy generated by IXFR or AXFR.

Another way might be to apply a response policy zones.  Because NXDOMAIN
from most DNSBLs means "not listed," qname response policy rewriting
using a record like this should work:
   okdomain.exampe.com.dbl.spamhaus.org   CNAME  .
See
http://www.isc.org/community/blog/201007/taking-back-dns-0
http://www.google.com/search?q=vixie+dns+response+policy
ftp://ftp.isc.org/isc/dnsrpz/isc-tn-2010-1.txt


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.