From: Anthony Howe
Date: 2009-01-22 09:43:52 -0500
Subject: Caution concerning use of uribl.com
More information..: http://www.milter.info/#Support
If you use
- uri CLI
- milter-spamc / SpamAssassin with network tests
- BarricadeMX with uri-bl and/or spamd / SpamAssasin
with network tests
then take care with the volume of queries against uribl.com lists and
their mirrors. If your load is sufficiently high, uribl.com will
discontinue service to your mail hosts by returning "always positive"
results to ALL queries. You may or may not receive a warning from
uribl.com suggesting you switch to their commercial service.
For uri CLI, milter-link, and BarricadeMX uri-bl tests that have been
configured to query uribl.com and sudden get "no-service" results
returned, this means ALL mail will be rejected. Currently there is a
unique result code of 127.0.0.255 to indicate this state, but I have my
concerns about relying on it should uribl.com (or other blacklist simply
opt to return 127.0.0.2 instead). I will however, make updates to
milter-link and BarricadeMX to attempt to detect the no-service state
and discontinue queries to uribl.com automagically.
In the case of SpamAssassin, the URIBL_* family of tests get a 2.029
score (sufficiently high to start pushing false-positives if enough
tests trigger). The SpamAssassin bug 6048 is currently discussing a
URIBL_SERVERBLOCKED rule, which may or may not be the best way to handle
While I disagree with uribl.com's broken behaviour concerning how they
signal no-service to high volume hosts, which is contrary an IETF BCP
for DNS lists I'm told, this is not the place to discuss the matter, nor
the SpamAssassin bug list. Please contact the uribl.com folks directly
to voice your complaints if you feel the need.
Anthony C Howe Twitter: SirWumpus SnertSoft
+33 6 11 89 73 78 Skype: SirWumpus BarricadeMX & Milters
http://www.snert.com/ ICQ: 7116561
Copyright 2009, 2012 by SnertSoft. All rights reserved.