RBL answers

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

RBL answers

Gordon Messmer-2
I was checking the RBL queries and answers on a server this morning,
when I noticed this in the responses:
     Please stop asking for ANY.See draft-ietf-dnsop-refuse-any

Both spamhaus and abuseat provide this text in their replies to
Courier's RBL lookups.

Is it worth considering A and TXT record lookups rather than ANY, given
the request to stop sending requests for ANY result?  Might that request
indicate that requests for ANY will not be supported in the future?

------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: RBL answers

Szépe Viktor
CloudFlare is also retiring ANY queries.

https://blog.cloudflare.com/deprecating-dns-any-meta-query-type/


Idézem/Quoting Gordon Messmer <[hidden email]>:

> I was checking the RBL queries and answers on a server this morning,
> when I noticed this in the responses:
>      Please stop asking for ANY.See draft-ietf-dnsop-refuse-any
>
> Both spamhaus and abuseat provide this text in their replies to
> Courier's RBL lookups.
>
> Is it worth considering A and TXT record lookups rather than ANY, given
> the request to stop sending requests for ANY result?  Might that request
> indicate that requests for ANY will not be supported in the future?
>
> ------------------------------------------------------------------------------
> Announcing the Oxford Dictionaries API! The API offers world-renowned
> dictionary content that is easy and intuitive to access. Sign up for an
> account today to start using our lexical data to power your apps and
> projects. Get started today and enter our developer competition.
> http://sdm.link/oxford
> _______________________________________________
> courier-users mailing list
> [hidden email]
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users



SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
+36-20-4242498  [hidden email]  skype: szepe.viktor
Budapest, III. kerület





------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: RBL answers

Gordon Messmer-2
On 03/10/2017 11:00 AM, SZÉPE Viktor wrote:
> CloudFlare is also retiring ANY queries.
>
> https://blog.cloudflare.com/deprecating-dns-any-meta-query-type/

"We aware of only two programs that issue ANY queries:
     Un-patched versions qmaild..."

I laughed at that one.  :)

------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: RBL answers

Sam Varshavchik
In reply to this post by Gordon Messmer-2
Gordon Messmer writes:

> I was checking the RBL queries and answers on a server this morning,
> when I noticed this in the responses:
>      Please stop asking for ANY.See draft-ietf-dnsop-refuse-any
>
> Both spamhaus and abuseat provide this text in their replies to
> Courier's RBL lookups.
>
> Is it worth considering A and TXT record lookups rather than ANY, given
> the request to stop sending requests for ANY result?  Might that request
> indicate that requests for ANY will not be supported in the future?
Right now you can explicitly specify a message, to issue an A query:

"-block=zen.spamhaus.org,Go away!"

and this will result in an A query instead of an ANY.

ANY was a convenient way to get both an IP address code from the blocklist,  
as well as the blacklist-provided custom message.

The referenced document is a general DNS document, not particular to  
blacklists. But, because they're returning this response, this means they're  
on board with this, and don't want ANY requests. Have to respect that.

I'll change the logic to always request for A record, unless the custom  
message is explicitly set to '*', which will result in a TXT query.

In the long run this will be counterproductive, since the existing  
blacklists will now result in a generic "Access denied." bounces, instead of  
the blacklist-provided message that will point back to the blacklist. But,  
it's their decision to make.




------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

attachment0 (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: RBL answers

Szépe Viktor
Idézem/Quoting Sam Varshavchik <[hidden email]>:

> Gordon Messmer writes:
>
>> I was checking the RBL queries and answers on a server this morning,
>> when I noticed this in the responses:
>>     Please stop asking for ANY.See draft-ietf-dnsop-refuse-any
>>
>> Both spamhaus and abuseat provide this text in their replies to
>> Courier's RBL lookups.
>>
>> Is it worth considering A and TXT record lookups rather than ANY, given
>> the request to stop sending requests for ANY result?  Might that request
>> indicate that requests for ANY will not be supported in the future?
>
> Right now you can explicitly specify a message, to issue an A query:
>
> "-block=zen.spamhaus.org,Go away!"
>
> and this will result in an A query instead of an ANY.
>
> ANY was a convenient way to get both an IP address code from the  
> blocklist, as well as the blacklist-provided custom message.
>
> The referenced document is a general DNS document, not particular to  
> blacklists. But, because they're returning this response, this means  
> they're on board with this, and don't want ANY requests. Have to  
> respect that.
>
> I'll change the logic to always request for A record, unless the  
> custom message is explicitly set to '*', which will result in a TXT  
> query.
>
> In the long run this will be counterproductive, since the existing  
> blacklists will now result in a generic "Access denied." bounces,  
> instead of the blacklist-provided message that will point back to  
> the blacklist. But, it's their decision to make.

I think Courier should issue an A query and if it is positive than a  
TXT one to get the description.

What do you think about it?



SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
+36-20-4242498  [hidden email]  skype: szepe.viktor
Budapest, III. kerület





------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: RBL answers

Sam Varshavchik
SZÉPE Viktor writes:

> Idézem/Quoting Sam Varshavchik <[hidden email]>:
>
> > In the long run this will be counterproductive, since the existing
> > blacklists will now result in a generic "Access denied." bounces,
> > instead of the blacklist-provided message that will point back to
> > the blacklist. But, it's their decision to make.
>
> I think Courier should issue an A query and if it is positive than a
> TXT one to get the description.
>
> What do you think about it?
That's the other thing that the blacklists definitely don't want: excessive  
queries. Making two queries instead of one will put extra load on the  
blacklists, and slow down your mail delivery.

That's why I think that getting rid of ANY is counter-productive. But, it's  
their call to make, so we'll go with that.


------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

attachment0 (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: RBL answers

Alessandro Vesely
In reply to this post by Szépe Viktor
On Fri 10/Mar/2017 21:00:23 +0100 SZÉPE Viktor wrote:

> Idézem/Quoting Sam Varshavchik <[hidden email]>:
>> Gordon Messmer writes:
>>
>>> I was checking the RBL queries and answers on a server this morning,
>>> when I noticed this in the responses:
>>>     Please stop asking for ANY.See draft-ietf-dnsop-refuse-any
>>
>> Right now you can explicitly specify a message, to issue an A query:
>>
>> "-block=zen.spamhaus.org,Go away!"
>
> I think Courier should issue an A query and if it is positive than a  
> TXT one to get the description.
>
> What do you think about it?

Rather than "Go away!" one can refer to the RBL, e.g. something like:

"-block=zen.spamhaus.org,BLOCK1,\"550 Rejected - see http://www.spamhaus.org/query/bl?ip=@\""
(I copied the line above from my current settings.
Check http://www.courier-mta.org/couriertcpd.html#idm255210649136)

Couriertcpd replaces @ by IP;  I guess that needs to be better documented.

hth
Ale
--






















------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: RBL answers

Matus UHLAR - fantomas
In reply to this post by Gordon Messmer-2
On 10.03.17 10:51, Gordon Messmer wrote:
>I was checking the RBL queries and answers on a server this morning,
>when I noticed this in the responses:
>     Please stop asking for ANY.See draft-ietf-dnsop-refuse-any
>
>Both spamhaus and abuseat provide this text in their replies to
>Courier's RBL lookups.

I have checked spamhaus now, and it returns:

;; QUESTION SECTION:
;242.241.43.39.zen.spamhaus.org.        IN      ANY

;; ANSWER SECTION:
242.241.43.39.zen.spamhaus.org. 900 IN  TXT     "https://www.spamhaus.org/query/ip/39.43.241.242"
242.241.43.39.zen.spamhaus.org. 900 IN  A       127.0.0.11
242.241.43.39.zen.spamhaus.org. 900 IN  A       127.0.0.4

>Is it worth considering A and TXT record lookups rather than ANY, given
>the request to stop sending requests for ANY result?  Might that request
>indicate that requests for ANY will not be supported in the future?

I got angry in the past at cloudflare for the stupid draft and already
blocked a domain using their DNS because of that.

I really think I should publish "digany" script that will dig for any
supported RRs so I _will_ be able to look at all configured records, if
anyone's so stupid to disable ANY queries...

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete

------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: RBL answers

Sam Varshavchik
Matus UHLAR - fantomas writes:

> >Is it worth considering A and TXT record lookups rather than ANY, given
> >the request to stop sending requests for ANY result?  Might that request
> >indicate that requests for ANY will not be supported in the future?
>
> I got angry in the past at cloudflare for the stupid draft and already
> blocked a domain using their DNS because of that.

I agree that this is somewhat dumb, and stupid. I understand the underlying  
technical factors. But it's still dumb, and stupid. Things have been working  
just fine, as is, for decades, with those same technical factors being  
present and everyone simply ignoring them. Nobody cares.

This is nothing more than some pointy-headed academician, or a bunch of  
them, suddenly figuring out the problem with ANY that nobody cared about,  
ever, and thinks that he is the first one, ever, to figure it out, and this  
is nothing more than a public demonstration of how smart these boneheads,  
who are pushing for this, are. Because, see, they're smarter than everyone  
else, for figuring out this horrible flaw in DNS's design.

But this is a battle that I cannot win. There will come a point that the  
blacklist operators will realize their short-sightedness in backing this  
idiocy. But, by that point, there will be nothing that they will be able to  
do about it. The cat's already out of the bag.


------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

attachment0 (817 bytes) Download Attachment