[spambayes-dev] Re: Generating SB tokens based upon information on the net

[Brad Knowles]

At 4:49 PM -0500 2004-08-03, Skip Montanaro wrote:

>  One of the downfalls of many systems that operate deep into the email
>  toolchain is that they try to do lookups on the net of some sort.  With
>  Spambayes we have tried to not go down that path and only use information in
>  the message itself.  Many's the time I had to stop SpamAssassin because its
>  razor lookups hung.  You never know when the network is going to flake out
>  on you.  If your training indicates that "no reverse DNS" is a strongly
>  spammy clue, I think you should make darn sure you can check that when you
>  are scoring messages.

	In the case of reverse DNS, all that work will already have been 
done by the system before you ever get the message.  All MTAs I know 
of automatically do reverse DNS lookups the moment a client connects, 
regardless of whether or not they actually attempt to use that 
information to control access.  If nothing else, they need this 
information to put into the "Received:" headers that they're going to 
add to the message as it passes through.

	I don't know how easy it would be to configure postfix to pull 
this out and hand it to you on the command-line or otherwise outside 
of the context of the message itself, but that would probably be 
possible.  Or, you could just parse the content of the appropriate 
headers that we just added.

>  Certainly no worse than having our process table fill up smtpd_proxy
>  processes awaiting a DNS response that ain't gonna happen.

	We've got that no matter what.  If DNS goes down, we're toast, 
period.  The kinds of things I had configured is no additional 
exposure with respect to that issue.

	Indeed, all MTAs I know of are toast if DNS ever goes down, at 
least in their default configurations.  If you know what you're 
doing, you can configure them to disable all attempts to use the DNS, 
but that's normally only useful in dial-up UUCP-style connections. 
Otherwise, this greatly reduces the scope of what you can do with the 
information you have available to you, and really ties the hands of 
the mail server administrator.

	If we're not doing DNS blacklist lookups within SpamBayes, then I 
think we need to seriously look at adding that capability in some 
other fashion.  My experience has been that these are some of the 
most important information sources you can have available to you when 
attempting to score a message for spam probability.

-- 
Brad Knowles, <brad.knowles at skynet.be>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.