named and SpamAssassin
/dev/rob0
rob0 at gmx.co.uk
Mon Jul 18 02:50:02 UTC 2005
> Barry Margolin wrote:
>>So someone was trying to look up the nameservers for the love-walker.com
>>domain. It's pretty unusual for applications to look up NS records
>>explicitly, it mostly comes from troubleshooting utilities.
I wouldn't be surprised to hear that something like SpamAssassin does
this. Spammers break many things, intentionally, and broken DNS is a
likely sign of spam.
Chris wrote:
> Barry, above is the complete syslog entry on this message from when spamd
> was called to the time it was identified as spam. The url's that named is
> attempting to resolve are in the message. However, it seems that not all
> spam messages with url's embeded are being resolved or attempting to.
> Guess its just another mystery of life. Of course it could be Razor,
> Pyzor, DCC or any of the other network checks I run that is actually
Not a mystery at all. The answers are probably in the documentation or
source code of these utilities. :)
FWIW much spam can be detected pre-queue and pre-DATA. Content filters
like SpamAssassin are an inefficient first-line defense against spam.
Most MTA's can do a good job without wasting so much of your resources
(both CPU and bandwidth.)
I've nothing against SA and content filtering, but I don't use it
myself. I concentrate my efforts on pre-DATA blocking of spam.
> calling named to do this. Its not hurting anything so as you suggested I'll
> just ignore it. I just get curious when I see new things in my syslog.
Nothing wrong with that. It's good to keep in touch with syslog. :)
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
More information about the bind-users
mailing list