this is a bit crappy alright.  Even if "skip_rbl_checks" doesn't turn off URIBL querying, we should at least add a "skip_uribl_checks" similarly and refer to it in the skip_rbl_checks documentation.

(In reply to comment #0)
> We've enabled skip_rbl_checks on a low volume email filtering box running
> SpamAssassin, assuming this would skip all DNSBL checks. We suddenly received a
> warning email from URIBL that we would be blocked if we would continue to query
> their list, and that we're required to pay for a datafeed. SURBL also recently
> indicated they're going to become strict on policies and will start pushing
> their commercial datafeed. We can easily disable the URIBL/SURBL queries now we
> are aware of them of course, but it really seems like a bug that they're
> queried at all.

neither SURBL nor URIBL.COM are commercial services. As with Spamhaus, if you are a heavy traffic and/or commercial site you should get a datafeed as you are obviously abusing donated resources. This permits the BLs continue offering a free service to the smaller, low traffic sites.

Why should anybody donate his time/bandwidth/cpu cycles so you can "sell the queries" for your spam filtering service?
Its only fair you share the costs incurred in running BLs or run your own.


> I've read in the various discussions that this behavior is on purpose, however
> I don't think the opensource SpamAssassin product should be used as a marketing
> vehicle for such commercial projects, and would at least expect skip_rbl_checks
> to skip the rbl checks.


You can disable whatever BLs you require by setting the score to 0

not sure if this is going to happen before 3.3.0 without a patch, but let's target it anyway

Just to make that clear, I completely understand that they want to charge commercial companies / heavy query users to be able to fund the service. Nothing wrong with that. But now it looks like some "hidden" feature resulting in me being "spammed" with a commercial request :) That's why we had the public rbl checks skipped in the first place (or at least we thought so).

I'll try to see if I can get a patch written by someone.

(In reply to comment #2)
> You can disable whatever BLs you require by setting the score to 0

this isn't the most usable way to deal with the problem, btw.  it requires keeping up-to-date with the names of the BLs, future changes etc.

(In reply to comment #5)
> (In reply to comment #2)
> > You can disable whatever BLs you require by setting the score to 0
> 
> this isn't the most usable way to deal with the problem, btw.  it requires
> keeping up-to-date with the names of the BLs, future changes etc.

100% agreed but there's hasn't been a better option.
As SA includes a load of BLs which may or not be wanted and most are enabled by default, keeping track has become part of regular management routine.

with  the URI lists in mind, a "skip_uribl_checks" would be a a great addition.

(In reply to comment #6)
> (In reply to comment #5)
> > this isn't the most usable way to deal with the problem, btw.  it requires
> > keeping up-to-date with the names of the BLs, future changes etc.
> 
> 100% agreed but there's hasn't been a better option.
> As SA includes a load of BLs which may or not be wanted and most are enabled by
> default, keeping track has become part of regular management routine.

ISTM (disclaimer: I work with the OP), that having a central option to turn off *all* lists is worthwhile, though, for those that just want the other SA features.  If you're picking and choosing your lists, then sure you'll have to keep up to date and the score=0 solution is perhaps good enough.  Like Justin said, it seems a lot if you just want to turn them all off.

For me, the name "skip_rbl_checks" implies "skip all rbl checks", rather than "skip some rbl checks" (yes, this is an assumption).  I think it's reasonable to think that other people would think that too, and that it would be reasonable behaviour for the option.

However, I'd be just as happy with a set of options that turn off the various checks in bulk, and cross-references in the documentation of the options.

The documentation for "skip_rbl_checks" says:

 skip_rbl_checks ( 0 | 1 ) (default: 0)
        By default, SpamAssassin will run RBL checks. If your ISP already
        does this for you, set this to 1.

If that also said "you'll need to set the score=0 for the SURBL and URIBL checks as well", that would address 95% of this issue, IMO.

(In reply to comment #4)
>.But now it looks like some "hidden" feature resulting
> in me being "spammed" with a commercial request :) 

Really, spammed?  Would you rather have not received the abuse report?  Would you rather have dns timeouts in spamassassin and not know why?

The ACL notification email is hardly a commercial request.  It gives you all the options from disabling the lookups, to decreasing volume, to datafeed service.

Since you are the "spamexperts.com", you should have known what rules are running and firing against your customers email.  Seeing URIBL_* or SURBL_* hits in the logs should have been your first clue that you werent skipping the tests.

Let me suggest to you...
http://www.rulesemporium.com/programs/sa-stats-1.0.txt

(In reply to comment #8)
> (In reply to comment #4)
> >.But now it looks like some "hidden" feature resulting
> > in me being "spammed" with a commercial request :) 
> 
> Really, spammed?  Would you rather have not received the abuse report?  Would
> you rather have dns timeouts in spamassassin and not know why?
I was being sarcastic. In this situation I was happy I received your email of course to be informed of this unexpected SA behavior.

Created attachment 4520 [details]
Should add skip_uridnsbl_checks

This should add the config option skip_uridnsbl_checks if I was reading the code correctly :)

(In reply to comment #10)
> Created an attachment (id=4520) [details]
> Should add skip_uridnsbl_checks
> 
> This should add the config option skip_uridnsbl_checks if I was reading the
> code correctly :)

looks likely, but the patch is an RTF file! could you reattach as plain text?

Created attachment 4521 [details]
non rtf format

this is what happens when I program at 4am... oops

Bug 6142: add a config parameter skip_uribl_checks to the
URIDNSBL plugin, cross-document it with skip_rbl_checks.
Sending        lib/Mail/SpamAssassin/Conf.pm
Sending        lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
Committed revision 831320.