----- Original Message ----- From: "Ulysses Cruz" <[EMAIL PROTECTED]> To: <users@spamassassin.apache.org> Sent: Thursday, September 23, 2004 12:22 PM Subject: Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
> On Thu, Sep 23, 2004 at 10:52:03AM -0500, Sandy S whispered: > > I'm in the process of upgrading to Spamassassin 3.0 and am currently running > > my email through the new version of Spamassassin. I just had an email slip > > through that should have been caught by the URIDNSBL lookups - it's listed > > in all of the URI blacklists. > > > snip the actual URIs > > It appears that instead of querying for wneiis-planet.info, Spamassassin is > > attempting to query the full URL. wneiis-planet.info is listed in the URL > > RBLs, but tvuu.wneiis-planet.info and ckcw.wneiss-planet.info are not, so > > this email got through. > > > > The URIDNSBL is working fine on other messages - here's the log on a similar > > message where the URI DNS lookups worked correctly: > same again > > In this case it correctly extracted the domain to query as bestwneiis.info. > > > > Is this a bug or is there something I missed as I was RTFMing? Thanks for > > any help on this! > > > > Sandy S. > > Ironically, my system marked your post as spam specifically because of the > URIBLs. > > I am using a standard amavid-new & SA 3.0 install, with only the core rules. > How is your system configured, and are you using any extra rules? > > Ulysses > > -- > Ulysses S. Cruz [EMAIL PROTECTED] > "If it wasn't for the voices in my head, I'd go insane from loneliness" > -Me, Myself and I > Thanks for your response - that's very interesting! We're running Spamassassin 3.0 on FreeBSD 4.9, using spamd/spamc called via procmail. I do have a bunch of custom rulesets, mostly pulled from the SARE site: 70_sare_uri.cf, 99_sare_fraud_post25x.cf, evilnumbers.cf, tripwire.cf, and weeds_2.cf. I also have a bunch of my own rules that I've added here and there to catch things that slip through. (For example I added one like "uri SPAMMER_URLS04_I /\bwneiis-planet\.info/i" after the message in question got through.) I'd say 99% of the time the URI RBL lookups are working great. I've only found one other spam so far where this same thing happened, and that was also a .info domain. Thanks for your help! Sandy S.
