Re: FQDN and uridnsbl

Wed, 05 Oct 2022 00:24:55 -0700 

On 04.10.22 15:47, DEMBLANS Mathieu wrote:

Not sure about this solution.
The problem is for all sites listed in surbl.org, not specifically square.site 
and its subdomains.


the tflags applies to a spamassassin rule, not specific domain:

/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:#tflags     
     URIBL_SC_SURBL  net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags      
    URIBL_WS_SURBL  net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags      
    URIBL_PH_SURBL  net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags      
    URIBL_MW_SURBL  net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags      
    URIBL_CR_SURBL  net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:#tflags     
     URIBL_AB_SURBL  net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags      
    URIBL_ABUSE_SURBL  net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags      
    SURBL_BLOCKED   net noautolearn notrim



-----Message d'origine-----
De : Henrik K <h...@hege.li>
Envoyé : mardi 4 octobre 2022 17:30
À : users@spamassassin.apache.org
Objet : Re: FQDN and uridnsbl

On Tue, Oct 04, 2022 at 03:13:29PM +0000, DEMBLANS Mathieu wrote:

Hello,

SpamAssassin version 3.4.6 With postfix 3.4.14 on debian 10.12

SpamAssassin version 3.4.2 With postfix 3.4.2 on debian 10.3

As it is written in the Mail_SpamAssassin_Plugin_URIDNSBL doc and
confirmed by some tests, when a check is done with uridnsbl, only the
domain is requested not the complete FQDN (rhsbl_zone).

For example if I want to test abc.domain.com it will only request domain.com .

My problem is that for phishing url search on surbl.org it doesn?t find it.

On a real test for btinternet-100730.square.site, which is in the
surbl.org PH list, spamassassin do a dns request for
square.site.multi.surbl.org. that can?t be find.

If I test manually btinternet-100730.square.site.surbl.org. the
response is good (127.0.0.8).

So it probably never find anything in this kind of list.

Is there any thing to do to make it work correctly ?


For SA 3.4 you need to use util_rb_2tld cf for all such domains:

util_rb_2tld square.site

Upcoming 4.0 already supports tflags notrim, which will query the full host 
from surbl and other lists that support it.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...






















					Reply via email to