On 2023-02-06 at 12:50:29 UTC-0500 (Mon, 6 Feb 2023 17:50:29 +0000)
Michael Grant via users <mgr...@grant.org>
is rumored to have said:
I’m noticing that check_uridnsbl() seems only to check the message
body. Is there some way to make it check the headers as well?
On 06.02.23 16:16, Bill Cole wrote:
No. Which is fine, because there are usually no URIs in headers, and
when there are, they are likely to be standard List-* headers, which
are unlikely to be useful.
I got a few spams containing List-Id: so I'm going through archive.
I remember receiving many spams from google (groups?) containing this header.
Unfortunately I don't have any samples right now.
However, looking at my spam
- there are many bogus list-id headers:
List-Id: b07285867v11317517
List-Id: "0" <1018.14c124b8eb050d06d6f466cb3e9.localhost>
List-Id: lm555vqc6z9b6 <linkedin>
List-Id: <spc-88419-0>
and I can already see a rule to catch these.
And, there are some lists I repeatedly got such spam from (I haven't
subscribed), so using them at least with my local BL could help.
In 25_uribl.cf, I have:
urirhssub URIBL_BLACK multi.uribl.com. A 2
body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
describe URIBL_BLACK Contains an URL listed in the URIBL
blacklist
tflags URIBL_BLACK net
reuse URIBL_BLACK
First obvious thing I tried was changing ‘body’ to ‘full’ in the
above. It continues to check only the body. In fact, changing it
to ‘header’, it continues to check the body. I then read through
the man page on URIDNSBL and it does clearly state a ‘body’ rule.
Predictable. :)
Is there some clever way to have a URIDNSBL rule check the header of
a message as well? Or is there something else I can use separately
that would look up a domainname in the header section of an email?
Nothing comes to mind.
You can obviously use 'full' or the 'all' pseudo-header and look for
specific domains, but identifying everything in the header that COULD
be a domain and just testing that against a DNSBL designed for domains
found in URIs could have very bad failure modes.
Perhaps adding some headers like List-Id: to the body like Subject: ?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.
