Sandro,
> As an example I have a message that include a link to "ow (dot) ly (/)
> 57lle". Querying host ow.ly.dbl.spamhaus.org clearly shows that it's s
> spammer redirector.
>
> If I feed the message to 'spamassassin -t' I get:
> Content analysis details: (0.0 points, 5.0 required)
> and feeding it to 'spamassassing -D|grep ow.ly I get:
>
> dbg: dns: providing a callback for id: 34472/ow.ly.dbl.spamhaus.org/A/IN
> dbg: async: starting: URI-DNSBL, DNSBL:dbl.spamhaus.org.:ow.ly (timeout
> 15.0s, min 3.0s)
> dbg: dns: providing a callback for id: 57784/ow.ly/NS/IN
> dbg: async: starting: URI-NS, NS:ow.ly (timeout 15.0s, min 3.0s)
> dbg: async: completed in 0.018 s: URI-DNSBL, DNSBL:dbl.spamhaus.org.:ow.ly
> dbg: async: timing: 0.018 . DNSBL:dbl.spamhaus.org.:ow.ly
> I'm not able to read the response, i.e. I cant' understand if it's possible
> to understand from these lines if the test shows or not that it really a
> spam redirector.
The log shows a successful query for ow.ly.dbl.spamhaus.org,
and an almost instant answer - received in 18 ms.
The answer was probebly 127.0.1.3. I guess you do not have any rules
to hit on this value.
Try adding the following rules to your local.cf:
if can(Mail::SpamAssassin::Plugin::URIDNSBL::has_tflags_domains_only)
urirhssub URIBL_DBL_REDIR dbl.spamhaus.org. A 127.0.1.3
body URIBL_DBL_REDIR eval:check_uridnsbl('URIBL_DBL_REDIR')
describe URIBL_DBL_REDIR Spamhaus spammed redirector domain
tflags URIBL_DBL_REDIR net domains_only
score URIBL_DBL_REDIR 2.0
endif
Mark
