On 10/17/2013 05:41 PM, Stan Hoeppner wrote:
This is what Neil meant by the "deeper dive". Again, the URIBL_SBL test
isn't responsible for this behavior. Spamhaus is. Thus you can't
create a separate rule to do this "deeper diving". Spamhaus is doing
it, automagically, and it will continue to do so with the current
URIBL_SBL rule, whether you like it or not (or until enough customers
complain I guess).
Stan,
Spamhaus did nothing other than publishinh an IP with a karma
elts get the termis right
SA did a a query using eval:check_uridnsbl, which means:
Is the domain's NS IP listed in SBL?
sbl.spamhaus.org replied with yes...
rule hit
Spamhaus' FAQ is incorrect:
http://www.spamhaus.org/faq/section/Spamhaus%20SBL#270
I hear the SBL can also block domains, how? What is "URIBL_SBL"?
Yes, the SBL can also be used as a URI Blocklist and is particularly
effective in this role. In tests, over 60% of spam was found to contain
URIs (links to web sites) whose webserver IPs were listed on the SBL.
SpamAssassin, for example, includes a feature called URIBL_SBL for this
purpose. The technique involves resolving the URI's domain to and IP
address and checking that against the SBL zone.
I'll try to get this corrected...
h2h
