On 10/15/2014 4:52 PM, Kevin A. McGrail wrote:
On 10/15/2014 4:49 PM, Ken Bass wrote:
1) My local.cf has a rule to address the new .link domain which
spammers appear to be using recently:
uri LR_LINK_TLD /^(?:https?:\/\/|mailto:)[^\/]+\.link(?:\/|$)/i
describe LR_LINK_TLD Contains a URL in the LINK top-level domain
score LR_LINK_TLD 3.0
2) The URIDNSBL rules are not being executed for these email either.
Debug of SA shows an empty domains to query: Huh?
Oct 15 16:24:55.416 [15519] dbg: uridnsbl: domains to query:
Here is the pastebin link to the full spam email:
http://pastebin.com/RJWyGkKB
The TLDs are hardcoded in SA 3.3.2. We are working on not having
them hard-coded in 3.4.1.
I believe someone made a patch suitable for 3.3.2 but I can't find it
at the moment.
Sorry but I think you might be confusing some specific TLD related rule
issues rather than the more generic custom uri rules and uridnsbl rules
that I am using. Because these work fine on OTHER emails. Something in
specific emails, like the one in the above pastebin are causing the
issue. I've got lots of other emails that hit the above LR_LINK_TLD
and/or URIBL_DBL_SPAM.
