On 03/27/2015 11:44 PM, Amir Caspi wrote:
On Mar 27, 2015, at 3:34 PM, Richard Doyle
<lists...@islandnetworks.com> wrote:
All of these were "From:" domains created today.
Shouldn't they have been picked up by DOB? Or do I need to manually
enable some DOB plugin in SA? (If so, please let me know how...)
When I ran the third spample manually a few hours ago, I still didn't
see any DOB hit.
I see there is a URIBL_RHS_DOB... is there a SENDER_DOB rule as well?
If not, it seems like it would be a good idea to implement one... do
I need to file a bug for it?
However, it would appear that all of the From: domains are the same
as in the body URIs, which means URIBL_RHS_DOB should have popped...
unless you mean that the subdomain (sub.domain.com) was DOB, but the
main domain (www.domain.com and/or domain.com) were not DOB? Or am I
missing something?
DOB isn't realtime/zero hour.
I have zero Sendmail clue but if you can do it, also check
sender/helo/rdns against dbl.spamhaus.org's reply 127.0.1.2
(I can only provide Postfix config for this)
if you want to check sender in DOB you can use eval:check_rbl_envfrom
for a rule.
A few days ago I posted dbl_env_from.cf which should show how it's done
(the rule is "untested")
http://mail-archives.apache.org/mod_mbox/spamassassin-users/201503.mbox/%3C55128D61.2020308%40gmail.com%3E
You also may want to look at the Invaluement IP/URI lists.
(Invaluement.com). Detection rate is real good and FP level is
extraordinary. IIRC you can get a test drive.
I wouldn't want to miss it.
