Re: eval:check_uridnsbl to check subdomains

Fri, 05 Aug 2016 10:23:49 -0700 

On 04.08.16 10:48, robertboyl wrote:

Can you detail when you say to check util_rb_2tld and  util_rb_3tld
directives?


check their documentation to see what are they doing


I have to manually add all 2tld manually in this file...?


no. most of them are already configured in SA rules
(you do keep them up to date, don't you?)

you only needto specify domains that are supposed to apply but are not in
the list.
Maybe you could even post SA bugreport to add them to stock SA rules.


Subdomains would be nice to be supported, as its a way we have to block
spams that are spamvertised, when we cant block the IP since its some mailer
company that also sends legit mails. So we try to find a URL that we can
block. Sometimes, many times, its a subdomain. For example, a company that
sends email marketing called sendmarketing.com might have a customer that
sends spam and there are URLs in body of email such as
spammer123.domain.com.sendmarketing.com...



here you could util_rb_3tld com.sendmarketing.com


some examples, testing on a qmail and also on an icewarp mail server.

1) conteudo.nibo.com.br in a URL of a spam body.


com.br is in util_rb_2tld but maybe you could add "util_rb_3tld nibo.com.br"
provided there are different subdomains in nibo.com.br


It does not catch it, but its blacklisted in the DNSBL.


and which domain exactly is blacklisted? That is also important question!


2) A certain legit email has this in the body:

https://cdn-lojaglobo.s3.amazonaws.com/emailmarketing

It causes a false positive, since it considers amazonaws.com (which for some
reason is listed on the DNSBL blacklist), but what we want to block is the
subdomain only, not the domain...


util_rb_3tld s3.amazonaws.com


note that blacklist must know those domains too.
There's no use in checking for spammer123.domain.com.sendmarketing.com if
blacklists lists sendmarketing.com
etc.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.

I drive way too fast to worry about cholesterol. 





















					Reply via email to