>A possible tweak may be writing an ASSP module to deal with SURBL First I had the same nice idea. But this is very complicated because of two things.
1. as a level 1 plugin (after SMTP handshake, after DATA) it gets no mail data - as a level 2 plugin (complete mail) , the plugin would cause assp to queue the complete mail, even it is not nessesary for checking URI's in 'maxBytes' 2. the OCR plugin forces an URIBL check for the extracted data - in case this would force a call from a plugin to a plugin. The plugins and the assp.pl plugin check code does not support recursion. This would break too many things. There is another issue I have to deal with. At this time URI's to check must have an IP as hostpart or a hostname which ends with a TLD of a valid level (1,2,3). Yes - cracked DNS will currently bypass the URIBL check in assp (in case the local DNS server is hacked - nothing will ever help). But removing the TLD check will cause assp to collect and check all the possible (looks like URI) parts in the header lines (most of them are useless). Also several misspelled parts of the mail text will be detected as an URI - like 'This is a test.But this is another test' - here 'test.But' looks like a hostname (ignoring TLD), because the space after the dot is missing. OK - there is no link behind the possible host name. But it is common to make such a nonsense hostname looking like a link - with the hint: "use this link, if does not work copy and paste it in to your browser". Or another example: ... this.is.a.cracked.dns ... Now the spammer makes a valid link behind the URI , like 'maps.google.com' , which will fail because the ISP-DNS is hacked - but it looks innocent for everyone - now the hint 'use this ....' . It can be possible, that assp reached the count limit of URI's , because TLD is ignored, before this dangerous part. My question is: Can we assume, that we will get correct answers for our URIBL DNS-queries, if a local or ISP DNS-server is hacked? - IMHO, NO! The only way to step in to such a trap is, if the DNS-servers of the domain, where an URI points to, are hacked. Is it worth the effort to deal with such rarely cases? Where the effort is querying 500%-1000% of the current URI's nearly completely in vain - not to forget the coding and testing. Thomas Von: grayhat <gray...@gmx.net> An: assp-test@lists.sourceforge.net Datum: 12.08.2015 09:29 Betreff: Re: [Assp-test] SURBL changes It was Tue, 11 Aug 2015 08:47:55 +0200 when Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > Thank you for the information -Tom. At this time I'm unable to use > these very nice new features of SURBL in assp. Implementing them in > the current URIBL-code, will make the code too complex. > The current code has to be redesigned, or a new code and logic must > be written for SURBL. > I'll put it on the TODO list. A possible tweak may be writing an ASSP module to deal with SURBL ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test