uridnsbl_skip_domain and util_rb_*tld
Hello, I encountered problem where domain listed in uridnsbl_skip_domain was queried for uribl listings. I have tried to skip querying for "gov.sk" by defining uridnsbl_skip_domain ... gov.sk However, the domains were still gathered: Jul 24 18:20:28.580 [8512] dbg: check: tagrun - tag URIHOSTS is now ready, value: ARY:[g2inmail1.gov.sk,mail.gov.sk,msx1.upvsp.gov.sk] Jul 24 18:41:13.899 [9295] dbg: check: tagrun - tag URIDOMAINS is now ready, value: ARY:[g2inmail1.gov.sk,mail.gov.sk,upvsp.gov.sk] and queries were still sent: 18:05:31.348747 IP 192.168.251.228.45721 > 54.233.104.8.53: 26118 [1au] A? g2inmail1.gov.sk.multi.uribl.com. (73) 18:15:39.860161 IP 192.168.251.228.55448 > 54.152.34.162.53: 29958 [1au] A? g2inmail3.gov.sk.multi.uribl.com. (73) the "gov.sk" is listed as second-level TLD: 20_aux_tlds.cf:util_rb_2tld edu.sk gov.sk mil.sk Is this source of rht problem? I was trying to RTFS but I'm not skilled enough. I believe that uridnsbl_skip_domain should skip domain even in such cases - if someone wants to skip e.g. .com domains from URIBL checking, it should work. So far I use: dns_query_restriction deny gov.sk.multi.uribl.com gov.sk.multi.surbl.org gov.sk.dbl.spamhaus.org gov.sk.lookup.dkimwl.org -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Due to unexpected conditions Windows 2000 will be released in first quarter of year 1901
Re: uridnsbl_skip_domain question
Hello, I was hoping to fix this finally... On 5/17/24 3:17 PM, Matus UHLAR - fantomas wrote: I have configured exclusion for some common domains e.g. gov.sk in SA: uridnsbl_skip_domain [...] gov.sk slovensko.sk However it seems that that domain is still queried: 9826 68.951573 127.0.0.1 → 127.0.0.1 DNS 104 Standard query 0xbffe A mail.gov.sk.multi.uribl.com OPT in SA 4 docs I see that: uridnsbl_skip_domain domain1 domain2 ... Specify a domain, or a number of domains, which should be skipped for the URIBL checks. This is very useful to specify very common domains which are not going to be listed in URIBLs. In addition to trimmed domain, the full hostname is also checked from the list. Do I have to exclude subdomains for each host too? (this would kind of defeat the directive imho). This is SA 3.4.6 (debian 11) which does not have the latter paragraph but I assume the difference is only in documentation On 18.05.24 19:30, giova...@paclan.it wrote: From a quick look at the code it seems that subdomains check has been added to Mail::SpamAssassin::Plugin::URIDNSBL with commit r1889093 ~10 days after 3.4.6 release. In addition to that Mail::SpamAssassin::Plugin::DNSEval honor uridnsbl_skip_domain preference only in trunk code. I have retried this with SA 4.0.0 (debian 12), and unfortunately this still happens: 18:05:31.348747 IP 192.168.251.228.45721 > 54.233.104.8.53: 26118 [1au] A? g2inmail1.gov.sk.multi.uribl.com. (73) 18:15:39.860161 IP 192.168.251.228.55448 > 54.152.34.162.53: 29958 [1au] A? g2inmail3.gov.sk.multi.uribl.com. (73) and SA debug output shows: Jul 24 18:20:28.580 [8512] dbg: check: tagrun - tag URIHOSTS is now ready, value: ARY:[g2inmail1.gov.sk,mail.gov.sk,msx1.upvsp.gov.sk] Jul 24 18:41:13.899 [9295] dbg: check: tagrun - tag URIDOMAINS is now ready, value: ARY:[g2inmail1.gov.sk,mail.gov.sk,upvsp.gov.sk] I see that gov.sk is listed in: 20_aux_tlds.cf:util_rb_2tld edu.sk gov.sk mil.sk Can this listing be the reason why its subdomains are still queried? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
Re: uridnsbl_skip_domain question
On 5/17/24 3:17 PM, Matus UHLAR - fantomas wrote: Hi guys, I have configured exclusion for some common domains e.g. gov.sk in SA: uridnsbl_skip_domain [...] gov.sk slovensko.sk However it seems that that domain is still queried: 9826 68.951573 127.0.0.1 → 127.0.0.1 DNS 104 Standard query 0xbffe A mail.gov.sk.multi.uribl.com OPT in SA 4 docs I see that: uridnsbl_skip_domain domain1 domain2 ... Specify a domain, or a number of domains, which should be skipped for the URIBL checks. This is very useful to specify very common domains which are not going to be listed in URIBLs. In addition to trimmed domain, the full hostname is also checked from the list. Do I have to exclude subdomains for each host too? (this would kind of defeat the directive imho). This is SA 3.4.6 (debian 11) which does not have the latter paragraph but I assume the difference is only in documentation From a quick look at the code it seems that subdomains check has been added to Mail::SpamAssassin::Plugin::URIDNSBL with commit r1889093 ~10 days after 3.4.6 release. In addition to that Mail::SpamAssassin::Plugin::DNSEval honor uridnsbl_skip_domain preference only in trunk code. Giovanni OpenPGP_signature.asc Description: OpenPGP digital signature
uridnsbl_skip_domain question
Hi guys, I have configured exclusion for some common domains e.g. gov.sk in SA: uridnsbl_skip_domain [...] gov.sk slovensko.sk However it seems that that domain is still queried: 9826 68.951573127.0.0.1 → 127.0.0.1DNS 104 Standard query 0xbffe A mail.gov.sk.multi.uribl.com OPT in SA 4 docs I see that: uridnsbl_skip_domain domain1 domain2 ... Specify a domain, or a number of domains, which should be skipped for the URIBL checks. This is very useful to specify very common domains which are not going to be listed in URIBLs. In addition to trimmed domain, the full hostname is also checked from the list. Do I have to exclude subdomains for each host too? (this would kind of defeat the directive imho). This is SA 3.4.6 (debian 11) which does not have the latter paragraph but I assume the difference is only in documentation -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you.
Re: uridnsbl_skip_domain
On Mon, Jun 18, 2007 at 03:01:42PM -0400, Jason Bertoch wrote: > 25_uribl.cf contains a number of domains to skip via the > "uridnsbl_skip_domain" > command. Is there a command comparable to unwhitelist_from that would apply > to > the uridnsbl? Not really. At that point you may as well just write a uri rule (more specifically, you could write a rule using the URIDetail plugin and target the actual domain instead of the uri as a whole). -- Randomly Selected Tagline: "What's the difference between the Spice Girls and a porno movie? A porno movie has better music."- Phil Spector pgpEwj5Xs4MXI.pgp Description: PGP signature
uridnsbl_skip_domain
25_uribl.cf contains a number of domains to skip via the "uridnsbl_skip_domain" command. Is there a command comparable to unwhitelist_from that would apply to the uridnsbl? Jason A. Bertoch Network Administrator [EMAIL PROTECTED] ElectroNet Intermedia Consulting 3411 Capital Medical Blvd. Tallahassee, FL 32308 (V) 850.222.0229 (F) 850.222.8771
RE: forged-HELO and uridnsbl_skip_domain
> Ben Wylie wrote: >> In the logs i have been seeing some forged-HELO lines, and sometimes >> couldn't work out why they were triggered. I disabled my trusted paths >> and sent an email from one address with my isp "[EMAIL PROTECTED]" to a >> work email address "[EMAIL PROTECTED]" which was downloaded and forwarded >> to a local email address "[EMAIL PROTECTED]". It's a bit >> complicated, but basically these are the hops the email took: >> 1) From a local pc (192.168.0.12) to our server (arkbb.co.uk) >> 2) from our mailserver (arkb.co.uk) to our isp (ntl.com) > > but it says it's from from arkbb.co.spam.uk, not arkbb.co.uk. Sorry for the inconsistencies - I replaced arkbb.co.uk with arkbb.co.spam.uk to avoid spam, but didn't replace them all. Where it says spam, please ignore the word spam. Thanks Ben
Re: forged-HELO and uridnsbl_skip_domain
Ben Wylie wrote: In the logs i have been seeing some forged-HELO lines, and sometimes couldn't work out why they were triggered. I disabled my trusted paths and sent an email from one address with my isp "[EMAIL PROTECTED]" to a work email address "[EMAIL PROTECTED]" which was downloaded and forwarded to a local email address "[EMAIL PROTECTED]". It's a bit complicated, but basically these are the hops the email took: 1) From a local pc (192.168.0.12) to our server (arkbb.co.uk) 2) from our mailserver (arkb.co.uk) to our isp (ntl.com) but it says it's from from arkbb.co.spam.uk, not arkbb.co.uk.
forged-HELO and uridnsbl_skip_domain
ts and showing the forged-HELO lines: debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20)) debug: SPF: checking HELO (helo=mta08-winn.mailhost.ntl.com, ip=212.250.162.16) debug: SPF: trimmed HELO down to 'ntl.com' debug: SPF: query for /212.250.162.16/ntl.com: result: none, comment: SPF: domain of sender ntl.com does not designate mailers debug: all '*From' addrs: [EMAIL PROTECTED] debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x268528c)) debug: all '*To' addrs: [EMAIL PROTECTED] [EMAIL PROTECTED] debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20)) debug: SPF: relayed through one or more trusted relays, cannot use header-based Envelope-From, skipping debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20)) debug: forged-HELO: from=ntl.com helo=ntl.com by=clara.net debug: forged-HELO: from=ntl.com helo=ntl.com by=ntl.com debug: forged-HELO: from=ntl.com helo=arkbb.co.spam.uk by=ntl.com debug: forged-HELO: mismatch on HELO: 'arkbb.co.spam.uk' != 'ntl.com' debug: forged-HELO: from= helo= by=arkbb.co.spam.uk debug: forged-HELO: mismatch on from: 'ntl.com' != 'arkbb.co.spam.uk' debug: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20)) Can someone tell me what these forged-HELO lines mean? Is it comparing the helo command with the rDNS entry? Does it matter that all of these fail? SA didn't appear to give it any scores due to these fails, but do some people block emails if there is a discrepency between the helo command and the rDNS? Presumably anyone does, my emails are unlikely to get through. On a completely different note, i have this in my local.cf file: uridnsbl_skip_domain pipex.com vigay.com Which is giving me this in the log: debug: config: read file F:\Documents and Settings\LocalService/.spamassassin/user_prefs debug: config: SpamAssassin failed to parse line, skipping: uridnsbl_skip_domain pipex.com vigay.com This seems to be the format in 25_uribl.cf. Is there a reason why it doesn't work? Thanks Ben