uridnsbl_skip_domain and util_rb_*tld

2024-08-09 Thread Matus UHLAR - fantomas 

Hello,

I encountered problem where domain listed in uridnsbl_skip_domain was 
queried for uribl listings.



I have tried to skip querying for "gov.sk" by defining

uridnsbl_skip_domain ... gov.sk

However, the domains were still gathered:

Jul 24 18:20:28.580 [8512] dbg: check: tagrun - tag URIHOSTS is now ready, 
value: ARY:[g2inmail1.gov.sk,mail.gov.sk,msx1.upvsp.gov.sk]
Jul 24 18:41:13.899 [9295] dbg: check: tagrun - tag URIDOMAINS is now ready, 
value: ARY:[g2inmail1.gov.sk,mail.gov.sk,upvsp.gov.sk]

and queries were still sent:

18:05:31.348747 IP 192.168.251.228.45721 > 54.233.104.8.53: 26118 [1au] A? 
g2inmail1.gov.sk.multi.uribl.com. (73)
18:15:39.860161 IP 192.168.251.228.55448 > 54.152.34.162.53: 29958 [1au] A? 
g2inmail3.gov.sk.multi.uribl.com. (73)

the "gov.sk" is listed as second-level TLD:

20_aux_tlds.cf:util_rb_2tld edu.sk gov.sk mil.sk

Is this source of rht problem? 
I was trying to RTFS but I'm not skilled enough.

I believe that uridnsbl_skip_domain should skip domain even in such cases
- if someone wants to skip e.g. .com domains from URIBL checking, it should 
work.


So far I use:

dns_query_restriction deny gov.sk.multi.uribl.com gov.sk.multi.surbl.org 
gov.sk.dbl.spamhaus.org gov.sk.lookup.dkimwl.org


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected conditions Windows 2000 will be released
in first quarter of year 1901

Re: uridnsbl_skip_domain question

2024-07-24 Thread Matus UHLAR - fantomas 

Hello,

I was hoping to fix this finally...


On 5/17/24 3:17 PM, Matus UHLAR - fantomas wrote:

I have configured exclusion for some common domains e.g. gov.sk in SA:

uridnsbl_skip_domain [...] gov.sk slovensko.sk

However it seems that that domain is still queried:

 9826  68.951573    127.0.0.1 → 127.0.0.1    DNS 104 Standard query 0xbffe A 
mail.gov.sk.multi.uribl.com OPT

in SA 4 docs I see that:

   uridnsbl_skip_domain domain1 domain2 ...
   Specify a domain, or a number of domains, which should be skipped
   for the URIBL checks.  This is very useful to specify very common
   domains which are not going to be listed in URIBLs.

   In addition to trimmed domain, the full hostname is also checked
   from the list.

Do I have to exclude subdomains for each host too?
(this would kind of defeat the directive imho).

This is SA 3.4.6 (debian 11) which does not have the latter paragraph but I 
assume the difference is only in documentation


On 18.05.24 19:30, giova...@paclan.it wrote:

From a quick look at the code it seems that subdomains check has been added to 
Mail::SpamAssassin::Plugin::URIDNSBL with commit r1889093 ~10 days after 3.4.6 
release.
In addition to that Mail::SpamAssassin::Plugin::DNSEval honor 
uridnsbl_skip_domain preference only in trunk code.


I have retried this with SA 4.0.0 (debian 12), and unfortunately this still 
happens:


18:05:31.348747 IP 192.168.251.228.45721 > 54.233.104.8.53: 26118 [1au] A? 
g2inmail1.gov.sk.multi.uribl.com. (73)
18:15:39.860161 IP 192.168.251.228.55448 > 54.152.34.162.53: 29958 [1au] A? 
g2inmail3.gov.sk.multi.uribl.com. (73)

and SA debug output shows:

Jul 24 18:20:28.580 [8512] dbg: check: tagrun - tag URIHOSTS is now ready, 
value: ARY:[g2inmail1.gov.sk,mail.gov.sk,msx1.upvsp.gov.sk]
Jul 24 18:41:13.899 [9295] dbg: check: tagrun - tag URIDOMAINS is now ready, 
value: ARY:[g2inmail1.gov.sk,mail.gov.sk,upvsp.gov.sk]

I see that gov.sk is listed in:

20_aux_tlds.cf:util_rb_2tld edu.sk gov.sk mil.sk

Can this listing be the reason why its subdomains are still queried?

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...

Re: uridnsbl_skip_domain question

2024-05-18 Thread giovanni 

On 5/17/24 3:17 PM, Matus UHLAR - fantomas wrote:

Hi guys,

I have configured exclusion for some common domains e.g. gov.sk in SA:

uridnsbl_skip_domain [...] gov.sk slovensko.sk

However it seems that that domain is still queried:

  9826  68.951573    127.0.0.1 → 127.0.0.1    DNS 104 Standard query 0xbffe A 
mail.gov.sk.multi.uribl.com OPT

in SA 4 docs I see that:

    uridnsbl_skip_domain domain1 domain2 ...
    Specify a domain, or a number of domains, which should be skipped
    for the URIBL checks.  This is very useful to specify very common
    domains which are not going to be listed in URIBLs.

    In addition to trimmed domain, the full hostname is also checked
    from the list.

Do I have to exclude subdomains for each host too?
(this would kind of defeat the directive imho).

This is SA 3.4.6 (debian 11) which does not have the latter paragraph but I 
assume the difference is only in documentation


From a quick look at the code it seems that subdomains check has been added to 
Mail::SpamAssassin::Plugin::URIDNSBL with commit r1889093 ~10 days after 3.4.6 
release.
In addition to that Mail::SpamAssassin::Plugin::DNSEval honor 
uridnsbl_skip_domain preference only in trunk code.

  Giovanni


OpenPGP_signature.asc
Description: OpenPGP digital signature

uridnsbl_skip_domain question

2024-05-17 Thread Matus UHLAR - fantomas 

Hi guys,

I have configured exclusion for some common domains e.g. gov.sk in SA:

uridnsbl_skip_domain [...] gov.sk slovensko.sk

However it seems that that domain is still queried:

 9826  68.951573127.0.0.1 → 127.0.0.1DNS 104 Standard query 0xbffe A 
mail.gov.sk.multi.uribl.com OPT

in SA 4 docs I see that:

   uridnsbl_skip_domain domain1 domain2 ...
   Specify a domain, or a number of domains, which should be skipped
   for the URIBL checks.  This is very useful to specify very common
   domains which are not going to be listed in URIBLs.

   In addition to trimmed domain, the full hostname is also checked
   from the list.

Do I have to exclude subdomains for each host too?
(this would kind of defeat the directive imho).

This is SA 3.4.6 (debian 11) which does not have the latter paragraph but I 
assume the difference is only in documentation


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
You have the right to remain silent. Anything you say will be misquoted,
then used against you.

Re: uridnsbl_skip_domain

2007-06-18 Thread Theo Van Dinter 
On Mon, Jun 18, 2007 at 03:01:42PM -0400, Jason Bertoch wrote:
> 25_uribl.cf contains a number of domains to skip via the 
> "uridnsbl_skip_domain"
> command.  Is there a command comparable to unwhitelist_from that would apply 
> to
> the uridnsbl?

Not really.  At that point you may as well just write a uri rule (more
specifically, you could write a rule using the URIDetail plugin and
target the actual domain instead of the uri as a whole).

-- 
Randomly Selected Tagline:
"What's the difference between the Spice Girls and a porno movie? A porno
 movie has better music."- Phil Spector


pgpEwj5Xs4MXI.pgp
Description: PGP signature

uridnsbl_skip_domain

2007-06-18 Thread Jason Bertoch 

25_uribl.cf contains a number of domains to skip via the "uridnsbl_skip_domain"
command.  Is there a command comparable to unwhitelist_from that would apply to
the uridnsbl?


Jason A. Bertoch
Network Administrator
[EMAIL PROTECTED]
ElectroNet Intermedia Consulting
3411 Capital Medical Blvd.
Tallahassee, FL 32308
(V) 850.222.0229 (F) 850.222.8771

RE: forged-HELO and uridnsbl_skip_domain

2005-06-01 Thread Ben Wylie 
> Ben Wylie wrote:
>> In the logs i have been seeing some forged-HELO lines, and sometimes
>> couldn't work out why they were triggered. I disabled my trusted paths 
>> and sent an email from one address with my isp "[EMAIL PROTECTED]" to a
>> work email address "[EMAIL PROTECTED]" which was downloaded and forwarded
>> to a local email address "[EMAIL PROTECTED]". It's a bit 
>> complicated, but basically these are the hops the email took:
>> 1) From a local pc (192.168.0.12) to our server (arkbb.co.uk)
>> 2) from our mailserver (arkb.co.uk) to our isp (ntl.com)
>
> but it says it's from from arkbb.co.spam.uk, not arkbb.co.uk.

Sorry for the inconsistencies - I replaced arkbb.co.uk with arkbb.co.spam.uk
to avoid spam, but didn't replace them all. Where it says spam, please
ignore the word spam.

Thanks
Ben

Re: forged-HELO and uridnsbl_skip_domain

2005-06-01 Thread mouss 

Ben Wylie wrote:

In the logs i have been seeing some forged-HELO lines, and sometimes
couldn't work out why they were triggered. I disabled my trusted paths and
sent an email from one address with my isp "[EMAIL PROTECTED]" to a work
email address "[EMAIL PROTECTED]" which was downloaded and forwarded to a
local email address "[EMAIL PROTECTED]". It's a bit complicated, but
basically these are the hops the email took:
1) From a local pc (192.168.0.12) to our server (arkbb.co.uk)
2) from our mailserver (arkb.co.uk) to our isp (ntl.com)


but it says it's from from arkbb.co.spam.uk, not arkbb.co.uk.

forged-HELO and uridnsbl_skip_domain

2005-05-31 Thread Ben Wylie 
ts and showing the forged-HELO lines:


debug: registering glue method for check_for_spf_helo_pass
(Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20))
debug: SPF: checking HELO (helo=mta08-winn.mailhost.ntl.com,
ip=212.250.162.16)
debug: SPF: trimmed HELO down to 'ntl.com'
debug: SPF: query for /212.250.162.16/ntl.com: result: none, comment: SPF:
domain of sender ntl.com does not designate mailers
debug: all '*From' addrs: [EMAIL PROTECTED]
debug: registering glue method for check_hashcash_value
(Mail::SpamAssassin::Plugin::Hashcash=HASH(0x268528c))
debug: all '*To' addrs: [EMAIL PROTECTED] [EMAIL PROTECTED]
debug: registering glue method for check_for_spf_softfail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20))
debug: SPF: relayed through one or more trusted relays, cannot use
header-based Envelope-From, skipping
debug: registering glue method for check_for_spf_pass
(Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20))
debug: registering glue method for check_for_spf_helo_softfail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20))
debug: forged-HELO: from=ntl.com helo=ntl.com by=clara.net
debug: forged-HELO: from=ntl.com helo=ntl.com by=ntl.com
debug: forged-HELO: from=ntl.com helo=arkbb.co.spam.uk by=ntl.com
debug: forged-HELO: mismatch on HELO: 'arkbb.co.spam.uk' != 'ntl.com'
debug: forged-HELO: from= helo= by=arkbb.co.spam.uk
debug: forged-HELO: mismatch on from: 'ntl.com' != 'arkbb.co.spam.uk'
debug: registering glue method for check_for_spf_fail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20))
debug: registering glue method for check_for_spf_helo_fail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20))

Can someone tell me what these forged-HELO lines mean? Is it comparing the
helo command with the rDNS entry?
Does it matter that all of these fail? SA didn't appear to give it any
scores due to these fails, but do some people block emails if there is a
discrepency between the helo command and the rDNS? Presumably anyone does,
my emails are unlikely to get through.


On a completely different note, i have this in my local.cf file:

uridnsbl_skip_domain pipex.com vigay.com

Which is giving me this in the log:
debug: config: read file F:\Documents and
Settings\LocalService/.spamassassin/user_prefs
debug: config: SpamAssassin failed to parse line, skipping:
uridnsbl_skip_domain pipex.com vigay.com

This seems to be the format in 25_uribl.cf. Is there a reason why it doesn't
work?
Thanks
Ben