Re: uridnsbl_skip_domain question
On 5/17/24 3:17 PM, Matus UHLAR - fantomas wrote: Hi guys, I have configured exclusion for some common domains e.g. gov.sk in SA: uridnsbl_skip_domain [...] gov.sk slovensko.sk However it seems that that domain is still queried: 9826 68.951573 127.0.0.1 → 127.0.0.1 DNS 104 Standard query 0xbffe A mail.gov.sk.multi.uribl.com OPT in SA 4 docs I see that: uridnsbl_skip_domain domain1 domain2 ... Specify a domain, or a number of domains, which should be skipped for the URIBL checks. This is very useful to specify very common domains which are not going to be listed in URIBLs. In addition to trimmed domain, the full hostname is also checked from the list. Do I have to exclude subdomains for each host too? (this would kind of defeat the directive imho). This is SA 3.4.6 (debian 11) which does not have the latter paragraph but I assume the difference is only in documentation From a quick look at the code it seems that subdomains check has been added to Mail::SpamAssassin::Plugin::URIDNSBL with commit r1889093 ~10 days after 3.4.6 release. In addition to that Mail::SpamAssassin::Plugin::DNSEval honor uridnsbl_skip_domain preference only in trunk code. Giovanni OpenPGP_signature.asc Description: OpenPGP digital signature
uridnsbl_skip_domain question
Hi guys, I have configured exclusion for some common domains e.g. gov.sk in SA: uridnsbl_skip_domain [...] gov.sk slovensko.sk However it seems that that domain is still queried: 9826 68.951573127.0.0.1 → 127.0.0.1DNS 104 Standard query 0xbffe A mail.gov.sk.multi.uribl.com OPT in SA 4 docs I see that: uridnsbl_skip_domain domain1 domain2 ... Specify a domain, or a number of domains, which should be skipped for the URIBL checks. This is very useful to specify very common domains which are not going to be listed in URIBLs. In addition to trimmed domain, the full hostname is also checked from the list. Do I have to exclude subdomains for each host too? (this would kind of defeat the directive imho). This is SA 3.4.6 (debian 11) which does not have the latter paragraph but I assume the difference is only in documentation -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you.
uridnsbl_skip_domain
25_uribl.cf contains a number of domains to skip via the uridnsbl_skip_domain command. Is there a command comparable to unwhitelist_from that would apply to the uridnsbl? Jason A. Bertoch Network Administrator [EMAIL PROTECTED] ElectroNet Intermedia Consulting 3411 Capital Medical Blvd. Tallahassee, FL 32308 (V) 850.222.0229 (F) 850.222.8771
Re: uridnsbl_skip_domain
On Mon, Jun 18, 2007 at 03:01:42PM -0400, Jason Bertoch wrote: 25_uribl.cf contains a number of domains to skip via the uridnsbl_skip_domain command. Is there a command comparable to unwhitelist_from that would apply to the uridnsbl? Not really. At that point you may as well just write a uri rule (more specifically, you could write a rule using the URIDetail plugin and target the actual domain instead of the uri as a whole). -- Randomly Selected Tagline: What's the difference between the Spice Girls and a porno movie? A porno movie has better music.- Phil Spector pgpEwj5Xs4MXI.pgp Description: PGP signature
Re: forged-HELO and uridnsbl_skip_domain
Ben Wylie wrote: In the logs i have been seeing some forged-HELO lines, and sometimes couldn't work out why they were triggered. I disabled my trusted paths and sent an email from one address with my isp [EMAIL PROTECTED] to a work email address [EMAIL PROTECTED] which was downloaded and forwarded to a local email address [EMAIL PROTECTED]. It's a bit complicated, but basically these are the hops the email took: 1) From a local pc (192.168.0.12) to our server (arkbb.co.uk) 2) from our mailserver (arkb.co.uk) to our isp (ntl.com) but it says it's from from arkbb.co.spam.uk, not arkbb.co.uk.
RE: forged-HELO and uridnsbl_skip_domain
Ben Wylie wrote: In the logs i have been seeing some forged-HELO lines, and sometimes couldn't work out why they were triggered. I disabled my trusted paths and sent an email from one address with my isp [EMAIL PROTECTED] to a work email address [EMAIL PROTECTED] which was downloaded and forwarded to a local email address [EMAIL PROTECTED]. It's a bit complicated, but basically these are the hops the email took: 1) From a local pc (192.168.0.12) to our server (arkbb.co.uk) 2) from our mailserver (arkb.co.uk) to our isp (ntl.com) but it says it's from from arkbb.co.spam.uk, not arkbb.co.uk. Sorry for the inconsistencies - I replaced arkbb.co.uk with arkbb.co.spam.uk to avoid spam, but didn't replace them all. Where it says spam, please ignore the word spam. Thanks Ben
forged-HELO and uridnsbl_skip_domain
: checking HELO (helo=mta08-winn.mailhost.ntl.com, ip=212.250.162.16) debug: SPF: trimmed HELO down to 'ntl.com' debug: SPF: query for /212.250.162.16/ntl.com: result: none, comment: SPF: domain of sender ntl.com does not designate mailers debug: all '*From' addrs: [EMAIL PROTECTED] debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x268528c)) debug: all '*To' addrs: [EMAIL PROTECTED] [EMAIL PROTECTED] debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20)) debug: SPF: relayed through one or more trusted relays, cannot use header-based Envelope-From, skipping debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20)) debug: forged-HELO: from=ntl.com helo=ntl.com by=clara.net debug: forged-HELO: from=ntl.com helo=ntl.com by=ntl.com debug: forged-HELO: from=ntl.com helo=arkbb.co.spam.uk by=ntl.com debug: forged-HELO: mismatch on HELO: 'arkbb.co.spam.uk' != 'ntl.com' debug: forged-HELO: from= helo= by=arkbb.co.spam.uk debug: forged-HELO: mismatch on from: 'ntl.com' != 'arkbb.co.spam.uk' debug: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x266ed20)) Can someone tell me what these forged-HELO lines mean? Is it comparing the helo command with the rDNS entry? Does it matter that all of these fail? SA didn't appear to give it any scores due to these fails, but do some people block emails if there is a discrepency between the helo command and the rDNS? Presumably anyone does, my emails are unlikely to get through. On a completely different note, i have this in my local.cf file: uridnsbl_skip_domain pipex.com vigay.com Which is giving me this in the log: debug: config: read file F:\Documents and Settings\LocalService/.spamassassin/user_prefs debug: config: SpamAssassin failed to parse line, skipping: uridnsbl_skip_domain pipex.com vigay.com This seems to be the format in 25_uribl.cf. Is there a reason why it doesn't work? Thanks Ben
