On 14 Nov 2018, at 20:11, Alex wrote:
Where is it getting these long hostname strings from?
There's a bunch of garbage HTML using invisible text (font-size: 0) between tiny bits of visible text to break Bayes and/or specific word detection. The overly-thirsty "URI" parser strings this junk together and is seeing <longstring>.az\b somewhere in it, and picks it up as a domain name. It's noisy in debug output but in this case harmless because what it is seeing includes a hostname that's too long to be a DNS label.
FWIW, that junk can be detected with rawbody rules looking for idiosyncratic HTML. I don't publish my local rules which do that sort of thing because they are very useful but very evadable and I suspect that if the precise rules were broadcast, they'd stop being useful in a matter of days. Instead, it would be really good if everyone maintaining their own local rules would take that hint and devise an invisible forest of slightly different rules to catch HTML structures with no legitimate purpose, making it impossible for spammers to get around a single rule published in the default channel or KAM.cf or anything else known to be under spammers' watch.
(CAVEAT: For some reason, a lot of opt-in political bulk mail also catches on such rules.)
Should we be rethinking whether googleapis.com should be in the DNSBL skip list?
I think it may deserve a special rule all its own (with extensive FP shielding) but I suspect that you will never see it in a URIDNSBL that is safe to use, so it would do no good to keep resolving storage.googleapis.com and other such names with short-TTL CNAME records pointing to shorter-TTL A records on a frequent basis only to determine that it will never get listed OR that you're using a URIDNSBL which intends to generate widespread collateral damage.
Of course, I could be wrong. You could test how wrong I might be with this:
clear_uridnsbl_skip_domain googleapis.com -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Available For Hire: https://linkedin.com/in/billcole
