> > It wants to query the domain: 212.203.31.2 It does so here: > > debug: URIDNSBL: query for 212.203.31.2 took 1 seconds to > look up (sbl.spamhaus.org.:2.31.203.212) > debug: URIDNSBL: queries completed: 1 started: 0 > debug: URIDNSBL: queries active: at Tue Jun 7 18:10:32 2005 > > So, why is URIDNSBL only asking sbl.spamhaus.org ? > If i replace that ip with 127.0.0.2, spamassassin tells me this: > * 0.6 URIBL_SBL Contains an URL listed in the SBL blocklist > * [URIs: 127.0.0.2] > > So it does work, but only for sbl.spamhaus.org. > This is the odd thing, because in 25_uribl.cf all the > surbl.org's are enabled too. > And in local.cf I added multi.uribl.com as well. Those are > not queried. > > It only does this with IPs. Urls are checked against all the > uridnsbl's. >
I'm not sure exactly when it was corrected in the trunk, but dotted-decimal URI's are not scanned against anything but SBL in prior to and including 3.0.4.... I think 3.0.4 still has the NS lookup issue I reported back in november also (http://mail-archives.apache.org/mod_mbox/spamassassin-dev/200411.mbox/% [EMAIL PROTECTED]), but I havent checked for a while. I'm running a more recent snapshot and URI's that are dotted-decimal are not being reversed and checked properly against uridnsbl lists. For example, a test on '202.99.223.139'. ################# x-spam-report shows... # echo -e "From: dallase\n\nhttp://202.99.223.139/help/\n " | spam X-Spam-Report: * 0.0 MISSING_DATE Missing Date: header * -0.0 NO_RELAYS Informational: message was not relayed via SMTP * 0.1 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL * 1.4 DOMAIN_RATIO BODY: Message body mentions many internet domains * 1.8 URIBL_SBL Contains an URL listed in the SBL blocklist * [URIs: 202.99.223.139] * 2.4 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs: 202.99.223.139] * 3.9 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist * [URIs: 202.99.223.139] * 1.2 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist * [URIs: 202.99.223.139] * 1.0 TO_CC_NONE No To: or Cc: header * 1.6 MISSING_SUBJECT Missing Subject: header * -0.0 NO_RECEIVED Informational: message has no Received headers * -2.6 AWL AWL: From: address is in the auto white-list tcpdump shows... 21:30:50.992486 dev.nmgi.com.32879 > main.nmgi.com.domain: 32762+ TXT? 139.223.99.202.sbl.spamhaus.org. (49) (DF) 21:30:50.994192 dev.nmgi.com.32879 > main.nmgi.com.domain: 32763+ A? 139.223.99.202.multi.uribl.com. (48) (DF) 21:30:50.995491 dev.nmgi.com.32879 > main.nmgi.com.domain: 32764+ A? 139.223.99.202.multi.surbl.org. (48) (DF) 21:30:51.033813 main.nmgi.com.domain > dev.nmgi.com.32879: 32762 1/0/0 (114) 21:30:51.281404 main.nmgi.com.domain > dev.nmgi.com.32879: 32764 1/0/0 (64) 21:30:53.064747 main.nmgi.com.domain > dev.nmgi.com.32879: 32763 1/4/0 (128) spamd debug shows... @4000000042a6586503d675c4 [4884] dbg: uridnsbl: domain "202.99.223.139" listed (URIBL_SBL): "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL27327"; @4000000042a6586510ea6fcc [4884] dbg: uridnsbl: domain "202.99.223.139" listed (URIBL_PH_SURBL): 127.0.0.10 @4000000042a6586510f0a98c [4884] dbg: uridnsbl: domain "202.99.223.139" listed (URIBL_SC_SURBL): 127.0.0.10 @4000000042a65867040eb81c [4884] dbg: uridnsbl: domain "202.99.223.139" listed (URIBL_BLACK): 127.0.0.2 @4000000042a65867056e3c64 [4884] dbg: check: tests=AWL,DOMAIN_RATIO,MISSING_DATE,MISSING_SUBJECT,NORMAL_HTTP_TO_IP,NO _RECEIVED,NO_RELAYS,TO_CC_NONE,URIBL_BLACK,URIBL_PH_SURBL,URIBL_SBL,URIB L_SC_SURBL @4000000042a658670602d374 [4884] info: spamd: result: Y 10 - AWL,DOMAIN_RATIO,MISSING_DATE,MISSING_SUBJECT,NORMAL_HTTP_TO_IP,NO_RECEI VED,NO_RELAYS,TO_CC_NONE,URIBL_BLACK,URIBL_PH_SURBL,URIBL_SBL,URIBL_SC_S URBL scantime=2.2,size=45,user=root,uid=200,required_score=5.0,rhost=localhos t,raddr=127.0.0.1,rport=51712,mid=(unknown),autolearn=no ################## I recommend running the trunk, it handles dotted-decimal Ips now, better redirect detection, as well as standalone domains that do not have http:// in front of them, plus numerous other uri detection additions and fixes. D
