On 10/17/2013 08:27 PM, Stan Hoeppner wrote:
On 10/17/2013 10:55 AM, Axb wrote:
On 10/17/2013 05:41 PM, Stan Hoeppner wrote:
This is what Neil meant by the "deeper dive". Again, the URIBL_SBL test
isn't responsible for this behavior. Spamhaus is. Thus you can't
create a separate rule to do this "deeper diving". Spamhaus is doing
it, automagically, and it will continue to do so with the current
URIBL_SBL rule, whether you like it or not (or until enough customers
complain I guess).
Stan,
Spamhaus did nothing other than publishinh an IP with a karma
elts get the termis right
SA did a a query using eval:check_uridnsbl, which means:
Is the domain's NS IP listed in SBL?
sbl.spamhaus.org replied with yes...
rule hit
I may be misreading it, but it seems to suggest that's only true if
version < 3.004. If greater, then the check is for the A record, not
the NS IPs. Or is this version of 25_uribl.cf out of date?
check_uridnsbl has always been about NS IPs
as from SA 3.4 check_uridnsbl also does A lookups
by adding "a" to the tflags
http://svn.apache.org/repos/asf/spamassassin/trunk/rules/25_uribl.cf
###########################################################################
## Spamhaus
uridnssub URIBL_SBL zen.spamhaus.org. A 127.0.0.2
body URIBL_SBL eval:check_uridnsbl('URIBL_SBL')
describe URIBL_SBL Contains an URL's NS IP listed in the
SBL blocklist
tflags URIBL_SBL net
reuse URIBL_SBL
if (version >= 3.004000)
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
uridnsbl URIBL_SBL_A sbl.spamhaus.org. A
body URIBL_SBL_A eval:check_uridnsbl('URIBL_SBL_A')
describe URIBL_SBL_A Contains URL's A record listed in the
SBL blocklist
tflags URIBL_SBL_A net a
endif
endif
Spamhaus' FAQ is incorrect:
http://www.spamhaus.org/faq/section/Spamhaus%20SBL#270
I hear the SBL can also block domains, how? What is "URIBL_SBL"?
Yes, the SBL can also be used as a URI Blocklist and is particularly
effective in this role. In tests, over 60% of spam was found to contain
URIs (links to web sites) whose webserver IPs were listed on the SBL.
SpamAssassin, for example, includes a feature called URIBL_SBL for this
purpose. The technique involves resolving the URI's domain to and IP
address and checking that against the SBL zone.
I'll try to get this corrected...
h2h