Hi Karsten,
On 12/1/13, Karsten Bräckelmann <guent...@rudersport.de> wrote:
> On Fri, 2013-11-29 at 13:30 +1000, Nick Edwards wrote:
>> Hi, have a problem with our internal uribl
>>
>> urirhsbl INT_URI uri.int.lan. A
>> body INT_URI eval:check_uridnsbl('INT_URI')
>> describe INT_URI Contains a URI listed in internal URIBL
>> tflags INT_URI net
>> score INT_URI 3
>
> That's correct.
>
Thanks
>> this rule performs lookups if in normal text of body, however, i we
>> have inside html if does not lookup. eg
>>
>> "hi see example.org" looks up example.org
>> but
>> "hi see <a href="http://example.org";>example.net</a>"
>> it will lookup example.net, not example.org
>
> How do you tell SA does not lookup the domain in the HTML anchor href?
>
I ran debug and viewed the scrollback (see below)
> The general SA method of verifying which domains are queried for, is to
> have a look at the debug output. In your case, you can also check your
> local DNSBL's logs.
>
> spamassassin -D uridnsbl < msg
>
Ahh ok, this produces output I missed in the 2000 lines of normal
debug output, it turns out it is seeing that host/domain for a lookup,
however in my case that prompted me to ask this question, it was not
looking up the domain in question because as your suggested debug
output easily shows, that domain is in a skip list, which explains why
it was not looking up.
Is there an easy way to say ignore this host/domain in a skip list? or
disable skip list altogether? closest I can find is skip rbl checks.
> To see more of the URIDNSBL plugin activity, including which DNSBLs are
> queried and what domains are looked up, you can use e.g.
>
> spamassassin -D < msg 2>&1 | grep URI-DNSBL
>
> To limit that to your local DNSBL, grep for DNSBL:uri.int.lan.
>
right, added that to my cheats list :)
>
> Note: The absence of a rule match for the second domain in the Report
> header is NOT an indicator of a missing query. If more than one domain
> is listed in the DNSBL, the urirhsbl rule will still be triggered once
> only, showing one domain, not all listed domains:
>
> X-Spam-Report:
> * 3.0 INT_URI Contains a URI listed in internal URIBL
> * [URIs: example.net]
>
> Despite the plural in the automatically added detail, it does list one
> domain only. Probably a bug in the URIDNSBL plugin, though might also be
> intended.
>
> Since the DNSBL lookups are asynchronous, it is likely undefined which
> listed domain will trigger the rule to hit and be reported, influenced
> by lookup time and the order they are parsed from the message.
>
>
Awesome, thank you.
