You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Rose, Bobby" <br...@med.wayne.edu> on 2005/03/16 12:55:52 UTC
RE: URI Tests and Japanese Chars (solved)
I figured out the problem, it' was the an individuals email address in
the message body (even though not a mailto). Their email domain isn't
listed at spamhaus.org but it turns out one of their ISPs DNS servers
are which they are using as secondary. This makes the second time I've
come across this. The last time it was an ISP's (pipex.net) DNS server
in the U.K. that was tripping the URIBL_SBL rule.
This time the user is in the med.juntendo.ac.jp (Juntendo Univ Med
School) who's ISP is cwidc.net and the DNS server ns03.cwidc.net
(154.33.17.212) is the one in spamhaus.org which they say is hosting a
long time spammer. http://www.spamhaus.org/sbl/sbl.lasso?query=SBL17240
Does URI checking really need to be so thorough? Obviously there must
be some bias at spamhaus if the big named ISPs don't get their name
servers listed because we know that they provide services to spammers.
Any idea on how to limit the scope to just the URI at it's face value?
-----Original Message-----
From: Rose, Bobby [mailto:brose@med.wayne.edu]
Sent: Tuesday, March 15, 2005 2:14 PM
To: users@spamassassin.apache.org
Subject: URI Tests and Japanese Chars
I have a user that is of Japanese origin and who converses with other
individuals in Japan in his same field of study. The messages they send
are in Japanese and trip the URI_SBL rule. These people are in
different .jp domains and I really don't want to get into the
administrative overhead of whitelisting. I don't see anything in the
message bodies that even looks like a URI. Has anyone else ran into
this?
Bobby Rose
Wayne State University School of Medicine
Re: URI Tests and Japanese Chars (solved)
Posted by Jeff Chan <je...@surbl.org>.
On Wednesday, March 16, 2005, 3:55:52 AM, Bobby Rose wrote:
> I figured out the problem, it' was the an individuals email address in
> the message body (even though not a mailto). Their email domain isn't
> listed at spamhaus.org but it turns out one of their ISPs DNS servers
> are which they are using as secondary. This makes the second time I've
> come across this. The last time it was an ISP's (pipex.net) DNS server
> in the U.K. that was tripping the URIBL_SBL rule.
> This time the user is in the med.juntendo.ac.jp (Juntendo Univ Med
> School) who's ISP is cwidc.net and the DNS server ns03.cwidc.net
> (154.33.17.212) is the one in spamhaus.org which they say is hosting a
> long time spammer. http://www.spamhaus.org/sbl/sbl.lasso?query=SBL17240
> Does URI checking really need to be so thorough? Obviously there must
> be some bias at spamhaus if the big named ISPs don't get their name
> servers listed because we know that they provide services to spammers.
> Any idea on how to limit the scope to just the URI at it's face value?
uridnsbl used in the default rule URIBL_SBL does check domain
name servers against SBL, but I'm kind of surprised to hear it
triggering on email addresses. It should definitely be checking
web sites and the like. Can you give a sample of the text it
hit? Was it in URI form like:
mailto://someaddress@somedomain.com
That said, I agree that the SBL listings are at times overbroad.
Name servers for gov.ru and spb.ru for example are listed
(ns.rtcomm.ru and ns1.relcom.ru respectively). Listings like
those can cause false positives, and I personally object to
deliberately harming innocent bystanders to "pressure" ISPs.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/