URIDNSBL

["Casartello, Thomas" <tc...@wsc.ma.edu>]

Hello.

I am using the 3.0 line of SpamAssassin and it's being invoked through
amavisd-maia (Maia Mailguard.) I have a certain domain name that's blocked
in several of the URIDNSBL lists as "fm.interia.pl" however my DNSBL checks
are only doing interia.pl . My OS is Fedora 10 and SA is installed through
RPM. Is this something I can fix through configuration?

 

Thomas E. Casartello, Jr.

Staff Assistant - Wireless Technician/Linux Administrator

Information Technology

Wilson 105A

Westfield State College

(413) 572-8245

 

Red Hat Certified Technician (RHCT)

 

Re: URIDNSBL

[Matt Kettler <mk...@verizon.net>]

Matt Kettler wrote:
> Casartello, Thomas wrote:
>   
>> Hello.
>>
>> I am using the 3.0 line of SpamAssassin and it’s being invoked through
>> amavisd-maia (Maia Mailguard.) I have a certain domain name that’s
>> blocked in several of the URIDNSBL lists as “fm.interia.pl” however my
>> DNSBL checks are only doing interia.pl . My OS is Fedora 10 and SA is
>> installed through RPM. Is this something I can fix through configuration?
>>
>>     
> No.
>
> In general, SA tries only to send the first domain part after a
> registrar boundary, this prevents spammers from avoiding the URIBLs (or
> flooding them) by using a large number of constantly changing hostnames.
>
> There is a hard-coded list of domains in RegistrarBoundaries.pm which
> dictates which sites which are considered a "two level domain" and thus
> get a 3rd level added to the lookup (TWO_LEVEL_DOMAINS).
>
> That said, you *really* should consider upgrading. 3.2.x has some
> improvements in this area, i.e.: expanded list of domains, although I
> don't think it would fix your specific problem. Besides, how old is the
> version you're running? 3.0.x doesn't even really support sa-update if
> memory serves me right. (and even if it does, there have been no updates
> pushed to that branch in years)
>   

Self correction, as per Alex (aka Yet Annother Ninja): 3.2.x supports
the  util_rb_2tld config option, which will allow you to do this. For
some reason I couldn't find it in the docs, but I was looking at the
URIBL plugin docs :)

Re: URIDNSBL

[Matt Kettler <mk...@verizon.net>]

Casartello, Thomas wrote:
>
> Hello.
>
> I am using the 3.0 line of SpamAssassin and it’s being invoked through
> amavisd-maia (Maia Mailguard.) I have a certain domain name that’s
> blocked in several of the URIDNSBL lists as “fm.interia.pl” however my
> DNSBL checks are only doing interia.pl . My OS is Fedora 10 and SA is
> installed through RPM. Is this something I can fix through configuration?
>
No.

In general, SA tries only to send the first domain part after a
registrar boundary, this prevents spammers from avoiding the URIBLs (or
flooding them) by using a large number of constantly changing hostnames.

There is a hard-coded list of domains in RegistrarBoundaries.pm which
dictates which sites which are considered a "two level domain" and thus
get a 3rd level added to the lookup (TWO_LEVEL_DOMAINS).

That said, you *really* should consider upgrading. 3.2.x has some
improvements in this area, i.e.: expanded list of domains, although I
don't think it would fix your specific problem. Besides, how old is the
version you're running? 3.0.x doesn't even really support sa-update if
memory serves me right. (and even if it does, there have been no updates
pushed to that branch in years)

Re: URIDNSBL

[Helmut Schneider <ju...@gmx.de>]

> I am using the 3.0 line of SpamAssassin and it's being invoked through 
> amavisd-maia
> (Maia Mailguard.) I have a certain domain name that's blocked in several 
> of the
> URIDNSBL lists as "fm.interia.pl" however my DNSBL checks are only doing 
> interia.pl

Just as I'm curious, what does SA score that mail?

X-Spam-Status: Yes, score=35.341 tag=-9999 tag2=6.3 kill=6.3
 tests=[BAYES_99=6.5, DOS_OE_TO_MX=2.75, FH_HELO_EQ_D_D_D_D=0.001,
 FM_SEX_HELODDDD=1.851, HELO_DYNAMIC_HCC=4.295,
 HELO_DYNAMIC_IPADDR2=4.395, LOGINHASH=4.5, LOGINHASH2=2.5,
 RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905,
 RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1,
 STOX_REPLY_TYPE=0.001, TVD_RCVD_IP=1.931] autolearn=spam

Using amavisd-new 2.6.2 and SA 3.2.5. 

RE: URIDNSBL

["Casartello, Thomas" <tc...@wsc.ma.edu>]

I actually am at 3.2.5 sorry I misread. It works just fine. :)

Thomas E. Casartello, Jr.
Staff Assistant - Wireless Technician/Linux Administrator
Information Technology
Wilson 105A
Westfield State College

Red Hat Certified Technician (RHCT)


-----Original Message-----
From: Yet Another Ninja [mailto:sa-list@alexb.ch] 
Sent: Thursday, April 23, 2009 9:09 AM
To: users@spamassassin.apache.org
Subject: Re: URIDNSBL

On 4/23/2009 2:57 PM, McDonald, Dan wrote:
> On Thu, 2009-04-23 at 14:40 +0200, Yet Another Ninja wrote:
>> On 4/23/2009 2:31 PM, Casartello, Thomas wrote:
>>> Hello.
>>>
>>> I am using the 3.0 line of SpamAssassin and it's being invoked through
>>> amavisd-maia (Maia Mailguard.) I have a certain domain name that's
blocked
>>> in several of the URIDNSBL lists as "fm.interia.pl" however my DNSBL
checks
>>> are only doing interia.pl . My OS is Fedora 10 and SA is installed
through
>>> RPM. Is this something I can fix through configuration?
>>>
>> get http://www.rulesemporium.com/rules/90_2tld.cf
> 
> Does that work in 3.0.x?  I thought that was a 3.2.4 addition.

sorry... bypassed the 3.0 when reading - you're right

not supported.

Fedora 10 doesn't offer anything newer?

:-(

Re: URIDNSBL

[Yet Another Ninja <sa...@alexb.ch>]

On 4/23/2009 2:57 PM, McDonald, Dan wrote:
> On Thu, 2009-04-23 at 14:40 +0200, Yet Another Ninja wrote:
>> On 4/23/2009 2:31 PM, Casartello, Thomas wrote:
>>> Hello.
>>>
>>> I am using the 3.0 line of SpamAssassin and it's being invoked through
>>> amavisd-maia (Maia Mailguard.) I have a certain domain name that's blocked
>>> in several of the URIDNSBL lists as "fm.interia.pl" however my DNSBL checks
>>> are only doing interia.pl . My OS is Fedora 10 and SA is installed through
>>> RPM. Is this something I can fix through configuration?
>>>
>> get http://www.rulesemporium.com/rules/90_2tld.cf
> 
> Does that work in 3.0.x?  I thought that was a 3.2.4 addition.

sorry... bypassed the 3.0 when reading - you're right

not supported.

Fedora 10 doesn't offer anything newer?

:-(

Re: URIDNSBL

["McDonald, Dan" <Da...@austinenergy.com>]

On Thu, 2009-04-23 at 14:40 +0200, Yet Another Ninja wrote:
> On 4/23/2009 2:31 PM, Casartello, Thomas wrote:
> > Hello.
> > 
> > I am using the 3.0 line of SpamAssassin and it's being invoked through
> > amavisd-maia (Maia Mailguard.) I have a certain domain name that's blocked
> > in several of the URIDNSBL lists as "fm.interia.pl" however my DNSBL checks
> > are only doing interia.pl . My OS is Fedora 10 and SA is installed through
> > RPM. Is this something I can fix through configuration?
> > 
> 
> get http://www.rulesemporium.com/rules/90_2tld.cf

Does that work in 3.0.x?  I thought that was a 3.2.4 addition.

-- 
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com

RE: URIDNSBL

["Casartello, Thomas" <tc...@wsc.ma.edu>]

Many thanks.

Thomas E. Casartello, Jr.
Staff Assistant - Wireless Technician/Linux Administrator
Information Technology
Wilson 105A
Westfield State College

Red Hat Certified Technician (RHCT)


-----Original Message-----
From: Yet Another Ninja [mailto:sa-list@alexb.ch] 
Sent: Thursday, April 23, 2009 8:40 AM
To: 'users@spamassassin.apache.org'
Subject: Re: URIDNSBL

On 4/23/2009 2:31 PM, Casartello, Thomas wrote:
> Hello.
> 
> I am using the 3.0 line of SpamAssassin and it's being invoked through
> amavisd-maia (Maia Mailguard.) I have a certain domain name that's blocked
> in several of the URIDNSBL lists as "fm.interia.pl" however my DNSBL
checks
> are only doing interia.pl . My OS is Fedora 10 and SA is installed through
> RPM. Is this something I can fix through configuration?
> 

get http://www.rulesemporium.com/rules/90_2tld.cf

Re: URIDNSBL

[Yet Another Ninja <sa...@alexb.ch>]

On 4/23/2009 2:31 PM, Casartello, Thomas wrote:
> Hello.
> 
> I am using the 3.0 line of SpamAssassin and it's being invoked through
> amavisd-maia (Maia Mailguard.) I have a certain domain name that's blocked
> in several of the URIDNSBL lists as "fm.interia.pl" however my DNSBL checks
> are only doing interia.pl . My OS is Fedora 10 and SA is installed through
> RPM. Is this something I can fix through configuration?
> 

get http://www.rulesemporium.com/rules/90_2tld.cf