You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Charles Sprickman <sp...@bway.net> on 2006/12/20 03:47:15 UTC

SURBL questions

Hi all,

I'm not completely understanding how these checks work...

I'm seeing some email with a URL in it that hits at the online surbl 
checker (http://www.rulesemporium.com/cgi-bin/uribl.cgi), but not in 
spamassassin with the default uribl rules.  Plugin is enabled and it does 
work on a good deal of mail.

I'm going to obfuscate the below example with dashes so that it's not 
filtered by list users running SA (I hope):

"http://refinance-poiku07-com"

In the cgi lookup linked above, the subdomain does not hit, but the main 
domain does.  Should SA be looking at the domain for surbl checks or not? 
Because it certainly looks like it isn't.  Running the latest SA (3.1.7) 
and latest rules via sa-update.

Thanks,

Charles

Re: SURBL questions

Posted by Jeff Chan <je...@surbl.org>.

On Tuesday, December 19, 2006, 7:19:51 PM, Theo Dinter wrote:
> On Tue, Dec 19, 2006 at 09:47:15PM -0500, Charles Sprickman wrote:
>> "http://refinance-poiku07-com"
>> 
>> In the cgi lookup linked above, the subdomain does not hit, but the main 
>> domain does.  Should SA be looking at the domain for surbl checks or not? 

SURBL checks should only be on the domain, not the subdomain, and
that's (mostly) how SpamAssassin is implemented.  Please see:

  http://www.surbl.org/implementation.html

If urirhsbl is not checking the domain, then there is some other
problem.  If you're seeing false negatives, then see the debug
output, and/or forward it to this list:

  spamassassin -D < TEST_MESSAGE

> It should only be looking at the domain.  If you're curious as to what's going
> on, run with -D (if I only had a dollar for everytime I say this).

Aha, so that's what -D stands for!  ;-)

Jeff C.
-- 
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/

Re: SURBL questions

Posted by Theo Van Dinter <fe...@apache.org>.

On Tue, Dec 19, 2006 at 09:47:15PM -0500, Charles Sprickman wrote:
> "http://refinance-poiku07-com"
> 
> In the cgi lookup linked above, the subdomain does not hit, but the main 
> domain does.  Should SA be looking at the domain for surbl checks or not? 

It should only be looking at the domain.  If you're curious as to what's going
on, run with -D (if I only had a dollar for everytime I say this).

-- 
Randomly Selected Tagline:
"Blizzard is not responsible for the death and loss of your hardcore
 characters for any reason including Internet lag, bugs, Acts of God, your
 little sister, or any other reason whatsoever. [...]  Blizzard will not, and
 does not have the capability to restore any deceased Hardcore characters.
 Don't even ask.  La-la-la-la-la, we can't hear you ..." - Diablo II Manual