You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by DEMBLANS Mathieu <de...@mipih.fr> on 2022/10/04 15:13:29 UTC
FQDN and uridnsbl
Hello,
SpamAssassin version 3.4.6 With postfix 3.4.14 on debian 10.12
SpamAssassin version 3.4.2 With postfix 3.4.2 on debian 10.3
As it is written in the Mail_SpamAssassin_Plugin_URIDNSBL doc and confirmed by some tests, when a check is done with uridnsbl, only the domain is requested not the complete FQDN (rhsbl_zone).
For example if I want to test abc.domain.com it will only request domain.com .
My problem is that for phishing url search on surbl.org it doesn't find it.
On a real test for btinternet-100730.square.site, which is in the surbl.org PH list, spamassassin do a dns request for square.site.multi.surbl.org. that can't be find.
If I test manually btinternet-100730.square.site.surbl.org. the response is good (127.0.0.8).
So it probably never find anything in this kind of list.
Is there any thing to do to make it work correctly ?
Mat
Re: FQDN and uridnsbl
Posted by Henrik K <he...@hege.li>.
On Tue, Oct 04, 2022 at 03:47:02PM +0000, DEMBLANS Mathieu wrote:
> Not sure about this solution.
> The problem is for all sites listed in surbl.org, not specifically square.site and its subdomains.
I gave you a workaround for single domains for 3.4.
I also told you it's already fully solved, but you have to wait for debian 4.0.0 or install manually:
> Upcoming 4.0 already supports tflags notrim, which will query the full host from surbl and other lists that support it.
Those are the choices.
Re: FQDN and uridnsbl
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 04.10.22 15:47, DEMBLANS Mathieu wrote:
>Not sure about this solution.
>The problem is for all sites listed in surbl.org, not specifically square.site and its subdomains.
the tflags applies to a spamassassin rule, not specific domain:
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:#tflags URIBL_SC_SURBL net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags URIBL_WS_SURBL net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags URIBL_PH_SURBL net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags URIBL_MW_SURBL net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags URIBL_CR_SURBL net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:#tflags URIBL_AB_SURBL net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags URIBL_ABUSE_SURBL net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags SURBL_BLOCKED net noautolearn notrim
>-----Message d'origine-----
>De : Henrik K <he...@hege.li>
>Envoyé : mardi 4 octobre 2022 17:30
>À : users@spamassassin.apache.org
>Objet : Re: FQDN and uridnsbl
>
>On Tue, Oct 04, 2022 at 03:13:29PM +0000, DEMBLANS Mathieu wrote:
>> Hello,
>>
>> SpamAssassin version 3.4.6 With postfix 3.4.14 on debian 10.12
>>
>> SpamAssassin version 3.4.2 With postfix 3.4.2 on debian 10.3
>>
>> As it is written in the Mail_SpamAssassin_Plugin_URIDNSBL doc and
>> confirmed by some tests, when a check is done with uridnsbl, only the
>> domain is requested not the complete FQDN (rhsbl_zone).
>>
>> For example if I want to test abc.domain.com it will only request domain.com .
>>
>> My problem is that for phishing url search on surbl.org it doesn?t find it.
>>
>> On a real test for btinternet-100730.square.site, which is in the
>> surbl.org PH list, spamassassin do a dns request for
>> square.site.multi.surbl.org. that can?t be find.
>>
>> If I test manually btinternet-100730.square.site.surbl.org. the
>> response is good (127.0.0.8).
>>
>> So it probably never find anything in this kind of list.
>>
>> Is there any thing to do to make it work correctly ?
>
>For SA 3.4 you need to use util_rb_2tld cf for all such domains:
>
>util_rb_2tld square.site
>
>Upcoming 4.0 already supports tflags notrim, which will query the full host from surbl and other lists that support it.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...
RE: FQDN and uridnsbl
Posted by DEMBLANS Mathieu <de...@mipih.fr>.
Not sure about this solution.
The problem is for all sites listed in surbl.org, not specifically square.site and its subdomains.
-----Message d'origine-----
De : Henrik K <he...@hege.li>
Envoyé : mardi 4 octobre 2022 17:30
À : users@spamassassin.apache.org
Objet : Re: FQDN and uridnsbl
On Tue, Oct 04, 2022 at 03:13:29PM +0000, DEMBLANS Mathieu wrote:
> Hello,
>
> SpamAssassin version 3.4.6 With postfix 3.4.14 on debian 10.12
>
> SpamAssassin version 3.4.2 With postfix 3.4.2 on debian 10.3
>
> As it is written in the Mail_SpamAssassin_Plugin_URIDNSBL doc and
> confirmed by some tests, when a check is done with uridnsbl, only the
> domain is requested not the complete FQDN (rhsbl_zone).
>
> For example if I want to test abc.domain.com it will only request domain.com .
>
> My problem is that for phishing url search on surbl.org it doesn?t find it.
>
> On a real test for btinternet-100730.square.site, which is in the
> surbl.org PH list, spamassassin do a dns request for
> square.site.multi.surbl.org. that can?t be find.
>
> If I test manually btinternet-100730.square.site.surbl.org. the
> response is good (127.0.0.8).
>
> So it probably never find anything in this kind of list.
>
> Is there any thing to do to make it work correctly ?
For SA 3.4 you need to use util_rb_2tld cf for all such domains:
util_rb_2tld square.site
Upcoming 4.0 already supports tflags notrim, which will query the full host from surbl and other lists that support it.
Re: FQDN and uridnsbl
Posted by Henrik K <he...@hege.li>.
On Tue, Oct 04, 2022 at 03:13:29PM +0000, DEMBLANS Mathieu wrote:
> Hello,
>
> SpamAssassin version 3.4.6 With postfix 3.4.14 on debian 10.12
>
> SpamAssassin version 3.4.2 With postfix 3.4.2 on debian 10.3
>
> As it is written in the Mail_SpamAssassin_Plugin_URIDNSBL doc and confirmed by
> some tests, when a check is done with uridnsbl, only the domain is requested
> not the complete FQDN (rhsbl_zone).
>
> For example if I want to test abc.domain.com it will only request domain.com .
>
> My problem is that for phishing url search on surbl.org it doesn?t find it.
>
> On a real test for btinternet-100730.square.site, which is in the surbl.org PH
> list, spamassassin do a dns request for square.site.multi.surbl.org. that can?t
> be find.
>
> If I test manually btinternet-100730.square.site.surbl.org. the response is
> good (127.0.0.8).
>
> So it probably never find anything in this kind of list.
>
> Is there any thing to do to make it work correctly ?
For SA 3.4 you need to use util_rb_2tld cf for all such domains:
util_rb_2tld square.site
Upcoming 4.0 already supports tflags notrim, which will query the full host
from surbl and other lists that support it.