You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Ri...@oecd.org on 2005/03/09 16:50:13 UTC
URIBL_SBL Weirdness
Can anyone explain to me what the URIBL_SBL rule does (I.e. which list Is
used)
I have an email that this rule catches because of a email address inside it.
The SpamAssassin report lists it as :
0.6 URIBL_SBL Contains an URL listed in the SBL blocklist
[URIs: gov.ru]
But no matter what I try, I can´t find the blacklist that Is used.
Since we are an International Organisation, this is a very inconvenient
situaton.
- Ríkharður
Re: URIBL_SBL Weirdness
Posted by Matt Kettler <mk...@evi-inc.com>.
At 10:50 AM 3/9/2005, Rikhardur.EGILSSON@oecd.org wrote:
>Can anyone explain to me what the URIBL_SBL rule does (I.e. which list Is
>used)
>
>I have an email that this rule catches because of a email address inside it.
>
>The SpamAssassin report lists it as :
>0.6 URIBL_SBL Contains an URL listed in the SBL blocklist
> [URIs: gov.ru]
The URIBL_SBL rule checks the IPs of the nameservers listed in the NS
record against the spamhaus SBL list.
[root@xanadu mail]# dig ns gov.ru
; <<>> DiG 9.2.1 <<>> ns gov.ru
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61199
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;gov.ru. IN NS
;; ANSWER SECTION:
gov.ru. 345600 IN NS ns.rtcomm.ru.
gov.ru. 345600 IN NS ns1.gov.ru.
gov.ru. 345600 IN NS ns.gov.ru.
gov.ru. 345600 IN NS ns.relarn.ru.
host ns.rtcomm.ru
ns.rtcomm.ru has address 213.59.0.3
213.59.0.3 is listed in the SBL, in the following records:
* <http://www.spamhaus.org/sbl/sbl.lasso?query=SBL13545>SBL13545
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL13545
Re: URIBL_SBL Weirdness
Posted by Jeff Chan <je...@surbl.org>.
On Wednesday, March 9, 2005, 8:20:33 AM, Jeff Chan wrote:
> What this means is that the nameserver for gov.ru is listed
> in SBL.
> http://www.spamhaus.org/sbl/sbl.lasso?query=SBL13545
>> Ref: SBL13545
>>
>> 213.59.0.0/23 is listed on the Spamhaus Block List (SBL)
>>
>> 26-Feb-2005 02:47 GMT | SR01
>>
>> Ruslan Ibragimov / send-safe.com
>> 213.59.0.0/23 is listed on the Register Of Known Spam
>> Operations (ROKSO) database as being assigned to, under the
>> control of, or providing service to a known professional spam
>> operation run by Ruslan Ibragimov / send-safe.com.
>> Rostelecom Corporate Mail Relays (escalation)
> It looks like Spamhaus has listed all of Rostelecom since
> it hosts send-safe.com.
Correction, this /23 is not all of Rostelecom.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: URIBL_SBL Weirdness
Posted by Jeff Chan <je...@surbl.org>.
On Wednesday, March 9, 2005, 7:50:13 AM, Rikhardur EGILSSON wrote:
> Can anyone explain to me what the URIBL_SBL rule does (I.e. which list Is
> used)
RTFM?
uridnsbl checks a URI domain's nameserver against
sbl.spamhaus.org.
> I have an email that this rule catches because of a email address inside it.
> The SpamAssassin report lists it as :
> 0.6 URIBL_SBL Contains an URL listed in the SBL blocklist
> [URIs: gov.ru]
> But no matter what I try, I can´t find the blacklist that Is used.
What this means is that the nameserver for gov.ru is listed
in SBL.
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL13545
> Ref: SBL13545
>
> 213.59.0.0/23 is listed on the Spamhaus Block List (SBL)
>
> 26-Feb-2005 02:47 GMT | SR01
>
> Ruslan Ibragimov / send-safe.com
> 213.59.0.0/23 is listed on the Register Of Known Spam
> Operations (ROKSO) database as being assigned to, under the
> control of, or providing service to a known professional spam
> operation run by Ruslan Ibragimov / send-safe.com.
> Rostelecom Corporate Mail Relays (escalation)
It looks like Spamhaus has listed all of Rostelecom since
it hosts send-safe.com.
Personally I don't like escalations like that, but I don't run
Spamhaus.
Fortunately URIBL_SBL usually gets a fairly low score due to
false positives like this. I'd say keep it low.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/