You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by DaveAtJLA <da...@jla.com> on 2010/07/14 10:04:36 UTC

uribl not working properly with .gg TLD

I'm running SpamAssassin version 3.3.0 and we received some spam recently
which contained a link to a .ru.gg domain. While investigating whether it
was listed in any of the URIBLs I discovered that if a message contains a
link to "http://qwerty.ru.gg", spamassassin only looks up the domain "ru.gg"
- here's a snippet from the log:

Jul 14 07:55:54.785 [3269] dbg: async: timing: 0.026 .
DNSBL:dob.sibl.support-intelligence.net:ru.gg
Jul 14 07:55:54.785 [3269] dbg: async: timing: 0.027 .
DNSBL:multi.uribl.com.:ru.gg

However if I edit the message, change the link to "http://qwerty.ru.com" and
run it through spamassassin again, then the URIBL lookups are done for the
full domain name: 

Jul 14 08:52:49.412 [16122] dbg: async: timing: 0.287 .
DNSBL:dob.sibl.support-intelligence.net:qwerty.ru.com
Jul 14 08:52:49.412 [16122] dbg: async: timing: 0.290 .
DNSBL:multi.uribl.com.:qwerty.ru.com

This can't be right, can it? It looks like the gg top-level domain isn't
being handled properly. Any ideas?

Dave

-- 
View this message in context: http://old.nabble.com/uribl-not-working-properly-with-.gg-TLD-tp29159353p29159353.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

RE: uribl not working properly with .gg TLD

Posted by DaveAtJLA <da...@jla.com>.

Ah I understand now why they are treated differently.. I've never delved into
the details of that module.

Blacklisting might be a good idea!

Thanks

Dave


Giampaolo Tomassoni-2 wrote:
> 
>> What I am asking is why a reference to http://querty.ru.gg generates a
>> URI
>> lookup for ru.gg (ie missing out the first component) whereas a
>> reference to
>> http://qwerty.ru.com generates a URI lookup for qwerty.ru.com.
>> 
>> Dave
> 
> Because the ru.gg second level domain is not in the TWO_LEVEL_DOMAINS
> variable defined in Mail::SpamAssassin::Util::RegistrarBoundaries , while
> ru.com is.
> 
> If you mean that ru.gg should be there too, please note that querty.ru.gg
> is
> a third-level domain of ru.gg, which is assigned to webme.com. So, I don't
> see any need to discriminate querty.ru.gg from ru.gg.
> 
> Further, I would personally blacklist the whole .gg gTLD since their whois
> service is ridiculous.
> 
> Giampaolo
>  
> 
> 
>> Giampaolo Tomassoni-2 wrote:
>> >
>> >> I'm running SpamAssassin version 3.3.0 and we received some spam
>> >> recently
>> >> which contained a link to a .ru.gg domain. While investigating
>> whether
>> >> it
>> >> was listed in any of the URIBLs I discovered that if a message
>> contains
>> >> a
>> >> link to "http://qwerty.ru.gg", spamassassin only looks up the domain
>> >> "ru.gg"
>> >> - here's a snippet from the log:
>> >>
>> >> Jul 14 07:55:54.785 [3269] dbg: async: timing: 0.026 .
>> >> DNSBL:dob.sibl.support-intelligence.net:ru.gg
>> >> Jul 14 07:55:54.785 [3269] dbg: async: timing: 0.027 .
>> >> DNSBL:multi.uribl.com.:ru.gg
>> >>
>> >> However if I edit the message, change the link to
>> >> "http://qwerty.ru.com" and
>> >> run it through spamassassin again, then the URIBL lookups are done
>> for
>> >> the
>> >> full domain name:
>> >>
>> >> Jul 14 08:52:49.412 [16122] dbg: async: timing: 0.287 .
>> >> DNSBL:dob.sibl.support-intelligence.net:qwerty.ru.com
>> >> Jul 14 08:52:49.412 [16122] dbg: async: timing: 0.290 .
>> >> DNSBL:multi.uribl.com.:qwerty.ru.com
>> >>
>> >> This can't be right, can it? It looks like the gg top-level domain
>> >> isn't
>> >> being handled properly. Any ideas?
>> >
>> > I don't see why you believe querty.ru.gg == querty.ru.com .
>> >
>> > .gg is a gTLD (for the Bailiwick of Guernsey, according to
>> > http://en.wikipedia.org/wiki/.gg).
>> >
>> >
>> >> Dave
>> >
>> > Giampaolo
>> >
>> >
>> >
>> 
>> --
>> View this message in context: http://old.nabble.com/uribl-not-working-
>> properly-with-.gg-TLD-tp29159353p29159839.html
>> Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/uribl-not-working-properly-with-.gg-TLD-tp29159353p29170299.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

RE: uribl not working properly with .gg TLD

Posted by Giampaolo Tomassoni <Gi...@Tomassoni.biz>.

> What I am asking is why a reference to http://querty.ru.gg generates a
> URI
> lookup for ru.gg (ie missing out the first component) whereas a
> reference to
> http://qwerty.ru.com generates a URI lookup for qwerty.ru.com.
> 
> Dave

Because the ru.gg second level domain is not in the TWO_LEVEL_DOMAINS
variable defined in Mail::SpamAssassin::Util::RegistrarBoundaries , while
ru.com is.

If you mean that ru.gg should be there too, please note that querty.ru.gg is
a third-level domain of ru.gg, which is assigned to webme.com. So, I don't
see any need to discriminate querty.ru.gg from ru.gg.

Further, I would personally blacklist the whole .gg gTLD since their whois
service is ridiculous.

Giampaolo
 


> Giampaolo Tomassoni-2 wrote:
> >
> >> I'm running SpamAssassin version 3.3.0 and we received some spam
> >> recently
> >> which contained a link to a .ru.gg domain. While investigating
> whether
> >> it
> >> was listed in any of the URIBLs I discovered that if a message
> contains
> >> a
> >> link to "http://qwerty.ru.gg", spamassassin only looks up the domain
> >> "ru.gg"
> >> - here's a snippet from the log:
> >>
> >> Jul 14 07:55:54.785 [3269] dbg: async: timing: 0.026 .
> >> DNSBL:dob.sibl.support-intelligence.net:ru.gg
> >> Jul 14 07:55:54.785 [3269] dbg: async: timing: 0.027 .
> >> DNSBL:multi.uribl.com.:ru.gg
> >>
> >> However if I edit the message, change the link to
> >> "http://qwerty.ru.com" and
> >> run it through spamassassin again, then the URIBL lookups are done
> for
> >> the
> >> full domain name:
> >>
> >> Jul 14 08:52:49.412 [16122] dbg: async: timing: 0.287 .
> >> DNSBL:dob.sibl.support-intelligence.net:qwerty.ru.com
> >> Jul 14 08:52:49.412 [16122] dbg: async: timing: 0.290 .
> >> DNSBL:multi.uribl.com.:qwerty.ru.com
> >>
> >> This can't be right, can it? It looks like the gg top-level domain
> >> isn't
> >> being handled properly. Any ideas?
> >
> > I don't see why you believe querty.ru.gg == querty.ru.com .
> >
> > .gg is a gTLD (for the Bailiwick of Guernsey, according to
> > http://en.wikipedia.org/wiki/.gg).
> >
> >
> >> Dave
> >
> > Giampaolo
> >
> >
> >
> 
> --
> View this message in context: http://old.nabble.com/uribl-not-working-
> properly-with-.gg-TLD-tp29159353p29159839.html
> Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

RE: uribl not working properly with .gg TLD

Posted by DaveAtJLA <da...@jla.com>.

What I am asking is why a reference to http://querty.ru.gg generates a URI
lookup for ru.gg (ie missing out the first component) whereas a reference to
http://qwerty.ru.com generates a URI lookup for qwerty.ru.com.

Dave


Giampaolo Tomassoni-2 wrote:
> 
>> I'm running SpamAssassin version 3.3.0 and we received some spam
>> recently
>> which contained a link to a .ru.gg domain. While investigating whether
>> it
>> was listed in any of the URIBLs I discovered that if a message contains
>> a
>> link to "http://qwerty.ru.gg", spamassassin only looks up the domain
>> "ru.gg"
>> - here's a snippet from the log:
>> 
>> Jul 14 07:55:54.785 [3269] dbg: async: timing: 0.026 .
>> DNSBL:dob.sibl.support-intelligence.net:ru.gg
>> Jul 14 07:55:54.785 [3269] dbg: async: timing: 0.027 .
>> DNSBL:multi.uribl.com.:ru.gg
>> 
>> However if I edit the message, change the link to
>> "http://qwerty.ru.com" and
>> run it through spamassassin again, then the URIBL lookups are done for
>> the
>> full domain name:
>> 
>> Jul 14 08:52:49.412 [16122] dbg: async: timing: 0.287 .
>> DNSBL:dob.sibl.support-intelligence.net:qwerty.ru.com
>> Jul 14 08:52:49.412 [16122] dbg: async: timing: 0.290 .
>> DNSBL:multi.uribl.com.:qwerty.ru.com
>> 
>> This can't be right, can it? It looks like the gg top-level domain
>> isn't
>> being handled properly. Any ideas?
> 
> I don't see why you believe querty.ru.gg == querty.ru.com .
> 
> .gg is a gTLD (for the Bailiwick of Guernsey, according to
> http://en.wikipedia.org/wiki/.gg).
> 
> 
>> Dave
> 
> Giampaolo
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/uribl-not-working-properly-with-.gg-TLD-tp29159353p29159839.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

RE: uribl not working properly with .gg TLD

Posted by Giampaolo Tomassoni <Gi...@Tomassoni.biz>.

> I'm running SpamAssassin version 3.3.0 and we received some spam
> recently
> which contained a link to a .ru.gg domain. While investigating whether
> it
> was listed in any of the URIBLs I discovered that if a message contains
> a
> link to "http://qwerty.ru.gg", spamassassin only looks up the domain
> "ru.gg"
> - here's a snippet from the log:
> 
> Jul 14 07:55:54.785 [3269] dbg: async: timing: 0.026 .
> DNSBL:dob.sibl.support-intelligence.net:ru.gg
> Jul 14 07:55:54.785 [3269] dbg: async: timing: 0.027 .
> DNSBL:multi.uribl.com.:ru.gg
> 
> However if I edit the message, change the link to
> "http://qwerty.ru.com" and
> run it through spamassassin again, then the URIBL lookups are done for
> the
> full domain name:
> 
> Jul 14 08:52:49.412 [16122] dbg: async: timing: 0.287 .
> DNSBL:dob.sibl.support-intelligence.net:qwerty.ru.com
> Jul 14 08:52:49.412 [16122] dbg: async: timing: 0.290 .
> DNSBL:multi.uribl.com.:qwerty.ru.com
> 
> This can't be right, can it? It looks like the gg top-level domain
> isn't
> being handled properly. Any ideas?

I don't see why you believe querty.ru.gg == querty.ru.com .

.gg is a gTLD (for the Bailiwick of Guernsey, according to
http://en.wikipedia.org/wiki/.gg).


> Dave

Giampaolo