You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2015/09/05 14:34:10 UTC
[Bug 7242] New: URIBL_SBL and URIBL_SBL_A doing each other's lookups
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7242
Bug ID: 7242
Summary: URIBL_SBL and URIBL_SBL_A doing each other's lookups
Product: Spamassassin
Version: unspecified
Hardware: PC
OS: FreeBSD
Status: NEW
Severity: minor
Priority: P2
Component: Plugins
Assignee: dev@spamassassin.apache.org
Reporter: rwmaillists@googlemail.com
URIBL_SBL is suppose to check the host's nameserver IPs in SBL and URIBL_SBL_A
is supposed to check the host's IP address, but both rules are doing both.
See: "What does URIBL_SBL check (was Re: Amazon Route53 nameservers listed in
SBL?)" on the user list.
I've set this as a minor bug since the lookups are being done, it's just the
granularity that's being lost.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7242] URIBL_SBL and URIBL_SBL_A doing each other's lookups
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7242
Henrik Krohns <he...@hege.li> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hege@hege.li
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #5 from Henrik Krohns <he...@hege.li> ---
This should fix it in 3.4:
Sending lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
Transmitting file data .done
Committing transaction...
Committed revision 1845723.
Will commit trunk at later date, I was in the process of cleaning up the whole
URIDNSBL.pm spaghetti, discovered this bug myself too..
Also fixed sbl -> zen usage and added CSS rules:
Sending rules/25_uribl.cf
Sending rules/50_scores.cf
Transmitting file data ..done
Committing transaction...
Committed revision 1845724.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7242] URIBL_SBL and URIBL_SBL_A doing each other's lookups
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7242
--- Comment #2 from AXB <ax...@gmail.com> ---
hmmm
could some one pls test replaceing
uridnsbl URIBL_SBL_A sbl.spamhaus.org. A
with
uridnsbl URIBL_SBL_A zen.spamhaus.org. A 127.0.0.2
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7242] URIBL_SBL and URIBL_SBL_A doing each other's lookups
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7242
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@pccc.com
--- Comment #1 from Kevin A. McGrail <km...@pccc.com> ---
Adding more information about the issue:
$ printf "\n\nhttp://www.alfordmedia.com/" | spamassassin -D uridnsbl 2>&1
Sep 5 00:57:40.749 [88636] dbg: uridnsbl: considering
host=www.alfordmedia.com, domain=alfordmedia.com
Sep 5 00:57:40.759 [88636] dbg: uridnsbl: complete_dnsbl_lookup URIBL_RHS_DOB
DNSBL:alfordmedia.com:dob.sibl.support-intelligence.net
Sep 5 00:57:40.759 [88636] dbg: uridnsbl: complete_ns_lookup
NS:alfordmedia.com
Sep 5 00:57:40.760 [88636] dbg: uridnsbl: got(1) NS for alfordmedia.com:
alfordmedia.com. 172603 IN NS ns-1298.awsdns-34.org.
Sep 5 00:57:40.760 [88636] dbg: uridnsbl: got(2) NS for alfordmedia.com:
alfordmedia.com. 172603 IN NS ns-1925.awsdns-48.co.uk.
Sep 5 00:57:40.761 [88636] dbg: uridnsbl: got(3) NS for alfordmedia.com:
alfordmedia.com. 172603 IN NS ns-62.awsdns-07.com.
Sep 5 00:57:40.761 [88636] dbg: uridnsbl: got(4) NS for alfordmedia.com:
alfordmedia.com. 172603 IN NS ns-696.awsdns-23.net.
Sep 5 00:57:40.762 [88636] dbg: uridnsbl: complete_a_lookup
A:www.alfordmedia.com
Sep 5 00:57:40.762 [88636] dbg: uridnsbl: complete_a_lookup got(1) A for
www.alfordmedia.com: www.alfordmedia.com. 103 IN A 209.124.71.2
Sep 5 00:57:40.764 [88636] dbg: uridnsbl: complete_a_lookup
A:ns-1298.awsdns-34.org
Sep 5 00:57:40.764 [88636] dbg: uridnsbl: complete_a_lookup got(1) A for
ns-1298.awsdns-34.org: ns-1298.awsdns-34.org. 170801 IN A 205.251.197.18
Sep 5 00:57:40.765 [88636] dbg: uridnsbl: complete_a_lookup
A:ns-1925.awsdns-48.co.uk
Sep 5 00:57:40.765 [88636] dbg: uridnsbl: complete_a_lookup got(1) A for
ns-1925.awsdns-48.co.uk: ns-1925.awsdns-48.co.uk. 170801 IN A 205.251.199.133
Sep 5 00:57:40.766 [88636] dbg: uridnsbl: complete_a_lookup
A:ns-62.awsdns-07.com
Sep 5 00:57:40.766 [88636] dbg: uridnsbl: complete_a_lookup got(1) A for
ns-62.awsdns-07.com: ns-62.awsdns-07.com. 170801 IN A 205.251.192.62
Sep 5 00:57:40.767 [88636] dbg: uridnsbl: complete_a_lookup
A:ns-696.awsdns-23.net
Sep 5 00:57:40.767 [88636] dbg: uridnsbl: complete_a_lookup got(1) A for
ns-696.awsdns-23.net: ns-696.awsdns-23.net. 170801 IN A 205.251.194.184
...
Sep 5 00:57:40.863 [88636] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL_A
DNSBL:2.71.124.209:sbl.spamhaus.org
Sep 5 00:57:40.864 [88636] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:2.71.124.209:zen.spamhaus.org <--- A
Sep 5 00:57:40.864 [88636] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL_A
DNSBL:18.197.251.205:sbl.spamhaus.org <--- B
Sep 5 00:57:40.864 [88636] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL_A
DNSBL:62.192.251.205:sbl.spamhaus.org <--- B
Sep 5 00:57:40.864 [88636] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL_A
DNSBL:133.199.251.205:sbl.spamhaus.org <--- B
Sep 5 00:57:40.865 [88636] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:184.194.251.205:zen.spamhaus.org
Sep 5 00:57:40.979 [88636] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:18.197.251.205:zen.spamhaus.org
...
Sep 5 00:57:43.032 [88636] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:62.192.251.205:zen.spamhaus.org
Sep 5 00:57:43.033 [88636] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:133.199.251.205:zen.spamhaus.org
Sep 5 00:57:43.033 [88636] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL_A
DNSBL:184.194.251.205:sbl.spamhaus.org <--- B
In the line marked A it looks like URIBL_SBL did look-up SBL (via zen)
for the host's IP. Also in the lines marked B it looks URIBL_SBL_A is
doing an SBL look-up on the nameserver IPs as well as the hosts. In
other words it looks like both rules are doing the full set of look-ups
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7242] URIBL_SBL and URIBL_SBL_A doing each other's lookups
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7242
--- Comment #3 from Kevin A. McGrail <km...@pccc.com> ---
(In reply to AXB from comment #2)
> hmmm
>
> could some one pls test replaceing
> uridnsbl URIBL_SBL_A sbl.spamhaus.org. A
>
> with
>
> uridnsbl URIBL_SBL_A zen.spamhaus.org. A 127.0.0.2
Anyone with the issue and using spamhaus?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7242] URIBL_SBL and URIBL_SBL_A doing each other's lookups
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7242
--- Comment #4 from Kevin A. McGrail <km...@pccc.com> ---
Nick Edwards posted something similar:
Take postfix.org for example, it has no A record, so this check should
return NXDOMAIN and therefore not score the mail with a positive
value.
However, it does, so, I either screwed up something in the rule :
uridnsbl ATQ_URI2 snowshoers.int. A
body ATQ_URI2 eval:check_uridnsbl('ATQ_URI2')
describe ATQ_URI2 URL's domain A record listed in snowshoe netblocks
score ATQ_URI2 3.0
tflags ATQ_URI2 net a
or spamassassins lookup is over bearing?
The list in snowshoers.int contains about 400 /24's so removing one
at a time is not feasable, but, as indicated, postifx.org has no A
record so this shojldnt be an issue, I did check the IP's of
www.postifx.org both of them are not in any netblock.
So how can it be it gets tagged as being in it?
It can not be a nxdomain false in code, since undernet.org has no A
records and it passes fine without tagging/scoring.
And Noel Butler on the mailing list wrote:
If so, I think I see the problem, SA is using -ANY in its lookup,
not the A that you want (I'm guessing without looking into code,
I'm just back from holidays so bit busy at home), postfix ns4 has
an IP in a /24 list from HOSTI-20 173.244.206.0/24 which was added
4 weeks ago by looks of it, its marked "spam multiple junk domains"
So it seems SA's eval code does have an error.
The rule might be requesting an A but the code is firing or returning ANY
causing a false hit perhaps?
RW than pointed out this sounded similar to this bug.
--
You are receiving this mail because:
You are the assignee for the bug.