You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2020/07/07 10:23:01 UTC
[Bug 7835] New: Domain blacklists domain wildcarding
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7835
Bug ID: 7835
Summary: Domain blacklists domain wildcarding
Product: Spamassassin
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Libraries
Assignee: dev@spamassassin.apache.org
Reporter: raymond@prolocation.net
Target Milestone: Undefined
The current SA libraries dont take into account that both DBL and SURBL provide
wildcarded lists. They strip down the domain to the base level. Where this
iosnt needed. Due to this the community is missing many listings that are
inside both of those lists.
Now we can submit requests to add domains to the util_rb_2tld files but that
doesnt really scale and its too slow also.
For example:
page.link isnt listed inside SURBL but <abused-subdomain>.page.link is.
And this is just an example to outline.
We see that many of the bad actors are abusing free services. Cloudplatforms
and such and adding domains to 2/3tld files could work but again way to slow.
If you want to take full advantage of the capabilities that SURBL hands to the
community it would be far better to not strip down the domains to the base
level all the time. the same applies for the DBL list that is also wildcarded.
URIBL isnt wildcarded as far as i know but Alex could comment on that.
If you need more info dont hesitate to mail me.
With kind regards, Raymond Dijkxhoorn - SURBL
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7835] Domain blacklists domain wildcarding
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7835
--- Comment #10 from Henrik Krohns <ap...@hege.li> ---
Some get_uri_detail_list statistics of my corpus. Enabling notrim adds one or
two queries more per message on average. So very little effect DNS usage wise,
caching will probably reduce a lot too.
HAM DOMAINS
Range: 0.000 - 80.000; Mean: 2.114; Median: 2.000; Stddev: 2.641
Percentiles: 90th: 4.000; 95th: 5.000; 99th: 8.000
HAM HOSTS
Range: 0.000 - 81.000; Mean: 3.065; Median: 3.000; Stddev: 3.126
Percentiles: 90th: 6.000; 95th: 7.000; 99th: 11.000
SPAM DOMAINS
Range: 0.000 - 26.000; Mean: 1.444; Median: 1.000; Stddev: 1.218
Percentiles: 90th: 3.000; 95th: 4.000; 99th: 6.000
SPAM HOSTS
Range: 0.000 - 26.000; Mean: 1.637; Median: 1.000; Stddev: 1.503
Percentiles: 90th: 3.000; 95th: 4.000; 99th: 7.000
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7835] Domain blacklists domain wildcarding
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7835
--- Comment #5 from Henrik Krohns <ap...@hege.li> ---
tflags "notrim" now implemented for urirhsbl/urirhssub
Sending trunk/UPGRADE
Sending trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
Sending trunk/t/uribl.t
Transmitting file data ...done
Committing transaction...
Committed revision 1888502.
Will test locally for a bit, then add to stock rules.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7835] Domain blacklists domain wildcarding
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7835
Henrik Krohns <ap...@hege.li> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |apache@hege.li
--- Comment #1 from Henrik Krohns <ap...@hege.li> ---
Some related talk also found in Bug 7165.
Yes it should be feasable to use a flag for example "tflags SURBL_FOO notrim".
And this could be enabled for all multi.surbl.org queries?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7835] Domain blacklists domain wildcarding
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7835
--- Comment #7 from Henrik Krohns <ap...@hege.li> ---
(In reply to Riccardo Alfieri from comment #6)
> Very cool. Will this be included in 3.4.6 or will it be part of 4.x only?
We tried to drop 3.4 maintenance several times already, new features for 4.x
only.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7835] Domain blacklists domain wildcarding
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7835
Henrik Krohns <ap...@hege.li> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #9 from Henrik Krohns <ap...@hege.li> ---
Committed to stock rules. As there is no syntax validation on tflags, it's safe
to use notrim anywhere needed.
Sending rules/25_uribl.cf
Transmitting file data .done
Committing transaction...
Committed revision 1888663.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7835] Domain blacklists domain wildcarding
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7835
--- Comment #8 from Henrik Krohns <ap...@hege.li> ---
PS. Please try to run trunk version. It's been "production quality" for long
time already. We need testers to prepare 4.0 release. :-)
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7835] Domain blacklists domain wildcarding
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7835
--- Comment #6 from Riccardo Alfieri <ri...@spamteq.com> ---
Very cool. Will this be included in 3.4.6 or will it be part of 4.x only?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7835] Domain blacklists domain wildcarding
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7835
Raymond Dijkxhoorn <ra...@prolocation.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |raymond@prolocation.net
--- Comment #3 from Raymond Dijkxhoorn <ra...@prolocation.net> ---
(In reply to Henrik Krohns from comment #1)
> Some related talk also found in Bug 7165.
>
> Yes it should be feasable to use a flag for example "tflags SURBL_FOO
> notrim".
>
> And this could be enabled for all multi.surbl.org queries?
Yes. All of the multi lookups are wildcarded.
So it applies to SURBL ABUSE, PH, CR and MW lookups.
I saw SpamHaus was also added as a watcher.
I am sure Riccardo can comment on the SpamHaus zones to be changed.
Thanks! Raymond
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7835] Domain blacklists domain wildcarding
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7835
--- Comment #4 from Riccardo Alfieri <ri...@spamteq.com> ---
All lookups to DBL should have the "notrim" flag set.
ZRD supports them too, but since it's only for DQS customers, I'll take care of
adding the necessary changes in our plugin when/if (I really hope this will
happen!) there is support in SA
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7835] Domain blacklists domain wildcarding
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7835
Riccardo Alfieri <ri...@spamteq.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |riccardo.alfieri@spamteq.co
| |m
--- Comment #2 from Riccardo Alfieri <ri...@spamteq.com> ---
FWIW, we at Spamhaus support Raymond's request.
Using untrimmed hostnames would provide for sure more spam catching from both
SURBL and Spamhaus lists
--
You are receiving this mail because:
You are the assignee for the bug.