You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "McDonald, Dan" <Da...@austinenergy.com> on 2009/04/10 00:10:55 UTC

livejournal?

I notice that uribl is listing livejournal.com as a util_rb_2tld host,
but http://daryl.dostech.ca/sa-update/sare/90_2tld.cf doesn't have
livejournal.com yet, and updates_spamassassin_org/25_uribl.cf has
livejournal.com listed in uridnsbl_skip_domain.

If I were to add util_rb_2tld livejournal.com to local-foo.cf, would the
presence of uridnsbl_skip_domain prevent it from being checked?  And if
so, how do I "unskip" that domain?




-- 
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com


Re: livejournal?

Posted by Benny Pedersen <me...@junc.org>.
On Fri, April 10, 2009 15:59, Bogdan ?ulibrk wrote:
> Spam including livejournal subdomains is just next episode after
> almost identical spam involving live.com.

could you send samples to pastebin ?, and or uribl.com ?, if its
this domain and not just a subdomain then uribl might change life :)

-- 
http://localhost/ 100% uptime and 100% mirrored :)


Re: livejournal?

Posted by mouss <mo...@ml.netoyen.net>.
Raymond Dijkxhoorn a écrit :
> Hi!
> 
>>>> the presence of uridnsbl_skip_domain prevent it from being
>>>> checked?  And if so, how do I "unskip" that domain?
> 
>>> no its just subdomain that might be blacklisted in url, and the
>>> domain is still whitelisted
> 
>> Spam including livejournal subdomains is just next episode after
>> almost identical spam involving live.com.
> 
> Most likely a 'urgent' rule update should be pushed out to remove them
> fom the whitelisting.
> 

That would be useless because uribl will not list livejournal.com, but
only its subdomains.

at this time, 90_2tld_cf_sare_sa-update_dostech_net does have

util_rb_2tld livejournal.com


of course, feel free to add a local rule for the whole livejournal.com,
the same way people use rules for live.com and the like.


> I have some local rules in place that also take care of them but new
> versions of uridnsbl_skip_domain should be pushed out with abuse on the
> scale we are seeing now on livejournal. Then we can also start listing
> the subdomains and so. 2tld is updated on the SARE site allready if i
> recall correctly. Alex?
> 


$ grep livejournal.com 200904081400.cf
util_rb_2tld livejournal.com




Re: livejournal?

Posted by Raymond Dijkxhoorn <ra...@prolocation.net>.
Hi!

>>> the presence of uridnsbl_skip_domain prevent it from being
>>> checked?  And if so, how do I "unskip" that domain?

>> no its just subdomain that might be blacklisted in url, and the
>> domain is still whitelisted

> Spam including livejournal subdomains is just next episode after almost 
> identical spam involving live.com.

Most likely a 'urgent' rule update should be pushed out to remove them 
fom the whitelisting.

I have some local rules in place that also take care of them but new 
versions of uridnsbl_skip_domain should be pushed out with abuse on the 
scale we are seeing now on livejournal. Then we can also start listing the 
subdomains and so. 2tld is updated on the SARE site allready if i recall 
correctly. Alex?

Bye,
Raymond.

Re: livejournal?

Posted by Bogdan Ćulibrk <bc...@default.rs>.
Benny Pedersen wrote:
> On Fri, April 10, 2009 00:10, McDonald, Dan wrote:
> 
> [snip]
>> If I were to add util_rb_2tld livejournal.com to local-foo.cf, would
>> the presence of uridnsbl_skip_domain prevent it from being
>> checked?  And if so, how do I "unskip" that domain?
> 
> no its just subdomain that might be blacklisted in url, and the
> domain is still whitelisted
> 


Spam including livejournal subdomains is just next episode after almost 
identical spam involving live.com.


Re: livejournal?

Posted by Benny Pedersen <me...@junc.org>.
On Fri, April 10, 2009 00:10, McDonald, Dan wrote:

[snip]
> If I were to add util_rb_2tld livejournal.com to local-foo.cf, would
> the presence of uridnsbl_skip_domain prevent it from being
> checked?  And if so, how do I "unskip" that domain?

no its just subdomain that might be blacklisted in url, and the
domain is still whitelisted

-- 
http://localhost/ 100% uptime and 100% mirrored :)


Re: livejournal?

Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Thu, 2009-04-09 at 17:10 -0500, McDonald, Dan wrote:
> I notice that uribl is listing livejournal.com as a util_rb_2tld host,
> but http://daryl.dostech.ca/sa-update/sare/90_2tld.cf doesn't have
> livejournal.com yet, and updates_spamassassin_org/25_uribl.cf has
> livejournal.com listed in uridnsbl_skip_domain.
> 
> If I were to add util_rb_2tld livejournal.com to local-foo.cf, would the
> presence of uridnsbl_skip_domain prevent it from being checked?  And if
> so, how do I "unskip" that domain?

Apparently, it works just as expected out-of-the-box, no need to un-skip
for util_rb_2tld.

$ grep -h livejournal.com {updates,90}*/*
uridnsbl_skip_domain juno.com kernel.org livejournal.com lycos.com
util_rb_2tld livejournal.com

And from the X-Spam-Report header:
  *  3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
  *      [URIs: inaceyoo.livejournal.com]


-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}