You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2014/09/01 11:44:06 UTC

[Bug 7080] New: Enhancement: Extend Uribl.pm to do SOA Email addressess lookups against white/black lists

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080

            Bug ID: 7080
           Summary: Enhancement: Extend Uribl.pm to do SOA Email
                    addressess lookups against white/black lists
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Plugins
          Assignee: dev@spamassassin.apache.org
          Reporter: axb.lists@gmail.com

in a whitelist rbldnsd zone

hostmaster.paypal.com
for domains

paypal-marketing.co.uk
paypal.co.uk
paypalobjects.com
paypal.com.mx
paypal.com
paypal.com.br
gostorego.com
paypal.se
paypal.be
paypal-notify.com
etc

in a blacklist rbldnsd zone

alphainfolab.sanjay.gmail.com
for domains like

khorsen.biz
kingsmail.biz
perheine.biz
valbymail.biz
etc

If running in a  private zone, this could help prevent FPs/help detect spammy
URL domains

In the case of running private rbdldnsd B/W zones, trivial forgeries would
require guessing what is being listed/what not..

comments?

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess lookups against white/black lists

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080

--- Comment #5 from AXB <ax...@gmail.com> ---
(In reply to Kevin A. McGrail from comment #4)
> This sounds like more of an extension for EmailBL.pm and use hashes of the
> email addresses so you are UTF8 ready, etc.
> 
> Thoughts?

nope - the aim is to do lookups against URL domains

and there's no need for hashes. SOA email addrs can be treated as regular
domains URLs

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess lookups against white/black lists

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080

--- Comment #6 from AXB <ax...@gmail.com> ---
ASKdns can get a domain's SOA record - just gotta figure out the regex for the
template...

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess lookups against white/black lists

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080

--- Comment #10 from AXB <ax...@gmail.com> ---
"BAyes on your sample "

means "Based on your sample" (have a Bayes overdose)

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess lookups against white/black lists

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080

--- Comment #8 from Mark Martinec <Ma...@ijs.si> ---
> ASKdns can get a domain's SOA record - just gotta figure out the regex for
> the template...

It can get the SOA record and match it against a regexp, e.g.:

askdns L_SANJAY _URIDOMAINS_ SOA
/^\S+\s+alphainfolab\.sanjay\.gmail\.com\.?\s/i

The above may be useful as a static rule for some specific e-mail address,
but to query a DNSxL with the e-mail address obtained from a SOA record
it would require another DNS query and some way to pass the just-obtained
information to the next query. This is currently not implemented.

A possible way to go would be for the L_SANJAY match to create one or more
tags (e.g. _L_SANJAY_1_ and _L_SANJAY_2_, based on a regexp group-capture),
and then use these tags for the second askdns rule, this time to query
some DNSxL.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess lookups against white/black lists

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080

Matthias Leisi <ma...@leisi.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |matthias@leisi.net

--- Comment #2 from Matthias Leisi <ma...@leisi.net> ---
It's obviously trivially forged and publicly available information - so what is
the real benefit?

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess lookups against white/black lists

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080

--- Comment #9 from AXB <ax...@gmail.com> ---
Thank Mark,

BAyes on your sample  I'm testing the concept with a bunch a static rules to
see if it's worth it to pursue as an extension of AskdnS or URIBL.pm (whatever
would make more sense)


I'll be back :)

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess lookups against white/black lists

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080

--- Comment #7 from AXB <ax...@gmail.com> ---
I definitely need Mark's help on this. I don't understand the AskDNS
[subqueryfilter] syntax and I have no sample rule to use as a guide.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess lookups against white/black lists

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080

--- Comment #3 from AXB <ax...@gmail.com> ---
(In reply to Matthias Leisi from comment #2)
> It's obviously trivially forged and publicly available information - so what
> is the real benefit?

There's a very large number of cases which such listings could replace chasing
A or NS IP listings

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess lookups against white/black lists

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080

--- Comment #1 from AXB <ax...@gmail.com> ---
Could this already be done via the AskDNS plugin?

It seems so but I haven't been able to figure out the syntax

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess lookups against white/black lists

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080

AXB <ax...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |Mark.Martinec@ijs.si

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess lookups against white/black lists

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080

Kevin A. McGrail <km...@pccc.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kmcgrail@pccc.com

--- Comment #4 from Kevin A. McGrail <km...@pccc.com> ---
This sounds like more of an extension for EmailBL.pm and use hashes of the
email addresses so you are UTF8 ready, etc.

Thoughts?

-- 
You are receiving this mail because:
You are the assignee for the bug.