You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2014/09/01 11:44:06 UTC
[Bug 7080] New: Enhancement: Extend Uribl.pm to do SOA Email
addressess lookups against white/black lists
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080
Bug ID: 7080
Summary: Enhancement: Extend Uribl.pm to do SOA Email
addressess lookups against white/black lists
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Plugins
Assignee: dev@spamassassin.apache.org
Reporter: axb.lists@gmail.com
in a whitelist rbldnsd zone
hostmaster.paypal.com
for domains
paypal-marketing.co.uk
paypal.co.uk
paypalobjects.com
paypal.com.mx
paypal.com
paypal.com.br
gostorego.com
paypal.se
paypal.be
paypal-notify.com
etc
in a blacklist rbldnsd zone
alphainfolab.sanjay.gmail.com
for domains like
khorsen.biz
kingsmail.biz
perheine.biz
valbymail.biz
etc
If running in a private zone, this could help prevent FPs/help detect spammy
URL domains
In the case of running private rbdldnsd B/W zones, trivial forgeries would
require guessing what is being listed/what not..
comments?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess
lookups against white/black lists
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080
--- Comment #5 from AXB <ax...@gmail.com> ---
(In reply to Kevin A. McGrail from comment #4)
> This sounds like more of an extension for EmailBL.pm and use hashes of the
> email addresses so you are UTF8 ready, etc.
>
> Thoughts?
nope - the aim is to do lookups against URL domains
and there's no need for hashes. SOA email addrs can be treated as regular
domains URLs
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess
lookups against white/black lists
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080
--- Comment #6 from AXB <ax...@gmail.com> ---
ASKdns can get a domain's SOA record - just gotta figure out the regex for the
template...
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess
lookups against white/black lists
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080
--- Comment #10 from AXB <ax...@gmail.com> ---
"BAyes on your sample "
means "Based on your sample" (have a Bayes overdose)
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess
lookups against white/black lists
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080
--- Comment #8 from Mark Martinec <Ma...@ijs.si> ---
> ASKdns can get a domain's SOA record - just gotta figure out the regex for
> the template...
It can get the SOA record and match it against a regexp, e.g.:
askdns L_SANJAY _URIDOMAINS_ SOA
/^\S+\s+alphainfolab\.sanjay\.gmail\.com\.?\s/i
The above may be useful as a static rule for some specific e-mail address,
but to query a DNSxL with the e-mail address obtained from a SOA record
it would require another DNS query and some way to pass the just-obtained
information to the next query. This is currently not implemented.
A possible way to go would be for the L_SANJAY match to create one or more
tags (e.g. _L_SANJAY_1_ and _L_SANJAY_2_, based on a regexp group-capture),
and then use these tags for the second askdns rule, this time to query
some DNSxL.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess
lookups against white/black lists
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080
Matthias Leisi <ma...@leisi.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |matthias@leisi.net
--- Comment #2 from Matthias Leisi <ma...@leisi.net> ---
It's obviously trivially forged and publicly available information - so what is
the real benefit?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess
lookups against white/black lists
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080
--- Comment #9 from AXB <ax...@gmail.com> ---
Thank Mark,
BAyes on your sample I'm testing the concept with a bunch a static rules to
see if it's worth it to pursue as an extension of AskdnS or URIBL.pm (whatever
would make more sense)
I'll be back :)
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess
lookups against white/black lists
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080
--- Comment #7 from AXB <ax...@gmail.com> ---
I definitely need Mark's help on this. I don't understand the AskDNS
[subqueryfilter] syntax and I have no sample rule to use as a guide.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess
lookups against white/black lists
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080
--- Comment #3 from AXB <ax...@gmail.com> ---
(In reply to Matthias Leisi from comment #2)
> It's obviously trivially forged and publicly available information - so what
> is the real benefit?
There's a very large number of cases which such listings could replace chasing
A or NS IP listings
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess
lookups against white/black lists
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080
--- Comment #1 from AXB <ax...@gmail.com> ---
Could this already be done via the AskDNS plugin?
It seems so but I haven't been able to figure out the syntax
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess
lookups against white/black lists
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080
AXB <ax...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |Mark.Martinec@ijs.si
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7080] Enhancement: Extend Uribl.pm to do SOA Email addressess
lookups against white/black lists
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7080
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@pccc.com
--- Comment #4 from Kevin A. McGrail <km...@pccc.com> ---
This sounds like more of an extension for EmailBL.pm and use hashes of the
email addresses so you are UTF8 ready, etc.
Thoughts?
--
You are receiving this mail because:
You are the assignee for the bug.