Mailing List Archive

check doman against uri bl of spamassassin
What is the best way to check an url against the default active
spamassassin uribl, on a linux server that does not have spamassassin
installed?
Re: check doman against uri bl of spamassassin [ In reply to ]
On 21 Oct 2020, at 13:35, Marc Roos <M.Roos@f1-outsourcing.eu> wrote:
> What is the best way to check an url against the default active
> spamassassin uribl, on a linux server that does not have spamassassin
> installed?

This is clearly in the "how do I do a thing while imposing conditions that make <thing> impossible to do" class of question.

"How do I dive 300 meters under water without an oxygen supply or pressure suit?"

"How can I get from New York City to Los Angels in less than 10 hours without flying?"

If you want to test something against spamasassin you need one thing for sure, access to spamassassin.

--
'I really should talk to him, sir. He's had a near-death experience!'
'We all do. It's called living.'
RE: check doman against uri bl of spamassassin [ In reply to ]
:D I thought I could query the blacklists from the command line with dig
or so


-----Original Message-----
From: @lbutlr [mailto:kremels@kreme.com]
Sent: Wednesday, October 21, 2020 10:20 PM
To: users@spamassassin.apache.org
Subject: Re: check doman against uri bl of spamassassin

On 21 Oct 2020, at 13:35, Marc Roos <M.Roos@f1-outsourcing.eu> wrote:
> What is the best way to check an url against the default active
> spamassassin uribl, on a linux server that does not have spamassassin
> installed?

This is clearly in the "how do I do a thing while imposing conditions
that make <thing> impossible to do" class of question.

"How do I dive 300 meters under water without an oxygen supply or
pressure suit?"

"How can I get from New York City to Los Angels in less than 10 hours
without flying?"

If you want to test something against spamasassin you need one thing for
sure, access to spamassassin.

--
'I really should talk to him, sir. He's had a near-death experience!'
'We all do. It's called living.'
RE: check doman against uri bl of spamassassin [ In reply to ]
> and why just don't you?

I have no idea what the default ones are. Also don't know exactly the
syntax, especially when slashes are included and if hashes are used or
so.
Re: check doman against uri bl of spamassassin [ In reply to ]
On Wed, 2020-10-21 at 22:22 +0200, Marc Roos wrote:
> :D I thought I could query the blacklists from the command line with
> dig or so
>
Sounds possible, but what use is a command line query when what you need
is something that can be triggered by getmail, your MTA, an MUA or
whatever? You might be able to do that from a shell script, but a Perl
program would be better, so find your copy of the 'Camel Book', open a
terminal and design a program and start coding.

At least, that's what I would do and have done in similar circumstances.
The only difference is that, apart from an SA module, I've written my
special mail handlers in C and Java rather than Perl. All these
languages have built-in or library routines for reading mail and
interrogating servers.

Martin
>
> -----Original Message-----
> From: @lbutlr [mailto:kremels@kreme.com]
> Sent: Wednesday, October 21, 2020 10:20 PM
> To: users@spamassassin.apache.org
> Subject: Re: check doman against uri bl of spamassassin
>
> On 21 Oct 2020, at 13:35, Marc Roos <M.Roos@f1-outsourcing.eu> wrote:
> > What is the best way to check an url against the default active
> > spamassassin uribl, on a linux server that does not have
> > spamassassin
> > installed?
>
> This is clearly in the "how do I do a thing while imposing conditions
> that make <thing> impossible to do" class of question.
>
> "How do I dive 300 meters under water without an oxygen supply or
> pressure suit?"
>
> "How can I get from New York City to Los Angels in less than 10 hours
> without flying?"
>
> If you want to test something against spamasassin you need one thing
> for
> sure, access to spamassassin.
>
> --
> 'I really should talk to him, sir. He's had a near-death experience!'
> 'We all do. It's called living.'
>
>
>
Re: check doman against uri bl of spamassassin [ In reply to ]
On 21 Oct 2020, at 16:22, Marc Roos wrote:

> :D I thought I could query the blacklists from the command line with
> dig
> or so

You can, at least in principle, but it would not be a single command or
a well-defined small set of commands if you don't have SA installed and
want to know the SA penalty of an URI in a particular domain.

The rules files in the default rules channel have 23 active urirhssub
rules defined. They reference 4 URIBL zones, 3 of which are multiplexed:

dbl.spamhaus.org.
dob.sibl.support-intelligence.net
multi.surbl.org.
multi.uribl.com.

So you COULD just check a domain such as example.com like this:

dig example.com.dbl.spamhaus.org.
example.com.dob.sibl.support-intelligence.net.
example.com.multi.surbl.org. example.com.multi.uribl.com.

Figuring out what the results of such a search means would require you
to look up the return codes and what they mean for each of those URIBLs.
Figuring out what the cumulative SA score would be of a particular
domain would require you to check the current score files in the rules
distribution.


--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
RE: check doman against uri bl of spamassassin [ In reply to ]
>
>
>
>> :D I thought I could query the blacklists from the command line with

>> dig
>> or so
>
>You can, at least in principle, but it would not be a single command
or
>a well-defined small set of commands if you don't have SA installed
and
>want to know the SA penalty of an URI in a particular domain.
>
>The rules files in the default rules channel have 23 active urirhssub
>rules defined. They reference 4 URIBL zones, 3 of which are
multiplexed:
>
>dbl.spamhaus.org.
>dob.sibl.support-intelligence.net
>multi.surbl.org.
>multi.uribl.com.
>
>So you COULD just check a domain such as example.com like this:
>
> dig example.com.dbl.spamhaus.org.
>example.com.dob.sibl.support-intelligence.net.
>example.com.multi.surbl.org. example.com.multi.uribl.com.

Oh ok, that sounds indeed simple. I thought there was more to it.
This means with such implementation, that if you have such a blog
collection site like wordpress.com. If one wordpress.com/xxx
site gets listed, all are listed.

>Figuring out what the results of such a search means would require you

>to look up the return codes and what they mean for each of those
URIBLs.
>Figuring out what the cumulative SA score would be of a particular
>domain would require you to check the current score files in the rules

>distribution.

No, that is not necessary, just need to know if it is possible to query
these blacklists on existence.
Re: check doman against uri bl of spamassassin [ In reply to ]
Hi

For heaven's sake, help him use 'dig' or 'host' :-)

$ dig -t any climklaym.site.uribl.swinog.ch
[...]
;; ANSWER SECTION:
climklaym.site.uribl.swinog.ch. 120 IN A 127.0.1.8
climklaym.site.uribl.swinog.ch. 120 IN TXT ": 17-09-2020 11:41 SWINOG Spamtrap Alpha 2.12 climklaym.site https://blacklist.woody.ch/rblhostlist.php?id=climklaym.site.uri"

$ host -t any climklaym.site.uribl.swinog.ch
climklaym.site.uribl.swinog.ch has address 127.0.1.8
climklaym.site.uribl.swinog.ch descriptive text ": 17-09-2020 11:41 SWINOG Spamtrap Alpha 2.12 climklaym.site https://blacklist.woody.ch/rblhostlist.php?id=climklaym.site.uri"

Or point him to web-based DNS blacklist query services:

http://multirbl.valli.org/
https://mxtoolbox.com/blacklists.aspx

--
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________

Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
Re: check doman against uri bl of spamassassin [ In reply to ]
On 22 Oct 2020, at 4:48, Benoît Panizzon wrote:

> Hi
>
> For heaven's sake, help him use 'dig' or 'host' :-)

I did. :)

> $ dig -t any climklaym.site.uribl.swinog.ch

Using "any" queries is ill-advised. Generally that will only return
records that happen to be in the queried server's cache, and due to its
use in reflective amplification attacks, many servers won't even do
that. For example, Cloudflare's nameservers have been responding with
NOTIMP to ANY queries for some years now.

Also: the SWINOG list is not used by SA.


--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
Re: check doman against uri bl of spamassassin [ In reply to ]
On Thu, 22 Oct 2020 09:50:32 -0400
Bill Cole wrote:

> Using "any" queries is ill-advised. Generally that will only return
> records that happen to be in the queried server's cache,


That sounds like it could be a problem for AskDNS, from its
trunk documentation:

"The rr_type parameter not only provides a filter for RR types found
in the DNS answer, but also determines the DNS query type. ... When
more than one RR type is specified (e.g. A, AAAA, TXT) or if ANY is
specified, then the DNS query type will be ANY and the rr_type
parameter will only act as a filter on a result."