Mailing List Archive

google domains spam
Hi gyus,

last time I received too many spam with links to sites.google.com
and goo.gl redirects.

The sites.google.com website containg "report" links, however after about a
week of reporting them all, spam containing the same site comes and the site
is not removed.

The goo.gl does not seem to contain any place for reporting spams.
Seems that it was deprecated but still somehow works.


I have decided to locally blacklist them both (I run local rbldns, with IP
and domain-based blacklists).

urirhsbl L_URIBL_FANTOMAS rhsbl.fantomas.sk. TXT
body L_URIBL_FANTOMAS eval:check_uridnsbl('URIBL_FANTOMAS')

However, both goo.gl and google.com are skipped with scanning:

/var/lib/spamassassin/3.004004/updates_spamassassin_org/25_uribl.cf:uridnsbl_skip_domain go.com google.com googleadservices.com grisoft.com
/var/lib/spamassassin/3.004004/updates_spamassassin_org/25_uribl.cf:uridnsbl_skip_domain gappssmtp.com github.com goo.gl google-analytics.com

I can unlist locally both:

clear_uridnsbl_skip_domain goo.gl google.com

However, goo.gl seems to be catched:

* 3.5 L_URIBL_FANTOMAS contains locally blocklisted URI
* [URIs: goo.gl]

but sites.google.com is not. Seems SA only calls domain, not subdomains:

Feb 28 12:21:21.173 [8745] dbg: async: calling callback on key DNSBL:google.com:rhsbl.fantomas.sk, rule L_URIBL_FANTOMAS
Feb 28 12:21:21.173 [8745] dbg: uridnsbl: complete_dnsbl_lookup L_URIBL_FANTOMAS DNSBL:google.com:rhsbl.fantomas.sk

How can I make SA to rbl-check for subdomain, not just google.com domain?

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you to install Windows. -- Matthew D. Fuller
Re: google domains spam [ In reply to ]
On 2021-02-28 12:26, Matus UHLAR - fantomas wrote:

> How can I make SA to rbl-check for subdomain, not just google.com
> domain?

2nd tld cf file or

https://github.com/spamhaus/spamassassin-dqs/blob/master/SH.pm#L78

change SH.cf to sh_local.cf to your own rbldnsd

the sh.pm module have more funtions then used, but it can be used with
more testing with or without dqs keys

note the 2nd tld would be global change while the sh.pm is not

hope its usefull
Re: google domains spam [ In reply to ]
>On 2021-02-28 12:26, Matus UHLAR - fantomas wrote:
>>How can I make SA to rbl-check for subdomain, not just google.com
>>domain?

On 28.02.21 15:58, Benny Pedersen wrote:
>2nd tld cf file or

do you want to say, only delegated domains are searched, not subdomains?


>https://github.com/spamhaus/spamassassin-dqs/blob/master/SH.pm#L78
>
>change SH.cf to sh_local.cf to your own rbldnsd

>the sh.pm module have more funtions then used, but it can be used with
>more testing with or without dqs keys
>
>note the 2nd tld would be global change while the sh.pm is not

I don't have sh.pm nor SH.cf on my server.
I don't even use DQS...

>hope its usefull



--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are
Re: google domains spam [ In reply to ]
>>On 2021-02-28 12:26, Matus UHLAR - fantomas wrote:
>>>How can I make SA to rbl-check for subdomain, not just google.com
>>>domain?
>
>On 28.02.21 15:58, Benny Pedersen wrote:
>>2nd tld cf file or

On 01.03.21 11:19, Matus UHLAR - fantomas wrote:
>do you want to say, only delegated domains are searched, not subdomains?

seems that adding configuring google.com as delegation point helped:

util_rb_2tld google.com

* 3.5 L_URIBL_FANTOMAS contains locally blocklisted URI
* [URIs: sites.google.com]

but I'm not sure if this is proper solution.
not that I expect google.com appear in blacklists...

>>https://github.com/spamhaus/spamassassin-dqs/blob/master/SH.pm#L78
>>
>>change SH.cf to sh_local.cf to your own rbldnsd
>
>>the sh.pm module have more funtions then used, but it can be used
>>with more testing with or without dqs keys
>>
>>note the 2nd tld would be global change while the sh.pm is not
>
>I don't have sh.pm nor SH.cf on my server. I don't even use DQS...
>
>>hope its usefull

partly useful. Your sugestion was not, but your hint was...
thanks

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter any 12-digit prime number to continue.
Re: google domains spam [ In reply to ]
On 2021-03-01 11:19, Matus UHLAR - fantomas wrote:

> do you want to say, only delegated domains are searched, not
> subdomains?

yes spamassasin works this way

> I don't have sh.pm nor SH.cf on my server. I don't even use DQS...

you dont need dqs, read agin, only inspired by the rules could be
usefull to test

redirect to maybe just one nameserver could hit them all

i just dont know if spamassassin resolve redirect domains here
Re: google domains spam [ In reply to ]
>On 2021-03-01 11:19, Matus UHLAR - fantomas wrote:
>>do you want to say, only delegated domains are searched, not
>>subdomains?

On 01.03.21 15:25, Benny Pedersen wrote:
>yes spamassasin works this way

I apparently missed docs about this.
And, frankly, it'a apparently not ideal, at least for my case.


>>I don't have sh.pm nor SH.cf on my server. I don't even use DQS...

>you dont need dqs, read agin, only inspired by the rules could be
>usefull to test
>
>redirect to maybe just one nameserver could hit them all
>
>i just dont know if spamassassin resolve redirect domains here

goo.gl can be (and is) blacklisted successfully:

clear_uridnsbl_skip_domain goo.gl
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!