Mailing List Archive

On 2021-10-31 17:26, Matus UHLAR - fantomas wrote:
> Hello,
>
> it looks like google has registered page.link domain and users are
> already
> using it for spamming:
>
> https://secretadultnightclub.page.link/...
>
> I have added it to my local domain-based blocklist.
>
> any idea/tip what to do with it next?

in firefox

Invalid Dynamic Link

Requested URL must be a parsable and complete DynamicLink.

If you are the developer of this app, ensure that your Dynamic Links
domain is correctly configured and that the path component of this URL
is valid.

On 10/31/21 5:26 PM, Matus UHLAR - fantomas wrote:
> Hello,
>
> it looks like google has registered page.link domain and users are already
> using it for spamming:
>
> https://secretadultnightclub.page.link/...
>
> I have added it to my local domain-based blocklist.
>
> any idea/tip what to do with it next?

blacklist_uri_host page.link

>On 2021-10-31 17:26, Matus UHLAR - fantomas wrote:
>>it looks like google has registered page.link domain and users are
>>already
>>using it for spamming:
>>
>>https://secretadultnightclub.page.link/...
>>
>>I have added it to my local domain-based blocklist.
>>
>>any idea/tip what to do with it next?

On 31.10.21 17:44, Benny Pedersen wrote:
>in firefox
>
>Invalid Dynamic Link

yeah, I got the same. I didn't want to post the full uri (I got two of
them).

I reported google site for spam, my question is if I can do anything above
actions

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.

On Sun, 31 Oct 2021, Axb wrote:

> On 10/31/21 5:26 PM, Matus UHLAR - fantomas wrote:
>> Hello,
>>
>> it looks like google has registered page.link domain and users are already
>> using it for spamming:
>>
>> https://secretadultnightclub.page.link/...
>>
>> I have added it to my local domain-based blocklist.
>>
>> any idea/tip what to do with it next?
>
> blacklist_uri_host page.link

Been there, done that, got the FP wounds to show the risks of doing it.

My retirement account financial adviser sends me reports that include
name.page.link URLs.

So selectivly blacklist full entries like secretadultnightclub.page.link but not
just page.link
Think of it like you would link shortner URLs (EG bit.ly).

--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

>On 10/31/21 5:26 PM, Matus UHLAR - fantomas wrote:
>>it looks like google has registered page.link domain and users are already
>>using it for spamming:
>>
>>https://secretadultnightclub.page.link/...
>>
>>I have added it to my local domain-based blocklist.
>>
>>any idea/tip what to do with it next?

On 31.10.21 17:47, Axb wrote:
>blacklist_uri_host page.link

as I sait, I added it to my local domain-based blocklist.
After adding:
util_rb_2tld page.link

it started hitting, which is strange because this directive is contained in:

/var/lib/spamassassin/3.004004/kam_sa-channels_mcgrail_com/nonKAMrules.cf

verified with spamassassin -D that this file is loaded.

...maybe because local.cf is parsed before URI rules are defined?


--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watkins. -- Daffy Duck & Porky Pig

Hi!

>>> any idea/tip what to do with it next?

> as I sait, I added it to my local domain-based blocklist.
> After adding:
> util_rb_2tld page[.]link
>
> it started hitting, which is strange because this directive is contained in:
>
> /var/lib/spamassassin/3.004004/kam_sa-channels_mcgrail_com/nonKAMrules.cf
>
> verified with spamassassin -D that this file is loaded.
>
> ...maybe because local.cf is parsed before URI rules are defined?

There is over 500 page[.]link subdomains inside SURBL right now so if you
run the latest code its also having fixes to automaticly lookup the
subdomains of those.

(The mentioned page is also listed on SURBL)

This has been ongoing for a few months now with page[.]link and not new
unfortunately.

If you see new ones (and not listed) feel free to send them over to me
directly for listing.

Thanks! Raymond Dijkxhoorn - SURBL

>>>>any idea/tip what to do with it next?
>
>>as I sait, I added it to my local domain-based blocklist.
>>After adding:
>>util_rb_2tld page[.]link
>>
>>it started hitting, which is strange because this directive is contained in:
>>
>>/var/lib/spamassassin/3.004004/kam_sa-channels_mcgrail_com/nonKAMrules.cf
>>
>>verified with spamassassin -D that this file is loaded.
>>
>>...maybe because local.cf is parsed before URI rules are defined?

On 31.10.21 20:12, Raymond Dijkxhoorn wrote:
>There is over 500 page[.]link subdomains inside SURBL right now so if
>you run the latest code its also having fixes to automaticly lookup
>the subdomains of those.
>
>(The mentioned page is also listed on SURBL)

good to know - unfortunately SA seems not to check for those 3rd level
domains until page.link is listed in util_rb_2tld...

I have tried again, but despite is being listed in
kam_sa-channels_mcgrail_com/nonKAMrules.cf,
SA does not accept that directive.

at least not SA 3.4.4 (debian 10 backports)

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.

Hi!

>>> verified with spamassassin -D that this file is loaded.
>>>
>>> ...maybe because local.cf is parsed before URI rules are defined?

>> There is over 500 page[.]link subdomains inside SURBL right now so if
>> you run the latest code its also having fixes to automaticly lookup the
>> subdomains of those.
>>
>> (The mentioned page is also listed on SURBL)

> good to know - unfortunately SA seems not to check for those 3rd level
> domains until page.link is listed in util_rb_2tld...
>
> I have tried again, but despite is being listed in
> kam_sa-channels_mcgrail_com/nonKAMrules.cf, SA does not accept that
> directive.
>
> at least not SA 3.4.4 (debian 10 backports)

Thats added with 4.0.0-rsv

Bye, Raymond

>>>>verified with spamassassin -D that this file is loaded.
>>>>
>>>>...maybe because local.cf is parsed before URI rules are defined?
>
>>>There is over 500 page[.]link subdomains inside SURBL right now so
>>>if you run the latest code its also having fixes to automaticly
>>>lookup the subdomains of those.
>>>
>>>(The mentioned page is also listed on SURBL)
>
>>good to know - unfortunately SA seems not to check for those 3rd level
>>domains until page.link is listed in util_rb_2tld...
>>
>>I have tried again, but despite is being listed in
>>kam_sa-channels_mcgrail_com/nonKAMrules.cf, SA does not accept that
>>directive.
>>
>>at least not SA 3.4.4 (debian 10 backports)

this looks liks issue of:

/var/lib/spamassassin/3.004004/updates_spamassassin_org/20_aux_tlds.cf:clear_util_rb

Nov 2 12:45:25.419 [9317] dbg: config: read file /var/lib/spamassassin/3.004004/kam_sa-channels_mcgrail_com/nonKAMrules.cf
[...]
Nov 2 12:45:25.455 [9317] dbg: config: read file /var/lib/spamassassin/3.004004/updates_spamassassin_org/20_aux_tlds.cf
Nov 2 12:45:25.456 [9317] dbg: config: cleared tld lists

On 02.11.21 12:24, Raymond Dijkxhoorn wrote:
>Thats added with 4.0.0-rsv

ehm?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I drive way too fast to worry about cholesterol.

On 2021-11-02 12:20, Matus UHLAR - fantomas wrote:

> I have tried again, but despite is being listed in
> kam_sa-channels_mcgrail_com/nonKAMrules.cf, SA does not accept that
> directive.

problem is that util_rb_2tld is global while kam rules need pr rule 2tld

make spamassassin change so 2tld can be pr rule not just global, think
of tflags rule_name util_rb_2tld=page.link

if that ever happen its up to developpers

> at least not SA 3.4.4 (debian 10 backports)

is not really debian 11 ? :)

>On 2021-11-02 12:20, Matus UHLAR - fantomas wrote:
>
>>I have tried again, but despite is being listed in
>>kam_sa-channels_mcgrail_com/nonKAMrules.cf, SA does not accept that
>>directive.

On 02.11.21 18:25, Benny Pedersen wrote:
>problem is that util_rb_2tld is global while kam rules need pr rule 2tld
>
>make spamassassin change so 2tld can be pr rule not just global, think
>of tflags rule_name util_rb_2tld=page.link
>
>if that ever happen its up to developpers

I have already posted update: the list is cleared in SA rules.

>>at least not SA 3.4.4 (debian 10 backports)
>
>is not really debian 11 ? :)

not yet
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.