Mailing List Archive

On Tue, Oct 04, 2022 at 03:13:29PM +0000, DEMBLANS Mathieu wrote:
> Hello,
>
> SpamAssassin version 3.4.6 With postfix 3.4.14 on debian 10.12
>
> SpamAssassin version 3.4.2 With postfix 3.4.2 on debian 10.3
>
> As it is written in the Mail_SpamAssassin_Plugin_URIDNSBL doc and confirmed by
> some tests, when a check is done with uridnsbl, only the domain is requested
> not the complete FQDN (rhsbl_zone).
>
> For example if I want to test abc.domain.com it will only request domain.com .
>
> My problem is that for phishing url search on surbl.org it doesn?t find it.
>
> On a real test for btinternet-100730.square.site, which is in the surbl.org PH
> list, spamassassin do a dns request for square.site.multi.surbl.org. that can?t
> be find.
>
> If I test manually btinternet-100730.square.site.surbl.org. the response is
> good (127.0.0.8).
>
> So it probably never find anything in this kind of list.
>
> Is there any thing to do to make it work correctly ?

For SA 3.4 you need to use util_rb_2tld cf for all such domains:

util_rb_2tld square.site

Upcoming 4.0 already supports tflags notrim, which will query the full host
from surbl and other lists that support it.

Not sure about this solution.
The problem is for all sites listed in surbl.org, not specifically square.site and its subdomains.

-----Message d'origine-----
De?: Henrik K <hege@hege.li>
Envoy??: mardi 4 octobre 2022 17:30
??: users@spamassassin.apache.org
Objet?: Re: FQDN and uridnsbl

On Tue, Oct 04, 2022 at 03:13:29PM +0000, DEMBLANS Mathieu wrote:
> Hello,
>
> SpamAssassin version 3.4.6 With postfix 3.4.14 on debian 10.12
>
> SpamAssassin version 3.4.2 With postfix 3.4.2 on debian 10.3
>
> As it is written in the Mail_SpamAssassin_Plugin_URIDNSBL doc and
> confirmed by some tests, when a check is done with uridnsbl, only the
> domain is requested not the complete FQDN (rhsbl_zone).
>
> For example if I want to test abc.domain.com it will only request domain.com .
>
> My problem is that for phishing url search on surbl.org it doesn?t find it.
>
> On a real test for btinternet-100730.square.site, which is in the
> surbl.org PH list, spamassassin do a dns request for
> square.site.multi.surbl.org. that can?t be find.
>
> If I test manually btinternet-100730.square.site.surbl.org. the
> response is good (127.0.0.8).
>
> So it probably never find anything in this kind of list.
>
> Is there any thing to do to make it work correctly ?

For SA 3.4 you need to use util_rb_2tld cf for all such domains:

util_rb_2tld square.site

Upcoming 4.0 already supports tflags notrim, which will query the full host from surbl and other lists that support it.

On Tue, Oct 04, 2022 at 03:47:02PM +0000, DEMBLANS Mathieu wrote:
> Not sure about this solution.
> The problem is for all sites listed in surbl.org, not specifically square.site and its subdomains.

I gave you a workaround for single domains for 3.4.

I also told you it's already fully solved, but you have to wait for debian 4.0.0 or install manually:

> Upcoming 4.0 already supports tflags notrim, which will query the full host from surbl and other lists that support it.

Those are the choices.

On 04.10.22 15:47, DEMBLANS Mathieu wrote:
>Not sure about this solution.
>The problem is for all sites listed in surbl.org, not specifically square.site and its subdomains.

the tflags applies to a spamassassin rule, not specific domain:

/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:#tflags URIBL_SC_SURBL net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags URIBL_WS_SURBL net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags URIBL_PH_SURBL net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags URIBL_MW_SURBL net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags URIBL_CR_SURBL net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:#tflags URIBL_AB_SURBL net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags URIBL_ABUSE_SURBL net notrim
/var/lib/spamassassin/4.000000/updates_spamassassin_org/25_uribl.cf:tflags SURBL_BLOCKED net noautolearn notrim


>-----Message d'origine-----
>De : Henrik K <hege@hege.li>
>Envoyé : mardi 4 octobre 2022 17:30
>À : users@spamassassin.apache.org
>Objet : Re: FQDN and uridnsbl
>
>On Tue, Oct 04, 2022 at 03:13:29PM +0000, DEMBLANS Mathieu wrote:
>> Hello,
>>
>> SpamAssassin version 3.4.6 With postfix 3.4.14 on debian 10.12
>>
>> SpamAssassin version 3.4.2 With postfix 3.4.2 on debian 10.3
>>
>> As it is written in the Mail_SpamAssassin_Plugin_URIDNSBL doc and
>> confirmed by some tests, when a check is done with uridnsbl, only the
>> domain is requested not the complete FQDN (rhsbl_zone).
>>
>> For example if I want to test abc.domain.com it will only request domain.com .
>>
>> My problem is that for phishing url search on surbl.org it doesn?t find it.
>>
>> On a real test for btinternet-100730.square.site, which is in the
>> surbl.org PH list, spamassassin do a dns request for
>> square.site.multi.surbl.org. that can?t be find.
>>
>> If I test manually btinternet-100730.square.site.surbl.org. the
>> response is good (127.0.0.8).
>>
>> So it probably never find anything in this kind of list.
>>
>> Is there any thing to do to make it work correctly ?
>
>For SA 3.4 you need to use util_rb_2tld cf for all such domains:
>
>util_rb_2tld square.site
>
>Upcoming 4.0 already supports tflags notrim, which will query the full host from surbl and other lists that support it.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...