At 04:56 PM 9/9/2004, Chris Santerre wrote:
So is there a way to use the IP info in a good way? Could SA or SURBL do a quick ping of the URL and match against a URL? This would allow us to simply list 1 IP instead of all these domains.
Chris, SA 3.0 appears to already support checking DNS blacklisting of URLs based on resolved IP. (as well as surbl-style based on domain name). So theoretically, SURBL could open up a separate list based on IP's (i.e.: multi.dnsbl.surbl.org)
Take a look at the example where it checks the resolved IP of a URL against the SBL (an IP based list):
uridnsbl URIBL_SBL sbl.spamhaus.org. TXT header URIBL_SBL eval:check_uridnsbl('URIBL_SBL') describe URIBL_SBL Contains a URL listed in the SBL blocklist tflags URIBL_SBL net
and from URIDNSBL.pm:
This works by analysing message text and HTML for URLs, extracting the domain names from those, querying their NS records in DNS, resolving the hostnames used therein, and querying various DNS blocklists for those IP addresses. This is quite effective.
SYNOPSIS
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL uridnsbl URIBL_SBLXBL sbl-xbl.spamhaus.org. TXT