Good morning, Charles,
William Stearns wstearns@pobox.com 04/13/2004 9:39:49 AM >>>
Good day,
On Tue, 13 Apr 2004, ITReading ITReading wrote:
I'm sure this has already been clarified, but I think I may not have joined the list when it was mentioned. Does ws.surbl.org reflect the contents of "sa-blacklist-uri.cf" or "sa-blacklist" or both?
Both lists contain essentially the same domains, but check different things. sa-blacklist.cf checks the sender domain, sa-blacklist.uri.cf checks urls in the body of the mail. So the ws.surbl.org really replaces the sa-blacklist.uri.cf.
On Tue, 13 Apr 2004, Charles Solomon wrote:
Thanks William, One more question. Since both lists contain the same domains, and this list is now published at ws.surbl.org, couldn't I implement something like the following in addition to the SpamCopURI to get the benefits of SA-Blacklist in the FROM headers?
header RCVD_IN_WSSURBL eval:check_rbl('ws.surbl.org', '127.0.0.2') describe RCVD_IN_SORBS WS-SURBL: sender is listed in ws.surbl.org tflags RCVD_IN_SORBS net
I honestly don't know the answer to that. Does anyone know if that will successfully check the sender domain? Cheers, - Bill
--------------------------------------------------------------------------- The woods are lovely, dark and deep. But I have promises to keep, and lines to code before I sleep, And lines to code before I sleep. -- Stephen Williams (Courtesy of Ben Woodard bwoodard@cisco.com) -------------------------------------------------------------------------- William Stearns (wstearns@pobox.com). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --------------------------------------------------------------------------
On Tuesday, April 13, 2004, 8:58:30 AM, William Stearns wrote:
On Tue, 13 Apr 2004, Charles Solomon wrote:
One more question. Since both lists contain the same domains, and this list is now published at ws.surbl.org, couldn't I implement something like the following in addition to the SpamCopURI to get the benefits of SA-Blacklist in the FROM headers?
header RCVD_IN_WSSURBL eval:check_rbl('ws.surbl.org', '127.0.0.2') describe RCVD_IN_SORBS WS-SURBL: sender is listed in ws.surbl.org tflags RCVD_IN_SORBS net
I honestly don't know the answer to that. Does anyone know ifthat will successfully check the sender domain?
The code that's using SURBLs generally should only be looking at message bodies, so it should only match on spam domains in the message body URIs and not header info.
That said, since Bill's data which ends up in ws has some sender domains in it, using ws.surbl.org in conventional RBL code that looks at message headers such as sender domain may get some matches.
However attempting to match sender domains would give far fewer (near zero) hits with sc.surbl.org whose source data comes from message bodies only.
In other words we're trying to use SURBLs on message body URIs and not against message headers, which would be more like using a regular RBL. As I understand it Bill is also focusing on adding URI domains to his list lately, which is a good match for the intended use of SURBLs.
Hope this helps,
Jeff C.
-
Jeff Chan -
William Stearns