Hi, Should I send this to spamassasin list?
I've done some tests on mailscanner-spamcopuri-spamassasin, and the beast marks messages with spam uri correctly, but I couldn't make it report anything on: (I'm checking for 127.0.0.2) test.surbl.org (It consults only on surbl.org not on test.surbl.org)
That's because it only checks the registered domain and not its subdomains?
So if someone send me a mail with a http://spam.not-listed-as-spammer.com in it, it will not hit any surbl.
Is this correct?
host -t any test.surbl.org.multi.surbl.org reports: test.surbl.org.multi.surbl.org. text "multi.surbl.org permanent test point" test.surbl.org.multi.surbl.org. has address 127.0.0.2
Saludos -- Leonardo Helman Pert Consultores Argentina
On Thu, Sep 09, 2004 at 11:08:17AM -0300, Leonardo Helman wrote:
Should I send this to spamassasin list?
Questionable.
That's because it only checks the registered domain and not its subdomains?
Yes. The SA 3.0 URIDNSBL plugin trims down to the actual domain for the query.
That's to avoid something like:
foo.bar.baz.test.something.else.spam.com
where if it wasn't just domain only, there'd be queries for:
foo.bar.baz.test.something.else.spam.com bar.baz.test.something.else.spam.com baz.test.something.else.spam.com test.something.else.spam.com something.else.spam.com else.spam.com spam.com
which is just bad for lots of reasons.
On Thu, 9 Sep 2004 10:58:54 -0400, Theo Van Dinter felicity@kluge.net wrote:
On Thu, Sep 09, 2004 at 11:08:17AM -0300, Leonardo Helman wrote:
Should I send this to spamassasin list?
Questionable.
That's because it only checks the registered domain and not its subdomains?
Yes. The SA 3.0 URIDNSBL plugin trims down to the actual domain for the query.
That's to avoid something like:
foo.bar.baz.test.something.else.spam.com
where if it wasn't just domain only, there'd be queries for:
foo.bar.baz.test.something.else.spam.com bar.baz.test.something.else.spam.com baz.test.something.else.spam.com test.something.else.spam.com something.else.spam.com else.spam.com spam.com
which is just bad for lots of reasons.
And how does the plugin (or spamcopuri) knows what to look up?
Does it use only the 2ndLD for gTLDs?
How does it work with ccTLDs? There are countries that register the 2ndLD and others that register the 3rdLD, if it receives: "spammer.com.es" will it query for com.es or spammer.com.es? and what if it gets "spammer.com.ar"?
FTR, Spain (.es) register the 2ndLD (com.es) and Argentina (.ar) register the 3rdLD (spammer.com.ar)... and there are countries that do both.
How does the plugin work in these cases?
On Thu, Sep 09, 2004 at 01:51:24PM -0300, Mariano Absatz wrote:
And how does the plugin (or spamcopuri) knows what to look up? Does it use only the 2ndLD for gTLDs?
I can't speak for the 2.6x patch version, but in 3.0, it "does the right thing"(tm). ;) (well, at least it does the best it can given the lack of or otherwise conflicting documentation about what registrars do what)
http://svn.apache.org/repos/asf/spamassassin/trunk/lib/Mail/SpamAssassin/Uti...
has the code to figure out registrar boundaries, and what levels are for which TLD, etc.
On Thu, 9 Sep 2004 14:24:57 -0400, Theo Van Dinter felicity@kluge.net wrote:
On Thu, Sep 09, 2004 at 01:51:24PM -0300, Mariano Absatz wrote:
And how does the plugin (or spamcopuri) knows what to look up? Does it use only the 2ndLD for gTLDs?
I can't speak for the 2.6x patch version, but in 3.0, it "does the right thing"(tm). ;) (well, at least it does the best it can given the lack of or otherwise conflicting documentation about what registrars do what)
http://svn.apache.org/repos/asf/spamassassin/trunk/lib/Mail/SpamAssassin/Uti...
has the code to figure out registrar boundaries, and what levels are for which TLD, etc.
Excelent stuff!!! I just browsed thru it and I love it... I wanted to add a couple of standard .ar subdomains that are not there yet... I just opened my first bugzilla account and entered it as a bug... I dunno if that is the correct procedure (I didn't want to subscribe to spamassassin-dev just for one msg)... I did kinda screw it, 'cause I put the patches in-line within the bug text... but then I added them as attachments... sorry for the noise.
On Thursday, September 9, 2004, 9:51:24 AM, Mariano Absatz wrote:
On Thu, 9 Sep 2004 10:58:54 -0400, Theo Van Dinter felicity@kluge.net wrote:
On Thu, Sep 09, 2004 at 11:08:17AM -0300, Leonardo Helman wrote:
That's because it only checks the registered domain and not its subdomains?
Yes. The SA 3.0 URIDNSBL plugin trims down to the actual domain for the query.
That's to avoid something like:
foo.bar.baz.test.something.else.spam.com
where if it wasn't just domain only, there'd be queries for:
foo.bar.baz.test.something.else.spam.com bar.baz.test.something.else.spam.com baz.test.something.else.spam.com test.something.else.spam.com something.else.spam.com else.spam.com spam.com
which is just bad for lots of reasons.
And how does the plugin (or spamcopuri) knows what to look up?
Does it use only the 2ndLD for gTLDs?
Yes. I believe they both use a table of gTLDs to know which ones to trim down to the second level.
How does it work with ccTLDs? There are countries that register the 2ndLD and others that register the 3rdLD, if it receives: "spammer.com.es" will it query for com.es or spammer.com.es? and what if it gets "spammer.com.ar"?
ccTLDs start checking at the third level, unless the ccTLD allows second level registrations like spammer.ar.
FTR, Spain (.es) register the 2ndLD (com.es) and Argentina (.ar) register the 3rdLD (spammer.com.ar)... and there are countries that do both.
How does the plugin work in these cases?
I'm pretty sure it checks both against SURBLs, but that would be a question for the developers or the source code to answer. ;-)
Jeff C.
On Thursday, September 9, 2004, 7:08:17 AM, Leonardo Helman wrote:
Hi, Should I send this to spamassasin list?
I've done some tests on mailscanner-spamcopuri-spamassasin, and the beast marks messages with spam uri correctly, but I couldn't make it report anything on: (I'm checking for 127.0.0.2) test.surbl.org (It consults only on surbl.org not on test.surbl.org)
That's because it only checks the registered domain and not its subdomains?
So if someone send me a mail with a http://spam.not-listed-as-spammer.com in it, it will not hit any surbl.
Is this correct?
host -t any test.surbl.org.multi.surbl.org reports: test.surbl.org.multi.surbl.org. text "multi.surbl.org permanent test point" test.surbl.org.multi.surbl.org. has address 127.0.0.2
As others have mentioned, programs using SURBL data try to reduce it to the registrar domain before checking it against SURBLS:
http://www.surbl.org/implementation.html
- Extract base (registrar) domains from those URIs. This
includes removing any and all leading host names, subdomains, www., randomized subdomains, etc. In order to determine the base domain it may be necessary to use a table of country code TLDs (ccTLDs) such as this partially-imcomplete one SURBL uses. For example, any domain found in the two level ccTLD list should have a three-level domain name extracted (like foo.co.uk) for matching against a SURBL. Domains not in the ccTLD list should have two levels checked (such as foo.com).
Therefore a two level domain or numeric IP address can be used for testing:
http://www.surbl.org/faq.html#test-uris
What URIs should a SURBL test message have?
SURBL test URLs are:
http://surbl-org-permanent-test-point-MUNGED.com/
or:
without the "-MUNGED"s. So if you send yourself a message with any of those unmunged testpoints as URIs, the messages should match any SURBLs you have installed. (The name of the list, in the earlier examples sc.surbl.org, is only added to DNS queries on the RBL.)
The testpoints are described at:
http://www.surbl.org/faq.html#testpoints
Jeff C.
-
Jeff Chan -
Leonardo Helman -
Mariano Absatz -
Theo Van Dinter