-----Original Message----- From: Matt Kettler [mailto:mkettler@evi-inc.com] Sent: Thursday, September 09, 2004 5:18 PM To: Chris Santerre; SURBL Discussion list (E-mail) Cc: Spamassassin-Talk (E-mail) Subject: Re: Start an IP list to block?
At 04:56 PM 9/9/2004, Chris Santerre wrote:
So is there a way to use the IP info in a good way? Could SA
or SURBL do a
quick ping of the URL and match against a URL? This would
allow us to simply
list 1 IP instead of all these domains.
Chris, SA 3.0 appears to already support checking DNS blacklisting of URLs based on resolved IP. (as well as surbl-style based on domain name). So theoretically, SURBL could open up a separate list based on IP's (i.e.: multi.dnsbl.surbl.org)
Take a look at the example where it checks the resolved IP of a URL against the SBL (an IP based list):
uridnsbl URIBL_SBL sbl.spamhaus.org. TXT header URIBL_SBLeval:check_uridnsbl('URIBL_SBL') describe URIBL_SBL Contains a URL listed in the SBL blocklist tflags URIBL_SBL net
and from URIDNSBL.pm:
This works by analysing message text and HTML forURLs, extracting the domain names from those, querying their NS records in DNS, resolving the hostnames used therein, and querying various DNS blocklists for those IP addresses. This is quite effective.
SYNOPSIS loadplugin Mail::SpamAssassin::Plugin::URIDNSBL uridnsbl URIBL_SBLXBL sbl-xbl.spamhaus.org. TXT
OOOOOOHHHHH yeah! I didn't know that! Are we sure this is actually what it means and not just a miss-syntaxed paragraph? It actually resolves the IP against the RBL lookup?
If so....well then...problem solved, and devs get a cookie :)
--Chris (todays choices are: Oreo or NutterButter.)
On Thursday, September 9, 2004, 2:23:56 PM, Chris Santerre wrote:
From: Matt Kettler [mailto:mkettler@evi-inc.com]
At 04:56 PM 9/9/2004, Chris Santerre wrote:
So is there a way to use the IP info in a good way? Could SA
or SURBL do a
quick ping of the URL and match against a URL? This would
allow us to simply
list 1 IP instead of all these domains.
Chris, SA 3.0 appears to already support checking DNS blacklisting of URLs based on resolved IP. (as well as surbl-style based on domain name). So theoretically, SURBL could open up a separate list based on IP's (i.e.: multi.dnsbl.surbl.org)
Take a look at the example where it checks the resolved IP of a URL against the SBL (an IP based list):
uridnsbl URIBL_SBL sbl.spamhaus.org. TXT header URIBL_SBLeval:check_uridnsbl('URIBL_SBL') describe URIBL_SBL Contains a URL listed in the SBL blocklist tflags URIBL_SBL net
and from URIDNSBL.pm:
This works by analysing message text and HTML forURLs, extracting the domain names from those, querying their NS records in DNS, resolving the hostnames used therein, and querying various DNS blocklists for those IP addresses. This is quite effective.
SYNOPSIS loadplugin Mail::SpamAssassin::Plugin::URIDNSBL uridnsbl URIBL_SBLXBL sbl-xbl.spamhaus.org. TXT
OOOOOOHHHHH yeah! I didn't know that! Are we sure this is actually what it means and not just a miss-syntaxed paragraph? It actually resolves the IP against the RBL lookup?
If so....well then...problem solved, and devs get a cookie :)
--Chris (todays choices are: Oreo or NutterButter.)
Yes.
And you get a banana. ;-)
Note also:
Date: Thu, 9 Sep 2004 14:20:09 -0700 <<<<<<<<<<<<<<<<<<<<< From: Jeff Chan jeffc@surbl.org To: SpamAssassin Users spamassassin-users@incubator.apache.org, SURBL Discuss discuss@lists.surbl.org Subject: Re: Start an IP list to block?
I went thru a random few of these and they're were listed at Spamhaus. Using spamhaus at SMTP level or SA doing RBL lookups would have caught and stopped them...
Yes, that is a good answer. Use Spamhaus RBLs... :-)
I should clarify that I mean: use the Spamhaus data with programs that resolve the URI domains into IP addresses, or check their name server IPs, then check those IP address against Spamhaus.
uridnsbl in SpamAssassin 3.0 does the nameserver check against SBL. Don't know if there are programs that check the web site IPs against SBL, but probably there are. Does uridnsbl *only* check name servers?
http://spamassassin.apache.org/full/3.0.x/dist/lib/Mail/SpamAssassin/Plugin/...
Jeff C.
Jeff C.
-
Chris Santerre -
Jeff Chan