[SURBL-Discuss] Re: Start an IP list to block?

Jeff Chan jeffc at surbl.org
Thu Sep 9 23:44:44 CEST 2004


On Thursday, September 9, 2004, 2:23:56 PM, Chris Santerre wrote:
>>From: Matt Kettler [mailto:mkettler at evi-inc.com]

>>At 04:56 PM 9/9/2004, Chris Santerre wrote:
>>>So is there a way to use the IP info in a good way? Could SA 
>>or SURBL do a
>>>quick ping of the URL and match against a URL? This would 
>>allow us to simply
>>>list 1 IP instead of all these domains.
>>
>>Chris, SA 3.0 appears to already support checking DNS 
>>blacklisting of URLs 
>>based on resolved IP. (as well as surbl-style based on domain 
>>name). So 
>>theoretically, SURBL could open up a separate list based on 
>>IP's (i.e.: 
>>multi.dnsbl.surbl.org)
>>
>>
>>Take a look at the example where it checks the resolved IP of 
>>a URL against 
>>the SBL (an IP based list):
>>
>>         uridnsbl        URIBL_SBL       sbl.spamhaus.org.       TXT
>>         header          URIBL_SBL       
>>eval:check_uridnsbl('URIBL_SBL')
>>         describe        URIBL_SBL       Contains a URL listed 
>>in the SBL 
>>blocklist
>>         tflags          URIBL_SBL       net
>>
>>
>>and from URIDNSBL.pm:
>>
>>         This works by analysing message text and HTML for 
>>URLs, extracting the
>>         domain names from those, querying their NS records in 
>>DNS, resolving
>>         the hostnames used therein, and querying various DNS 
>>blocklists for
>>         those IP addresses.  This is quite effective.
>>
>>         SYNOPSIS
>>
>>         loadplugin    Mail::SpamAssassin::Plugin::URIDNSBL
>>         uridnsbl      URIBL_SBLXBL    sbl-xbl.spamhaus.org.   TXT
>>

> OOOOOOHHHHH yeah! I didn't know that! Are we sure this is actually what it
> means and not just a miss-syntaxed paragraph? It actually resolves the IP
> against the RBL lookup?

> If so....well then...problem solved, and devs get a cookie :)

> --Chris (todays choices are: Oreo or NutterButter.)

Yes.

And you get a banana.  ;-)

Note also:

> Date: Thu, 9 Sep 2004 14:20:09 -0700    <<<<<<<<<<<<<<<<<<<<<
> From: Jeff Chan <jeffc at surbl.org>
> To: SpamAssassin Users <spamassassin-users at incubator.apache.org>,
>         SURBL Discuss <discuss at lists.surbl.org>
> Subject: Re: Start an IP list to block?

>>> I went thru a random few of these and they're were listed at Spamhaus.
>>> Using spamhaus at SMTP level or SA doing RBL lookups would have caught 
>>> and stopped them...
> 
>> Yes, that is a good answer.  Use Spamhaus RBLs...  :-)
> 
> I should clarify that I mean: use the Spamhaus data with programs
> that resolve the URI domains into IP addresses, or check their
> name server IPs, then check those IP address against Spamhaus.
> 
> uridnsbl in SpamAssassin 3.0 does the nameserver check against
> SBL.  Don't know if there are programs that check the web site
> IPs against SBL, but probably there are.   Does uridnsbl *only*
> check name servers?
> 
>   http://spamassassin.apache.org/full/3.0.x/dist/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
> 
> Jeff C.

Jeff C.



More information about the Discuss mailing list