Re: check doman against uri bl of spamassassin

2020-10-22 Thread RW 
On Thu, 22 Oct 2020 09:50:32 -0400
Bill Cole wrote:

> Using "any" queries is ill-advised. Generally that will only return 
> records that happen to be in the queried server's cache, 


That sounds like it could be a problem for AskDNS, from its
trunk documentation:

  "The rr_type parameter not only provides a filter for RR types found
  in the DNS answer, but also determines the DNS query type. ... When
  more than one RR type is specified (e.g. A, , TXT) or if ANY is
  specified, then the DNS query type will be ANY and the rr_type
  parameter will only act as a filter on a result."

Re: check doman against uri bl of spamassassin

2020-10-22 Thread Bill Cole 

On 22 Oct 2020, at 4:48, Benoît Panizzon wrote:


Hi

For heaven's sake, help him use 'dig' or 'host' :-)


I did. :)


$ dig -t any climklaym.site.uribl.swinog.ch


Using "any" queries is ill-advised. Generally that will only return 
records that happen to be in the queried server's cache, and due to its 
use in reflective amplification attacks, many servers won't even do 
that. For example, Cloudflare's nameservers have been responding with 
NOTIMP to ANY queries for some years now.


Also: the SWINOG list is not used by SA.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

Re: check doman against uri bl of spamassassin

2020-10-22 Thread Benoît Panizzon 
Hi

For heaven's sake, help him use 'dig' or 'host' :-)

$ dig -t any climklaym.site.uribl.swinog.ch
[...]
;; ANSWER SECTION:
climklaym.site.uribl.swinog.ch. 120 IN  A   127.0.1.8
climklaym.site.uribl.swinog.ch. 120 IN  TXT ": 17-09-2020 11:41 SWINOG 
Spamtrap Alpha 2.12 climklaym.site 
https://blacklist.woody.ch/rblhostlist.php?id=climklaym.site.uri";

$ host -t any climklaym.site.uribl.swinog.ch
climklaym.site.uribl.swinog.ch has address 127.0.1.8
climklaym.site.uribl.swinog.ch descriptive text ": 17-09-2020 11:41 SWINOG 
Spamtrap Alpha 2.12 climklaym.site 
https://blacklist.woody.ch/rblhostlist.php?id=climklaym.site.uri";

Or point him to web-based DNS blacklist query services:

http://multirbl.valli.org/
https://mxtoolbox.com/blacklists.aspx

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

RE: check doman against uri bl of spamassassin

2020-10-22 Thread Marc Roos 
 > 
 >
 >
 >> :D I thought I could query the blacklists from the command line with 

 >> dig
 >> or so
 >
 >You can, at least in principle, but it would not be a single command 
or 
 >a well-defined small set of commands if you don't have SA installed 
and 
 >want to know the SA penalty of an URI in a particular domain.
 >
 >The rules files in the default rules channel have 23 active urirhssub 
 >rules defined. They reference 4 URIBL zones, 3 of which are 
multiplexed:
 >
 >dbl.spamhaus.org.
 >dob.sibl.support-intelligence.net
 >multi.surbl.org.
 >multi.uribl.com.
 >
 >So you COULD just check a domain such as example.com like this:
 >
 >   dig example.com.dbl.spamhaus.org. 
 >example.com.dob.sibl.support-intelligence.net. 
 >example.com.multi.surbl.org. example.com.multi.uribl.com.

Oh ok, that sounds indeed simple. I thought there was more to it. 
This means with such implementation, that if you have such a blog
collection site like wordpress.com. If one wordpress.com/xxx
site gets listed, all are listed.

 >Figuring out what the results of such a search means would require you 

 >to look up the return codes and what they mean for each of those 
URIBLs. 
 >Figuring out what the cumulative SA score would be of a particular 
 >domain would require you to check the current score files in the rules 

 >distribution.

No, that is not necessary, just need to know if it is possible to query
these blacklists on existence.

Re: check doman against uri bl of spamassassin

2020-10-21 Thread Bill Cole 

On 21 Oct 2020, at 16:22, Marc Roos wrote:

:D I thought I could query the blacklists from the command line with 
dig

or so


You can, at least in principle, but it would not be a single command or 
a well-defined small set of commands if you don't have SA installed and 
want to know the SA penalty of an URI in a particular domain.


The rules files in the default rules channel have 23 active urirhssub 
rules defined. They reference 4 URIBL zones, 3 of which are multiplexed:


dbl.spamhaus.org.
dob.sibl.support-intelligence.net
multi.surbl.org.
multi.uribl.com.

So you COULD just check a domain such as example.com like this:

  dig example.com.dbl.spamhaus.org. 
example.com.dob.sibl.support-intelligence.net. 
example.com.multi.surbl.org. example.com.multi.uribl.com.


Figuring out what the results of such a search means would require you 
to look up the return codes and what they mean for each of those URIBLs. 
Figuring out what the cumulative SA score would be of a particular 
domain would require you to check the current score files in the rules 
distribution.



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

Re: check doman against uri bl of spamassassin

2020-10-21 Thread Martin Gregorie 
On Wed, 2020-10-21 at 22:22 +0200, Marc Roos wrote:
> :D I thought I could query the blacklists from the command line with
> dig or so
>  
Sounds possible, but what use is a command line query when what you need
is something that can be triggered by getmail, your MTA, an MUA or
whatever? You might be able to do that from a shell script, but a Perl
program would be better, so find your copy of the 'Camel Book', open a
terminal and design a program and start coding.

At least, that's what I would do and have done in similar circumstances.
The only difference is that, apart from an SA module, I've written my
special mail handlers in C and Java rather than Perl. All these
languages have built-in or library routines for reading mail and
interrogating servers.
 
Martin
> 
> -Original Message-
> From: @lbutlr [mailto:krem...@kreme.com] 
> Sent: Wednesday, October 21, 2020 10:20 PM
> To: users@spamassassin.apache.org
> Subject: Re: check doman against uri bl of spamassassin
> 
> On 21 Oct 2020, at 13:35, Marc Roos  wrote:
> > What is the best way to check an url against the default active 
> > spamassassin uribl, on a linux server that does not have
> > spamassassin 
> > installed?
> 
> This is clearly in the "how do I do a thing while imposing conditions 
> that make  impossible to do" class of question.
> 
> "How do I dive 300 meters under water without an oxygen supply or 
> pressure suit?"
> 
> "How can I get from New York City to Los Angels in less than 10 hours 
> without flying?"
> 
> If you want to test something against spamasassin you need one thing
> for 
> sure, access to spamassassin.
> 
> --
> 'I really should talk to him, sir. He's had a near-death experience!'
>   'We all do. It's called living.'
> 
> 
>

RE: check doman against uri bl of spamassassin

2020-10-21 Thread Marc Roos 



> and why just don't you?

I have no idea what the default ones are. Also don't know exactly the 
syntax, especially when slashes are included and if hashes are used or 
so.

RE: check doman against uri bl of spamassassin

2020-10-21 Thread Marc Roos 
:D I thought I could query the blacklists from the command line with dig 
or so
 

-Original Message-
From: @lbutlr [mailto:krem...@kreme.com] 
Sent: Wednesday, October 21, 2020 10:20 PM
To: users@spamassassin.apache.org
Subject: Re: check doman against uri bl of spamassassin

On 21 Oct 2020, at 13:35, Marc Roos  wrote:
> What is the best way to check an url against the default active 
> spamassassin uribl, on a linux server that does not have spamassassin 
> installed?

This is clearly in the "how do I do a thing while imposing conditions 
that make  impossible to do" class of question.

"How do I dive 300 meters under water without an oxygen supply or 
pressure suit?"

"How can I get from New York City to Los Angels in less than 10 hours 
without flying?"

If you want to test something against spamasassin you need one thing for 
sure, access to spamassassin.

--
'I really should talk to him, sir. He's had a near-death experience!'
'We all do. It's called living.'

Re: check doman against uri bl of spamassassin

2020-10-21 Thread @lbutlr 
On 21 Oct 2020, at 13:35, Marc Roos  wrote:
> What is the best way to check an url against the default active 
> spamassassin uribl, on a linux server that does not have spamassassin 
> installed? 

This is clearly in the "how do I do a thing while imposing conditions that make 
 impossible to do" class of question.

"How do I dive 300 meters under water without an oxygen supply or pressure 
suit?"

"How can I get from New York City to Los Angels in less than 10 hours without 
flying?"

If you want to test something against spamasassin you need one thing for sure, 
access to spamassassin.

-- 
'I really should talk to him, sir. He's had a near-death experience!'
'We all do. It's called living.'

check doman against uri bl of spamassassin

2020-10-21 Thread Marc Roos 


What is the best way to check an url against the default active 
spamassassin uribl, on a linux server that does not have spamassassin 
installed?