Re: check doman against uri bl of spamassassin
On Thu, 22 Oct 2020 09:50:32 -0400 Bill Cole wrote: > Using "any" queries is ill-advised. Generally that will only return > records that happen to be in the queried server's cache, That sounds like it could be a problem for AskDNS, from its trunk documentation: "The rr_type parameter not only provides a filter for RR types found in the DNS answer, but also determines the DNS query type. ... When more than one RR type is specified (e.g. A, , TXT) or if ANY is specified, then the DNS query type will be ANY and the rr_type parameter will only act as a filter on a result."
Re: check doman against uri bl of spamassassin
On 22 Oct 2020, at 4:48, Benoît Panizzon wrote: Hi For heaven's sake, help him use 'dig' or 'host' :-) I did. :) $ dig -t any climklaym.site.uribl.swinog.ch Using "any" queries is ill-advised. Generally that will only return records that happen to be in the queried server's cache, and due to its use in reflective amplification attacks, many servers won't even do that. For example, Cloudflare's nameservers have been responding with NOTIMP to ANY queries for some years now. Also: the SWINOG list is not used by SA. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: check doman against uri bl of spamassassin
Hi For heaven's sake, help him use 'dig' or 'host' :-) $ dig -t any climklaym.site.uribl.swinog.ch [...] ;; ANSWER SECTION: climklaym.site.uribl.swinog.ch. 120 IN A 127.0.1.8 climklaym.site.uribl.swinog.ch. 120 IN TXT ": 17-09-2020 11:41 SWINOG Spamtrap Alpha 2.12 climklaym.site https://blacklist.woody.ch/rblhostlist.php?id=climklaym.site.uri"; $ host -t any climklaym.site.uribl.swinog.ch climklaym.site.uribl.swinog.ch has address 127.0.1.8 climklaym.site.uribl.swinog.ch descriptive text ": 17-09-2020 11:41 SWINOG Spamtrap Alpha 2.12 climklaym.site https://blacklist.woody.ch/rblhostlist.php?id=climklaym.site.uri"; Or point him to web-based DNS blacklist query services: http://multirbl.valli.org/ https://mxtoolbox.com/blacklists.aspx -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __
RE: check doman against uri bl of spamassassin
> > > >> :D I thought I could query the blacklists from the command line with >> dig >> or so > >You can, at least in principle, but it would not be a single command or >a well-defined small set of commands if you don't have SA installed and >want to know the SA penalty of an URI in a particular domain. > >The rules files in the default rules channel have 23 active urirhssub >rules defined. They reference 4 URIBL zones, 3 of which are multiplexed: > >dbl.spamhaus.org. >dob.sibl.support-intelligence.net >multi.surbl.org. >multi.uribl.com. > >So you COULD just check a domain such as example.com like this: > > dig example.com.dbl.spamhaus.org. >example.com.dob.sibl.support-intelligence.net. >example.com.multi.surbl.org. example.com.multi.uribl.com. Oh ok, that sounds indeed simple. I thought there was more to it. This means with such implementation, that if you have such a blog collection site like wordpress.com. If one wordpress.com/xxx site gets listed, all are listed. >Figuring out what the results of such a search means would require you >to look up the return codes and what they mean for each of those URIBLs. >Figuring out what the cumulative SA score would be of a particular >domain would require you to check the current score files in the rules >distribution. No, that is not necessary, just need to know if it is possible to query these blacklists on existence.
Re: check doman against uri bl of spamassassin
On 21 Oct 2020, at 16:22, Marc Roos wrote: :D I thought I could query the blacklists from the command line with dig or so You can, at least in principle, but it would not be a single command or a well-defined small set of commands if you don't have SA installed and want to know the SA penalty of an URI in a particular domain. The rules files in the default rules channel have 23 active urirhssub rules defined. They reference 4 URIBL zones, 3 of which are multiplexed: dbl.spamhaus.org. dob.sibl.support-intelligence.net multi.surbl.org. multi.uribl.com. So you COULD just check a domain such as example.com like this: dig example.com.dbl.spamhaus.org. example.com.dob.sibl.support-intelligence.net. example.com.multi.surbl.org. example.com.multi.uribl.com. Figuring out what the results of such a search means would require you to look up the return codes and what they mean for each of those URIBLs. Figuring out what the cumulative SA score would be of a particular domain would require you to check the current score files in the rules distribution. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: check doman against uri bl of spamassassin
On Wed, 2020-10-21 at 22:22 +0200, Marc Roos wrote: > :D I thought I could query the blacklists from the command line with > dig or so > Sounds possible, but what use is a command line query when what you need is something that can be triggered by getmail, your MTA, an MUA or whatever? You might be able to do that from a shell script, but a Perl program would be better, so find your copy of the 'Camel Book', open a terminal and design a program and start coding. At least, that's what I would do and have done in similar circumstances. The only difference is that, apart from an SA module, I've written my special mail handlers in C and Java rather than Perl. All these languages have built-in or library routines for reading mail and interrogating servers. Martin > > -Original Message- > From: @lbutlr [mailto:krem...@kreme.com] > Sent: Wednesday, October 21, 2020 10:20 PM > To: users@spamassassin.apache.org > Subject: Re: check doman against uri bl of spamassassin > > On 21 Oct 2020, at 13:35, Marc Roos wrote: > > What is the best way to check an url against the default active > > spamassassin uribl, on a linux server that does not have > > spamassassin > > installed? > > This is clearly in the "how do I do a thing while imposing conditions > that make impossible to do" class of question. > > "How do I dive 300 meters under water without an oxygen supply or > pressure suit?" > > "How can I get from New York City to Los Angels in less than 10 hours > without flying?" > > If you want to test something against spamasassin you need one thing > for > sure, access to spamassassin. > > -- > 'I really should talk to him, sir. He's had a near-death experience!' > 'We all do. It's called living.' > > >
RE: check doman against uri bl of spamassassin
> and why just don't you? I have no idea what the default ones are. Also don't know exactly the syntax, especially when slashes are included and if hashes are used or so.
RE: check doman against uri bl of spamassassin
:D I thought I could query the blacklists from the command line with dig or so -Original Message- From: @lbutlr [mailto:krem...@kreme.com] Sent: Wednesday, October 21, 2020 10:20 PM To: users@spamassassin.apache.org Subject: Re: check doman against uri bl of spamassassin On 21 Oct 2020, at 13:35, Marc Roos wrote: > What is the best way to check an url against the default active > spamassassin uribl, on a linux server that does not have spamassassin > installed? This is clearly in the "how do I do a thing while imposing conditions that make impossible to do" class of question. "How do I dive 300 meters under water without an oxygen supply or pressure suit?" "How can I get from New York City to Los Angels in less than 10 hours without flying?" If you want to test something against spamasassin you need one thing for sure, access to spamassassin. -- 'I really should talk to him, sir. He's had a near-death experience!' 'We all do. It's called living.'
Re: check doman against uri bl of spamassassin
On 21 Oct 2020, at 13:35, Marc Roos wrote: > What is the best way to check an url against the default active > spamassassin uribl, on a linux server that does not have spamassassin > installed? This is clearly in the "how do I do a thing while imposing conditions that make impossible to do" class of question. "How do I dive 300 meters under water without an oxygen supply or pressure suit?" "How can I get from New York City to Los Angels in less than 10 hours without flying?" If you want to test something against spamasassin you need one thing for sure, access to spamassassin. -- 'I really should talk to him, sir. He's had a near-death experience!' 'We all do. It's called living.'
check doman against uri bl of spamassassin
What is the best way to check an url against the default active spamassassin uribl, on a linux server that does not have spamassassin installed?