[Bug 6803] Add input validation to responses from DNSBL queries

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6803 --- Comment #13 from Jeff Chan --- I am agnostic about what the best solution is, but I'm certain that input validation is a very good idea that is needed and will address a too common problem. -- You are receiving this mail because: Y

[Bug 6803] Add input validation to responses from DNSBL queries

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6803 --- Comment #12 from Kevin A. McGrail --- I can agree this ticket can stay open and leave the other resolved. I believe we need an alert rule that triggers for ANY rbl respond outside of 127/8. Then if local admins don't like it SCOR

[Bug 6803] Add input validation to responses from DNSBL queries

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6803 --- Comment #11 from Jeff Chan --- (In reply to comment #7) > I think the current SURBL rules only match on the last octet: > > 25_uribl.cf:urirhssub URIBL_SC_SURBL multi.surbl.org.A 2 > > This could be handled by just

[Bug 6803] Add input validation to responses from DNSBL queries

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6803 --- Comment #10 from Jeff Chan --- Comment 7 of bug 6728 is arguably off topic for that bug. The issue in this bug is different from the core purpose of the other bug which is to correctly interpret a signal of being deliberately blocke

[Bug 6803] Add input validation to responses from DNSBL queries

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6803 --- Comment #9 from Kevin A. McGrail --- (In reply to comment #8) > To me it makes more sense to educate ppl who have a problam than hide if > from them. > If they haven't figured out the issue on their own, they'll hardly figure > out t

[Bug 6803] Add input validation to responses from DNSBL queries

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6803 --- Comment #8 from AXB --- To me it makes more sense to educate ppl who have a problam than hide if from them. If they haven't figured out the issue on their own, they'll hardly figure out the meaning of a warning - if they ever see it.

[Bug 6803] Add input validation to responses from DNSBL queries

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6803 --- Comment #7 from Darxus --- I think the current SURBL rules only match on the last octet: 25_uribl.cf:urirhssub URIBL_SC_SURBL multi.surbl.org.A 2 This could be handled by just changing to rules to match the entire

[Bug 6803] Add input validation to responses from DNSBL queries

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6803 John Hardin changed: What|Removed |Added CC||jhar...@impsec.org --- Comment #6

[Bug 6803] Add input validation to responses from DNSBL queries

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6803 --- Comment #5 from Kevin A. McGrail --- (In reply to comment #4) > Not a duplicate. The issue raised is entirely different. I think not. See 6728 comment 7. It has to do with validation outside of 127/8 which has been discussed befo

[Bug 6803] Add input validation to responses from DNSBL queries

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6803 Jeff Chan changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|DUPLICA

[Bug 6803] Add input validation to responses from DNSBL queries

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6803 --- Comment #3 from Jeff Chan --- SURBL is not doing blocking the way the other lists are, therefore that issue is not affecting users of SURBL data, and this issue is different from 6728. The biggest problem is deliberate DNS corrupt

Re: Fwd: [Bug 6804] skim.com is no longer a freemail domain

Yet another (yuk!) Facebook game. If they send mail with that domain, it's not happening as a generic user "freemailer". If they play bad, they'll feel it elsewhere. Axb On 06/08/2012 03:07 PM, Kevin A. McGrail wrote: I saw this and was responding: Skim.com appears to redir now to facebook.

Fwd: [Bug 6804] skim.com is no longer a freemail domain

I saw this and was responding: Skim.com appears to redir now to facebook. Is it used in any way to send outbound mail/notices/etc. for facebook members or a similar structure that still has no cost? Do you think there is a risk or just ignore? Regards, KAM Original Message ---

[Bug 6804] skim.com is no longer a freemail domain

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6804 --- Comment #1 from AXB --- (In reply to comment #0) > http://svn.apache.org/repos/asf/spamassassin/trunk/rules/20_freemail_domains. > cf lists skim.com as a freemail provider. The domain has been transferred to > a new owner about a yea

[Bug 6803] Add input validation to responses from DNSBL queries

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6803 Kevin A. McGrail changed: What|Removed |Added Status|NEW |RESOLVED CC|

[Bug 6728] DNSBLs need a way to turn off queries based on BLOCKED rules triggering

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6728 Kevin A. McGrail changed: What|Removed |Added CC||je...@surbl.org --- Comment

[Bug 6804] New: skim.com is no longer a freemail domain

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6804 Priority: P2 Bug ID: 6804 Assignee: dev@spamassassin.apache.org Summary: skim.com is no longer a freemail domain Severity: minor Classification: Unclassified OS: All

[Bug 6803] Add input validation to responses from DNSBL queries

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6803 Jeff Chan changed: What|Removed |Added CC||je...@surbl.org --- Comment #1 from

[Bug 6803] New: Add input validation to responses from DNSBL queries

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6803 Priority: P2 Bug ID: 6803 Assignee: dev@spamassassin.apache.org Summary: Add input validation to responses from DNSBL queries Severity: major Classification: Unclassified