subject:"Re\: config files in spamasassin is unintended tlds \:\/"

Re: config files in spamasassin is unintended tlds :/

2018-11-05 Thread RW

On Mon, 05 Nov 2018 12:14:50 -0500
Bill Cole wrote:

. I would guess that with some authoritative 
> servers refusing to serve invalid names and some resolvers refusing
> to resolve them, it would be a low-yield tactic to use them to evade 
> filtering.

Authoritative nameservers are potentially under the control of
spammers. 

As regards resolvers, it  works on Free/NetBSD, Windows and Android. If
it works on FreeBSD and Android, it probably works on IOS, OS X and
Linux too.

Re: config files in spamasassin is unintended tlds :/

2018-11-05 Thread Kenneth Porter

--On Monday, November 05, 2018 12:14 PM -0500 Bill Cole 
 wrote:



FWIW, BIND 9.x (since 9.4-ish) will parse and load a zone with such an A
in it, but complains and does not serve the record: NXDOMAIN for a normal
query, no hint of it in a zone transfer.


BIND's check-names directive controls whether a zone permits underscores.

Re: config files in spamasassin is unintended tlds :/

2018-11-05 Thread Bill Cole


On 5 Nov 2018, at 9:44, RW wrote:


I created an A-record at Namecheap for a_b.mydomain.tld and
neither firefox nor chromium had a problem with it.


That's interesting and unfortunate because 'a_b' is unequivocally a 
violation of the syntax for hostnames. It may be acceptable as a DNS 
label, but it isn't a valid hostname.


FWIW, BIND 9.x (since 9.4-ish) will parse and load a zone with such an A 
in it, but complains and does not serve the record: NXDOMAIN for a 
normal query, no hint of it in a zone transfer. Deep in the mists of 
time, the resolver for 'classic' MacOS (not derived from any other 
resolver) got an update that made it no longer resolve hostnames with 
underscores and while there was a brief bit of grumbling, they never 
reversed that stringency. I would guess that with some authoritative 
servers refusing to serve invalid names and some resolvers refusing to 
resolve them, it would be a low-yield tactic to use them to evade 
filtering.

Re: config files in spamasassin is unintended tlds :/

2018-11-05 Thread Henrik K

On Mon, Nov 05, 2018 at 02:44:29PM +, RW wrote:
> On Sun, 04 Nov 2018 19:28:02 -0500
> Bill Cole wrote:
> 
> > On 4 Nov 2018, at 16:27, Henrik K wrote:
> > 
> > > Can someone actually register and use a domain with underscore in
> > > it?  
> > 
> > No.
> > 
> ... 
> > I support the concept of not treating domain-name-like strings that
> > are not valid hostnames as if they are URI domain-parts. That would
> > mean anything with an underscore. It MIGHT be more prudent to exempt 
> > leading-underscore labels, as those can be legal domain names that
> > could have CNAME or DNAME records mapping them to working hostnames.
> 
> I created an A-record at Namecheap for a_b.mydomain.tld and
> neither firefox nor chromium had a problem with it.
> 
> I think the ideal would be to allow underscores when parsing-out domain
> names and then discard anything with an underscore in the registered
> part.

I've applied this to trunk.  Since it's mainly problem with unnecessary
URIBL queries, that's what I've patched for now.  Need to ponder if it's ok
to filter completely out of get_uri_detail_list internals.

http://svn.apache.org/viewvc?view=revision=date=1845807

Re: config files in spamasassin is unintended tlds :/

2018-11-05 Thread RW

On Sun, 04 Nov 2018 19:28:02 -0500
Bill Cole wrote:

> On 4 Nov 2018, at 16:27, Henrik K wrote:
> 
> > Can someone actually register and use a domain with underscore in
> > it?  
> 
> No.
> 
... 
> I support the concept of not treating domain-name-like strings that
> are not valid hostnames as if they are URI domain-parts. That would
> mean anything with an underscore. It MIGHT be more prudent to exempt 
> leading-underscore labels, as those can be legal domain names that
> could have CNAME or DNAME records mapping them to working hostnames.

I created an A-record at Namecheap for a_b.mydomain.tld and
neither firefox nor chromium had a problem with it.

I think the ideal would be to allow underscores when parsing-out domain
names and then discard anything with an underscore in the registered
part.

Re: config files in spamasassin is unintended tlds :/

2018-11-04 Thread Rupert Gallagher

.local is a valid tld for LANs.
Please do not mess with the DNS.

On Sun, Nov 4, 2018 at 17:14, Benny Pedersen  wrote:

> is it a problem ?
>
> i think it should be solved to make configfiles local dns resolved only,
> if at all it needs to be dns
>
> so cf changes to cf.localdomain or cf.localhost, not just use cf with is
> a valid cctlds :(
>
> is cf.local valid and where ?
>
> i have not maked a bug on it yet, but will start here to hear what
> should be done

Re: config files in spamasassin is unintended tlds :/

2018-11-04 Thread Kenneth Porter

--On Sunday, November 04, 2018 7:28 PM -0500 Bill Cole 
 wrote:



most of my examples of "Not A URI" were in fact turned into clickable
links by some horrific MUA.


If it's clickable, some user will click on it. If it's not, a malicious 
message may beg the user to copy and paste it into the browser, and he'll 
do it.


"Programming today is a race between software engineers striving to build 
bigger and better idiot-proof programs, and the Universe trying to produce 
bigger and better idiots. So far, the Universe is winning." -- Rick Cook in 
The Wizardry Compiled

Re: config files in spamasassin is unintended tlds :/

2018-11-04 Thread John Hardin


On Sun, 4 Nov 2018, John Hardin wrote:


Why is your system doing that?


...never mind, explained in a later post.

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
   -- Peter da Silva in a.s.r
---
 Today: Daylight Saving Time ends in U.S. - Fall Back

Re: config files in spamasassin is unintended tlds :/

2018-11-04 Thread John Hardin


On Sun, 4 Nov 2018, Benny Pedersen wrote:


Bill Cole skrev den 2018-11-04 19:25:

On 4 Nov 2018, at 11:45, Grant Taylor wrote:

Why does it matter if there's a naming collision between DNS domain names 
and file names?


Discussion of config files for SpamAssassin and Postfix has
intermittently been matched by URI DNSBLs. Some years ago I discovered
just how widespread dumb bounce models were when I talked about the
master config file for Postfix on the Postfix Users list, the same
week that someone was spamvertising URLs under master (dot) cf.


Nov  3 03:22:50 localhost named[2301]: connection refused resolving 
'72_scores.cf/NS/IN': 2a04:1b00:6::1#53
Nov  3 03:22:50 localhost named[2301]: connection refused resolving 
'72_scores.cf/A/IN': 2a04:1b00:6::1#53
Nov  3 14:59:26 localhost named[2301]: connection refused resolving 
'20_misc.cf/NS/IN': 2a04:1b00:4::1#53
Nov  3 14:59:26 localhost named[2301]: connection refused resolving 
'20_misc.cf/A/IN': 2a04:1b00:4::1#53
Nov  3 14:59:26 localhost named[2301]: connection refused resolving 
'20_misc.cf/A/IN': 2a04:1b00:6::1#53
Nov  3 14:59:26 localhost named[2301]: connection refused resolving 
'20_misc.cf/NS/IN': 2a04:1b00:6::1#53
Nov  2 03:14:10 localhost named[2301]: connection refused resolving 
'72_scores.cf/NS/IN': 2a04:1b00:4::1#53
Nov  2 03:14:10 localhost named[2301]: connection refused resolving 
'72_scores.cf/A/IN': 2a04:1b00:4::1#53
Nov  2 03:14:10 localhost named[2301]: connection refused resolving 
'd.ns.cf/A/IN': 2a04:1b00:4::1#53
Nov  2 03:14:10 localhost named[2301]: connection refused resolving 
'd.ns.cf//IN': 2a04:1b00:4::1#53
Nov  2 17:23:46 localhost named[2301]: connection refused resolving 
'master.cf/A/IN': 2a04:1b00:6::1#53
Nov  2 17:23:46 localhost named[2301]: connection refused resolving 
'master.cf/NS/IN': 2a04:1b00:6::1#53
Nov  2 17:23:46 localhost named[2301]: connection refused resolving 
'master.cf/A/IN': 2a04:1b00:4::1#53
Nov  2 17:23:46 localhost named[2301]: connection refused resolving 
'master.cf/NS/IN': 2a04:1b00:4::1#53
Nov  1 03:15:14 localhost named[2301]: connection refused resolving 
'72_scores.cf/NS/IN': 2a04:1b00:4::1#53
Nov  1 03:15:14 localhost named[2301]: connection refused resolving 
'72_scores.cf/A/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_bug_7549.cf/A/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_bug_7549.cf/NS/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_thirdparty.cf/A/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_thirdparty.cf/NS/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_advance_fee_reevolved.cf/A/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_advance_fee_reevolved.cf/NS/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_darxus_experimental.cf/NS/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'70_phishing.cf/NS/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_darxus_experimental.cf/A/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'70_phishing.cf/A/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_misc_testing.cf/NS/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_misc_testing.cf/A/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_imageinfo.cf/A/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_imageinfo.cf/NS/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_darxus_experimental.cf/NS/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_darxus_experimental.cf/A/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'70_phishing.cf/NS/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'70_phishing.cf/A/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_misc_testing.cf/NS/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_misc_testing.cf/A/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_imageinfo.cf/A/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_imageinfo.cf/NS/IN': 2a04:1b00:6::1#53


so ns.cf blocks my named now, i cant resolve any cf domains with it


Why is your system doing that?

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic

Re: config files in spamasassin is unintended tlds :/

2018-11-04 Thread Bill Cole


On 4 Nov 2018, at 16:27, Henrik K wrote:


Can someone actually register and use a domain with underscore in it?


No.

It is worth noting that the SA "standard" for what is treated as a 
domain part of an URI is grounded in how MUAs behave, not in conformance 
to to any well-defined specification. I recall a conversation I had 
either here or in a bug with Kevin McGrail some years back in which I 
argued that "could be a domain name in a URI" was too broad a definition 
and lost badly on the fact that most of my examples of "Not A URI" were 
in fact turned into clickable links by some horrific MUA.


I support the concept of not treating domain-name-like strings that are 
not valid hostnames as if they are URI domain-parts. That would mean 
anything with an underscore. It MIGHT be more prudent to exempt 
leading-underscore labels, as those can be legal domain names that could 
have CNAME or DNAME records mapping them to working hostnames.



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole

Re: config files in spamasassin is unintended tlds :/

2018-11-04 Thread Grant Taylor


On 11/04/2018 04:02 PM, Grant Taylor wrote:
I have been downloading a daily lists of newly registered domains  
for almost a year.


I have grand plans of turning the data into an RBL (of sorts) that I can 
use to artificially add score to young domain names.  Something like 
last day, last week, last month type thing.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: config files in spamasassin is unintended tlds :/

2018-11-04 Thread Grant Taylor


On 11/04/2018 02:27 PM, Henrik K wrote:

It does seems wasteful parsing 72_foobar.cf as a legal domain.


Agreed.


Can someone actually register and use a domain with underscore in it?


I don't know.

Does anyone have access to some URIBL data, is something actually listed 
with an underscore? I'd guess not..


I have been downloading a daily lists of newly registered domains [1] 
for almost a year.  Out of 37 million domain [2] names I don't see a 
single one with an underscore in it.


I'm not feeling spry enough to register a domain with an underscore. 
DNS will happily handle the underscore, even though it's not legal in a 
host name.  (DNS > just hostnames.)


[1] I'm downloading freely available data.
[2] 335 days worth of newly registered domains.



--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: config files in spamasassin is unintended tlds :/

2018-11-04 Thread Henrik K

On Sun, Nov 04, 2018 at 04:12:12PM -0500, Bill Cole wrote:
>
> That would be SpamAssassin itself. The policy of treating anything matching
> '[-a-zA-Z0-9_]+\.' as an URI in all contexts dates back to v3.3.1
> at least. See https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6716 and
> note this scan of a recent message:

It does seems wasteful parsing 72_foobar.cf as a legal domain.

https://stackoverflow.com/questions/2180465/can-domain-name-subdomains-have-an-underscore-in-it
..etc

Can someone actually register and use a domain with underscore in it?  Does
anyone have access to some URIBL data, is something actually listed with an
underscore? I'd guess not..

Re: config files in spamasassin is unintended tlds :/

2018-11-04 Thread Bill Cole


On 4 Nov 2018, at 14:48, Matus UHLAR - fantomas wrote:


On 4 Nov 2018, at 11:45, Grant Taylor wrote:
Why does it matter if there's a naming collision between DNS domain 
names and file names?



Bill Cole skrev den 2018-11-04 19:25:

Discussion of config files for SpamAssassin and Postfix has
intermittently been matched by URI DNSBLs. Some years ago I 
discovered

just how widespread dumb bounce models were when I talked about the
master config file for Postfix on the Postfix Users list, the same
week that someone was spamvertising URLs under master (dot) cf.


On 04.11.18 19:48, Benny Pedersen wrote:
Nov  3 03:22:50 localhost named[2301]: connection refused resolving 
'72_scores.cf/NS/IN': 2a04:1b00:6::1#53

[...]
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_imageinfo.cf/NS/IN': 2a04:1b00:6::1#53


so ns.cf blocks my named now, i cant resolve any cf domains with it

time to change imho


I recommend chasing who is treating those as URLs.


That would be SpamAssassin itself. The policy of treating anything 
matching '[-a-zA-Z0-9_]+\.' as an URI in all contexts dates 
back to v3.3.1 at least. See 
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6716 and note this 
scan of a recent message:



# spamassassin -t -D uridnsbl  
/tmp/mdpreserve.42nj0s5F0hz1hSbGh/INPUTMSG 2>&1 |pcregrep 
'\.cf\b|^(From|Subject|Date|Message-Id): '
Nov  4 15:55:21.684 [55625] dbg: uridnsbl: considering 
host=72_scores.cf, domain=72_scores.cf
Nov  4 15:55:21.720 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
X_URIBL_A DNSBL:72_scores.cf:dnsbltest.spamassassin.org
Nov  4 15:55:21.721 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
X_URIBL_B DNSBL:72_scores.cf:dnsbltest.spamassassin.org
Nov  4 15:55:21.721 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
X_URIBL_DOMSONLY DNSBL:72_scores.cf:dnsbltest.spamassassin.org
Nov  4 15:55:21.722 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_RHS_DOB DNSBL:72_scores.cf:dob.sibl.support-intelligence.net
Nov  4 15:55:22.051 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_MW_SURBL DNSBL:72_scores.cf:multi.surbl.org
Nov  4 15:55:22.051 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_WS_SURBL DNSBL:72_scores.cf:multi.surbl.org
Nov  4 15:55:22.052 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_PH_SURBL DNSBL:72_scores.cf:multi.surbl.org
Nov  4 15:55:22.052 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_CR_SURBL DNSBL:72_scores.cf:multi.surbl.org
Nov  4 15:55:22.052 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_ABUSE_SURBL DNSBL:72_scores.cf:multi.surbl.org
Nov  4 15:55:22.052 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
SURBL_BLOCKED DNSBL:72_scores.cf:multi.surbl.org
Nov  4 15:55:22.053 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_DBL_MALWARE DNSBL:72_scores.cf:dbl.spamhaus.org
Nov  4 15:55:22.053 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_DBL_ABUSE_PHISH DNSBL:72_scores.cf:dbl.spamhaus.org
Nov  4 15:55:22.053 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_DBL_BOTNETCC DNSBL:72_scores.cf:dbl.spamhaus.org
Nov  4 15:55:22.053 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_DBL_PHISH DNSBL:72_scores.cf:dbl.spamhaus.org
Nov  4 15:55:22.053 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_DBL_ABUSE_REDIR DNSBL:72_scores.cf:dbl.spamhaus.org
Nov  4 15:55:22.053 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_DBL_ERROR DNSBL:72_scores.cf:dbl.spamhaus.org
Nov  4 15:55:22.053 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_DBL_ABUSE_SPAM DNSBL:72_scores.cf:dbl.spamhaus.org
Nov  4 15:55:22.053 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_DBL_SPAM DNSBL:72_scores.cf:dbl.spamhaus.org
Nov  4 15:55:22.053 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_DBL_ABUSE_BOTCC DNSBL:72_scores.cf:dbl.spamhaus.org
Nov  4 15:55:22.054 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_DBL_ABUSE_MALW DNSBL:72_scores.cf:dbl.spamhaus.org
Nov  4 15:55:22.054 [55625] dbg: uridnsbl: complete_ns_lookup 
NS:72_scores.cf
Nov  4 15:55:22.055 [55625] dbg: uridnsbl: complete_a_lookup 
A:72_scores.cf
Nov  4 15:55:22.056 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
KAM_BODY_COMPROMISED_URIBL_PCCC DNSBL:72_scores.cf:wild.pccc.com
Nov  4 15:55:22.056 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_RED DNSBL:72_scores.cf:multi.uribl.com
Nov  4 15:55:22.056 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_BLOCKED DNSBL:72_scores.cf:multi.uribl.com
Nov  4 15:55:22.057 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_GREY DNSBL:72_scores.cf:multi.uribl.com
Nov  4 15:55:22.057 [55625] dbg: uridnsbl: complete_dnsbl_lookup 
URIBL_BLACK DNSBL:72_scores.cf:multi.uribl.com
Subject: svn commit: r1845712 - in /spamassassin/trunk/rulesrc/scores: 
72_scores.cf

Date: Sun, 04 Nov 2018 04:06:19 -
From: spamassassin_r...@apache.org
Message-Id: <20181104040619.bb2623a0...@svn01-us-west.apache.org>
Date: Sun Nov  4 04:06:18 2018
spamassassin/trunk/rulesrc/scores/72_scores.cf
Modified: spamassassin/trunk/rulesrc/scores/72_scores.cf
URL:

Re: config files in spamasassin is unintended tlds :/

2018-11-04 Thread Matus UHLAR - fantomas


On 4 Nov 2018, at 11:45, Grant Taylor wrote:
Why does it matter if there's a naming collision between DNS 
domain names and file names?



Bill Cole skrev den 2018-11-04 19:25:

Discussion of config files for SpamAssassin and Postfix has
intermittently been matched by URI DNSBLs. Some years ago I discovered
just how widespread dumb bounce models were when I talked about the
master config file for Postfix on the Postfix Users list, the same
week that someone was spamvertising URLs under master (dot) cf.


On 04.11.18 19:48, Benny Pedersen wrote:
Nov  3 03:22:50 localhost named[2301]: connection refused resolving 
'72_scores.cf/NS/IN': 2a04:1b00:6::1#53

[...]
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_imageinfo.cf/NS/IN': 2a04:1b00:6::1#53


so ns.cf blocks my named now, i cant resolve any cf domains with it

time to change imho


I recommend chasing who is treating those as URLs.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Atheism is a non-prophet organization.

Re: config files in spamasassin is unintended tlds :/

2018-11-04 Thread Grant Taylor


On 11/04/2018 11:48 AM, Benny Pedersen wrote:
Nov  3 03:22:50 localhost named[2301]: connection refused resolving 
'72_scores.cf/NS/IN': 2a04:1b00:6::1#53
Nov  3 03:22:50 localhost named[2301]: connection refused resolving 
'72_scores.cf/A/IN': 2a04:1b00:6::1#53
Nov  3 14:59:26 localhost named[2301]: connection refused resolving 
'20_misc.cf/NS/IN': 2a04:1b00:4::1#53


These are errors from named about not being able to connect to remote 
DNS servers.  They have nothing to do with SpamAssassin or any of it's 
files.


Nov  3 14:59:26 localhost named[2301]: connection refused resolving 
'20_misc.cf/A/IN': 2a04:1b00:4::1#53


named is stating that it's connection to 2a04:1b00:4::1 was refused when 
trying to resolve an A record (INternet class) for the domain name 
"20_misc.cf".


That is DNS and has nothing to do with filenames that SpamAssassin is using.


so ns.cf blocks my named now,


I don't think so.


i cant resolve any cf domains with it


You may have a different issue resolving cf domains.  But I HIGHLY doubt 
it has anything to do with the names of files.


Also, do you know that you can't resolve /any/ cf domains?  What cf 
domains, other than the ones listed as refusing connections, have you tried?


The simple fact that named is saying that it can't connect to 
2a04:1b00:4::1 as the DNS server for the 20_misc.cf domain tells me that 
it was able to communicate with the DNS servers for the cf top level 
domain to be able to find the DNS server for the 20_misc.cf domain.


Also, save for the following d.ns.cf logs, none of the other domain 
names are under the ns.cf domain name.


Nov  2 03:14:10 localhost named[2301]: connection refused resolving 
'd.ns.cf/A/IN': 2a04:1b00:4::1#53
Nov  2 03:14:10 localhost named[2301]: connection refused resolving 
'd.ns.cf//IN': 2a04:1b00:4::1#53


I *REALLY* don't think your errors are coming from the fact that a 
config file has name collision with a domain name.


That's like saying your kid can't use the name "mom" because it has a 
different meaning in a different language.  You might not like it, and 
thus choose not to use it.  But there is nothing preventing it's use.



time to change imho


What exactly do you want to change?  And why?  Please show evidence that 
the name of the file is actually the problem.


All of that said, I do think that you have a problem.  It looks like 
something is trying to do a DNS lookup of the name of config files. 
Something that I strongly doubt should be done.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: config files in spamasassin is unintended tlds :/

2018-11-04 Thread Benny Pedersen


Bill Cole skrev den 2018-11-04 19:25:

On 4 Nov 2018, at 11:45, Grant Taylor wrote:

Why does it matter if there's a naming collision between DNS domain 
names and file names?


Discussion of config files for SpamAssassin and Postfix has
intermittently been matched by URI DNSBLs. Some years ago I discovered
just how widespread dumb bounce models were when I talked about the
master config file for Postfix on the Postfix Users list, the same
week that someone was spamvertising URLs under master (dot) cf.


Nov  3 03:22:50 localhost named[2301]: connection refused resolving 
'72_scores.cf/NS/IN': 2a04:1b00:6::1#53
Nov  3 03:22:50 localhost named[2301]: connection refused resolving 
'72_scores.cf/A/IN': 2a04:1b00:6::1#53
Nov  3 14:59:26 localhost named[2301]: connection refused resolving 
'20_misc.cf/NS/IN': 2a04:1b00:4::1#53
Nov  3 14:59:26 localhost named[2301]: connection refused resolving 
'20_misc.cf/A/IN': 2a04:1b00:4::1#53
Nov  3 14:59:26 localhost named[2301]: connection refused resolving 
'20_misc.cf/A/IN': 2a04:1b00:6::1#53
Nov  3 14:59:26 localhost named[2301]: connection refused resolving 
'20_misc.cf/NS/IN': 2a04:1b00:6::1#53
Nov  2 03:14:10 localhost named[2301]: connection refused resolving 
'72_scores.cf/NS/IN': 2a04:1b00:4::1#53
Nov  2 03:14:10 localhost named[2301]: connection refused resolving 
'72_scores.cf/A/IN': 2a04:1b00:4::1#53
Nov  2 03:14:10 localhost named[2301]: connection refused resolving 
'd.ns.cf/A/IN': 2a04:1b00:4::1#53
Nov  2 03:14:10 localhost named[2301]: connection refused resolving 
'd.ns.cf//IN': 2a04:1b00:4::1#53
Nov  2 17:23:46 localhost named[2301]: connection refused resolving 
'master.cf/A/IN': 2a04:1b00:6::1#53
Nov  2 17:23:46 localhost named[2301]: connection refused resolving 
'master.cf/NS/IN': 2a04:1b00:6::1#53
Nov  2 17:23:46 localhost named[2301]: connection refused resolving 
'master.cf/A/IN': 2a04:1b00:4::1#53
Nov  2 17:23:46 localhost named[2301]: connection refused resolving 
'master.cf/NS/IN': 2a04:1b00:4::1#53
Nov  1 03:15:14 localhost named[2301]: connection refused resolving 
'72_scores.cf/NS/IN': 2a04:1b00:4::1#53
Nov  1 03:15:14 localhost named[2301]: connection refused resolving 
'72_scores.cf/A/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_bug_7549.cf/A/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_bug_7549.cf/NS/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_thirdparty.cf/A/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_thirdparty.cf/NS/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_advance_fee_reevolved.cf/A/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_advance_fee_reevolved.cf/NS/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_darxus_experimental.cf/NS/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'70_phishing.cf/NS/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_darxus_experimental.cf/A/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'70_phishing.cf/A/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_misc_testing.cf/NS/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_misc_testing.cf/A/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_imageinfo.cf/A/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_imageinfo.cf/NS/IN': 2a04:1b00:4::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_darxus_experimental.cf/NS/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_darxus_experimental.cf/A/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'70_phishing.cf/NS/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'70_phishing.cf/A/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_misc_testing.cf/NS/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_misc_testing.cf/A/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_imageinfo.cf/A/IN': 2a04:1b00:6::1#53
Oct 31 08:30:38 localhost named[2301]: connection refused resolving 
'20_imageinfo.cf/NS/IN': 2a04:1b00:6::1#53


so ns.cf blocks my named now, i cant resolve any cf domains with it

time to change imho

Re: config files in spamasassin is unintended tlds :/

2018-11-04 Thread Bill Cole

On 4 Nov 2018, at 11:45, Grant Taylor wrote:

> Why does it matter if there's a naming collision between DNS domain names and 
> file names?

Discussion of config files for SpamAssassin and Postfix has intermittently been 
matched by URI DNSBLs. Some years ago I discovered just how widespread dumb 
bounce models were when I talked about the master config file for Postfix on 
the Postfix Users list, the same week that someone was spamvertising URLs under 
master (dot) cf.

-- 
Bill Cole

signature.asc
Description: OpenPGP digital signature

Re: config files in spamasassin is unintended tlds :/

2018-11-04 Thread John Hardin


On Sun, 4 Nov 2018, Benny Pedersen wrote:


is it a problem ?

i think it should be solved to make configfiles local dns resolved only, if 
at all it needs to be dns


so cf changes to cf.localdomain or cf.localhost, not just use cf with is a 
valid cctlds :(


is cf.local valid and where ?

i have not maked a bug on it yet, but will start here to hear what should be 
done


Changing the configuration file naming standard is a non-trivial change 
that will affect every single user of SA and require that they rename 
files.


As Grant noted, DNS and filesystems are different namespaces. I'll admit a 
filename can look like a domain name - that's been the case with 
DOS/Windows since .COM was defined as a TLD.


How is that *practically* a problem? When does anyone do DNS lookups on SA 
config filenames?


A specific case of this being a problem will be needed for such a change 
to even be considered.



--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
   -- Peter da Silva in a.s.r
---
 Today: Daylight Saving Time ends in U.S. - Fall Back

Re: config files in spamasassin is unintended tlds :/

2018-11-04 Thread Grant Taylor


On 11/04/2018 09:14 AM, Benny Pedersen wrote:

is it a problem ?

i think it should be solved to make configfiles local dns resolved only, 
if at all it needs to be dns


so cf changes to cf.localdomain or cf.localhost, not just use cf with is 
a valid cctlds :(


is cf.local valid and where ?

i have not maked a bug on it yet, but will start here to hear what 
should be done


Why does it matter if there's a naming collision between DNS domain 
names and file names?


I was not aware of any relationship between then.

It's my understanding that the .local extension is to differentiate the 
file from a file that is distributed as part of the software 
distribution system.  I.e. the file contains changes that are local to 
the system.


I (naively) think that changing the name of files / extensions to fall 
in line with (what I think is) a completely unrelated namespace is going 
to set a dangerous precedence and start a game of whack-a-mole.


If I'm completely overlooking something (entirely possible ~> likely), 
please (gently) enlighten me.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

Re: config files in spamasassin is unintended tlds :/

20 matches

Site Navigation

Mail list logo

Footer information