Hi list,
with Jeff Chan's help, I'm trying to get behind some rather strange
false positive URIDNSBL lookups. I'm using amavisd-new and the latest
SpamAssassin code (via Subversion). Every once in a while URLs with
domains like iastate.edu, which were never listed on SURBL, are
reported:
Content analysis details: (6.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------
0.0 SARE_TOCC_USER Spam sign: Addressed to generic user
0.6 FROM_ENDS_IN_NUMS From: ends in numbers
3.0 URIBL_PH_SURBL Contains a URL listed in the PH SURBL
blocklist [URIs: iastate.edu]
3.0 URIBL_OB_SURBL Contains a URL listed in the OB SURBL
blocklist [URIs: iastate.edu]
Jeff told me that iastate.edu is even whitelisted on SURBL. The false
positive reports have some common attributes. All messages appear on the
bind-users mailing list, and the rules reported are URIBL_PH_SURBL and
URIBL_OB_SURBL in combination. The domains vary, but the OutBlaze people
told me that the domains were not listed on OB either.
How would I approach debugging the SURBL lookup process? Is there a
recommended way to look into the active innards of the URIDNSBL module?
I read AvoidingFpsForAdmins et al in the Wiki, but I'd rather get behind
the problem than doing manual whitelisting.
--
Mit freundlichen Grüßen / Yours sincerely
Dipl. Inform. Ralph Seichter
HORUS-IT
Ahornweg 10
D-57635 Oberirsen
Tel +49 2686 987880
Fax +49 2686 987889
http://horus-it.de/
