I figured out the problem, it' was the an individuals email address in the message body (even though not a mailto). Their email domain isn't listed at spamhaus.org but it turns out one of their ISPs DNS servers are which they are using as secondary. This makes the second time I've come across this. The last time it was an ISP's (pipex.net) DNS server in the U.K. that was tripping the URIBL_SBL rule.
This time the user is in the med.juntendo.ac.jp (Juntendo Univ Med School) who's ISP is cwidc.net and the DNS server ns03.cwidc.net (154.33.17.212) is the one in spamhaus.org which they say is hosting a long time spammer. http://www.spamhaus.org/sbl/sbl.lasso?query=SBL17240 Does URI checking really need to be so thorough? Obviously there must be some bias at spamhaus if the big named ISPs don't get their name servers listed because we know that they provide services to spammers. Any idea on how to limit the scope to just the URI at it's face value? -----Original Message----- From: Rose, Bobby [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 15, 2005 2:14 PM To: users@spamassassin.apache.org Subject: URI Tests and Japanese Chars I have a user that is of Japanese origin and who converses with other individuals in Japan in his same field of study. The messages they send are in Japanese and trip the URI_SBL rule. These people are in different .jp domains and I really don't want to get into the administrative overhead of whitelisting. I don't see anything in the message bodies that even looks like a URI. Has anyone else ran into this? Bobby Rose Wayne State University School of Medicine
