rich...@buzzhost.co.uk wrote: > On Fri, 2009-07-10 at 21:26 +1200, Jason Haar wrote: > >> On 07/10/2009 09:01 PM, Paweł Tęcza wrote: >> >>> Please see my initial post on Pastebin: >>> >>> http://pastebin.com/f6a83e9fb >>> >>> >> If it's true that all those domains resolve to just a handful of IP >> addresses, then why aren't they listed in - oh wait - SURBLs don't cover >> IPs just the DNS names - argh! >> >> Is there a way to do SURBL lookups of the IP instead of the FQDN? >> >> > Is there not some kind of 'intent' plugin for SA? > > Barracuda (which steal everything else) have an intent scanner that > looks at links in mails and resolves the name to IP *AND* the AUTH NS. > Then looking the IP's found up. > SA has always avoided resolving forward lookups of potentially spammer controlled domains to IPs. This is extremely foolish to do, as it opens you up to a variety of attacks against your DNS resolver. (resolver cache poisoning, DoS, etc)
> I can't believe they wrote it themselves - seriously I can't! What plug > in is it? > > It's no plugin I know of, but it's a feature we intentionally left out of SA for security reasons. So given that it's a really bad idea I'd guess barracuda did implement it themselves.