Matt Kettler wrote: > rich...@buzzhost.co.uk wrote: >> On Fri, 2009-07-10 at 21:26 +1200, Jason Haar wrote: >> >>> On 07/10/2009 09:01 PM, Paweł Tęcza wrote: >>> >>>> Please see my initial post on Pastebin: >>>> >>>> http://pastebin.com/f6a83e9fb >>>> >>>> >>> If it's true that all those domains resolve to just a handful of IP >>> addresses, then why aren't they listed in - oh wait - SURBLs don't cover >>> IPs just the DNS names - argh! >>> >>> Is there a way to do SURBL lookups of the IP instead of the FQDN? >>> >>> >> Is there not some kind of 'intent' plugin for SA? >> >> Barracuda (which steal everything else) have an intent scanner that >> looks at links in mails and resolves the name to IP *AND* the AUTH NS. >> Then looking the IP's found up. >> > SA has always avoided resolving forward lookups of potentially spammer > controlled domains to IPs. This is extremely foolish to do, as it opens > you up to a variety of attacks against your DNS resolver. (resolver > cache poisoning, DoS, etc) > >> I can't believe they wrote it themselves - seriously I can't! What plug >> in is it? >> >> > It's no plugin I know of, but it's a feature we intentionally left out > of SA for security reasons. So given that it's a really bad idea I'd > guess barracuda did implement it themselves. >
Are you forgetting URIBL_SBL?? That requires the A or NS records of the URI to function. Regards, Steve.