Steve Freegard wrote: > Matt Kettler wrote: > >> rich...@buzzhost.co.uk wrote: >> >>> On Fri, 2009-07-10 at 21:26 +1200, Jason Haar wrote: >>> >>> >>>> On 07/10/2009 09:01 PM, Paweł Tęcza wrote: >>>> >>>> >>>>> Please see my initial post on Pastebin: >>>>> >>>>> http://pastebin.com/f6a83e9fb >>>>> >>>>> >>>>> >>>> If it's true that all those domains resolve to just a handful of IP >>>> addresses, then why aren't they listed in - oh wait - SURBLs don't cover >>>> IPs just the DNS names - argh! >>>> >>>> Is there a way to do SURBL lookups of the IP instead of the FQDN? >>>> >>>> >>>> >>> Is there not some kind of 'intent' plugin for SA? >>> >>> Barracuda (which steal everything else) have an intent scanner that >>> looks at links in mails and resolves the name to IP *AND* the AUTH NS. >>> Then looking the IP's found up. >>> >>> >> SA has always avoided resolving forward lookups of potentially spammer >> controlled domains to IPs. This is extremely foolish to do, as it opens >> you up to a variety of attacks against your DNS resolver. (resolver >> cache poisoning, DoS, etc) >> >> >>> I can't believe they wrote it themselves - seriously I can't! What plug >>> in is it? >>> >>> >>> >> It's no plugin I know of, but it's a feature we intentionally left out >> of SA for security reasons. So given that it's a really bad idea I'd >> guess barracuda did implement it themselves. >> >> > > Are you forgetting URIBL_SBL?? That requires the A or NS records of > the URI to function. >
We do NS only. Not A.