On Mon, 2010-07-12 at 00:52 +0100, Ned Slider wrote:
> On 12/07/10 00:37, Michelle Konzack wrote:
> > > For me, that would be caught by dbl.spamhaus.org as a blacklisted
> > > sender domain during the smtp connection.
> >
> > Is this not included in<zen>?
>
> No, it's a separate list purely for domains, not IPs. SpamAssassin 3.3.1
> does add support to query dbl.spamhaus.org, but I think it only queries
> it for URIs.
Indeed. And the latter is exactly the reason, why adding support for
Spamhaus DBL was a heavy-weight change for a micro release.
> I'm see hits against sender domains in dbl.spamhaus.org for IP addresses
> that aren't yet listed on zen so querying at the smtp level in addition
> to zen is beneficial.
Just to clarify -- while this is not incorrect, even though the "yet"
might be debatable [1], it easily can be confusing. The "sender domain"
and "IP address" in the previous sentence are not related. Other than
referring to the same spam message. DBL does not list IPs.
Do NOT query DBL for IPs. Never. You will get false positives.
guenther
[1] PBL is highly unlikely to expand due to spam outbreaks. XBL might,
if the machine is malware infected. SBL of course might, but they
list IPs of pure evil only, suitable for deep-parsing.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
