On Wed, Jun 08, 2011 at 07:05:20PM +0200, Mark Martinec wrote:
> Sandro,
>
> > As an example I have a message that include a link to "ow (dot) ly (/)
> > 57lle". Querying host ow.ly.dbl.spamhaus.org clearly shows that it's s
> > spammer redirector.
> >
> > If I feed the message to 'spamassassin -t' I get:
> > Content analysis details: (0.0 points, 5.0 required)
>
> > and feeding it to 'spamassassing -D|grep ow.ly I get:
> >
> > dbg: dns: providing a callback for id: 34472/ow.ly.dbl.spamhaus.org/A/IN
> > dbg: async: starting: URI-DNSBL, DNSBL:dbl.spamhaus.org.:ow.ly (timeout
> > 15.0s, min 3.0s)
> > dbg: dns: providing a callback for id: 57784/ow.ly/NS/IN
> > dbg: async: starting: URI-NS, NS:ow.ly (timeout 15.0s, min 3.0s)
> > dbg: async: completed in 0.018 s: URI-DNSBL, DNSBL:dbl.spamhaus.org.:ow.ly
> > dbg: async: timing: 0.018 . DNSBL:dbl.spamhaus.org.:ow.ly
>
> > I'm not able to read the response, i.e. I cant' understand if it's possible
> > to understand from these lines if the test shows or not that it really a
> > spam redirector.
>
> The log shows a successful query for ow.ly.dbl.spamhaus.org,
> and an almost instant answer - received in 18 ms.
>
> The answer was probebly 127.0.1.3. I guess you do not have any rules
> to hit on this value.
>
> Try adding the following rules to your local.cf:
>
> if can(Mail::SpamAssassin::Plugin::URIDNSBL::has_tflags_domains_only)
> urirhssub URIBL_DBL_REDIR dbl.spamhaus.org. A 127.0.1.3
> body URIBL_DBL_REDIR eval:check_uridnsbl('URIBL_DBL_REDIR')
> describe URIBL_DBL_REDIR Spamhaus spammed redirector domain
> tflags URIBL_DBL_REDIR net domains_only
> score URIBL_DBL_REDIR 2.0
> endif
I tested it on a debina squeeze with spamassassing 3.3.1 and it works. On a
debian Lenny with spamassassin 3.2.5 doesn't seem to work even if the
Mail::SpamAssassin::Plugin::URIDNSBL is present.
Any possible explanation?
w-omma:/etc/spamassassin# spamassassin -D < /tmp/spam1 2>&1|grep ow.ly
[9514] dbg: uridnsbl: domains to query: ow.ly
[9514] dbg: async: starting: URI-DNSBL, DNSBL:multi.surbl.org.:ow.ly (timeout
15.0s, min 3.0s)
[9514] dbg: async: starting: URI-DNSBL, DNSBL:multi.uribl.com.:ow.ly (timeout
15.0s, min 3.0s)
[9514] dbg: async: starting: URI-DNSBL,
DNSBL:dob.sibl.support-intelligence.net:ow.ly (timeout 15.0s, min 3.0s)
[9514] dbg: async: starting: URI-NS, NS:ow.ly (timeout 15.0s, min 3.0s)
[9514] dbg: async: completed in 0.017 s: URI-DNSBL,
DNSBL:dob.sibl.support-intelligence.net:ow.ly
[9514] dbg: async: completed in 0.020 s: URI-NS, NS:ow.ly
[9514] dbg: async: completed in 0.017 s: URI-DNSBL, DNSBL:multi.surbl.org.:ow.ly
[9514] dbg: async: completed in 0.017 s: URI-DNSBL, DNSBL:multi.uribl.com.:ow.ly
[9514] dbg: async: timing: 0.017 . DNSBL:dob.sibl.support-intelligence.net:ow.ly
[9514] dbg: async: timing: 0.017 . DNSBL:multi.uribl.com.:ow.ly
[9514] dbg: async: timing: 0.017 . DNSBL:multi.surbl.org.:ow.ly
[9514] dbg: async: timing: 0.020 . NS:ow.ly
thanks
sandro
--
Sandro Dentella *:-)
http://www.reteisi.org Soluzioni libere per le scuole
http://sqlkit.argolinux.org SQLkit home page - PyGTK/python/sqlalchemy
