Bug 2948 - URI tests against DNSBL and RHSBL
Summary: URI tests against DNSBL and RHSBL
Status: RESOLVED DUPLICATE of bug 1375
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: spamassassin (show other bugs)
Version: unspecified
Hardware: All All
: P5 enhancement
Target Milestone: 2.70
Assignee: SpamAssassin Developer Mailing List
Depends on:
Reported: 2004-01-18 19:34 UTC by Jim L.
Modified: 2004-01-28 04:05 UTC (History)
0 users

Attachment Type Modified Status Actions Submitter/CLA Status

Note You need to log in before you can comment on or make changes to this bug.
Description Jim L. 2004-01-18 19:34:21 UTC
Many additional e-mails can be caught if the URIs are extracted from the 
message and the FQDN portion compared against one or more DNSBL's and/or 
RHSBL's. Of course the FQDN would have to be resolved first before testing 
against a DNSBL. Some sort of caching and unique routines would probably need 
to be used to prevent excessive queries.
Comment 1 Matt Sergeant 2004-01-21 02:29:50 UTC
I experimented with this for a few months - I looked up the IPs for all URLs and checked those IPs 
against the SBL (because this it would be useless checking most other types of lists - the SBL and 
SPEWS would probably be the only reasonable lists to check). It caught about 5% of my spam, but it 
was also the only rule I had that caused false positives (I don't run spamassassin). It would falsely 
stop about one legitimate email a week (out of around 1000).

That may be a good enough S/O for you. I'm just giving it to you as a data point.

I removed the rule because I could get just as good results from my other rules, and it was very 
slow (you have to do a bunch of A lookups then a bunch more lookups on the responses) and it 
was FP prone.
Comment 2 Daniel Quinlan 2004-01-28 13:05:21 UTC
This is a duplicate bug.

*** This bug has been marked as a duplicate of 1375 ***