Bug 6157 - remove open-whois.org rules since domain is cybersquatted
Summary: remove open-whois.org rules since domain is cybersquatted
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: 3.3.0
Hardware: All All
: P1 major
Target Milestone: 3.3.0
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-07-18 13:15 UTC by Justin Mason
Modified: 2010-04-01 10:21 UTC (History)
2 users (show)


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Justin Mason 2009-07-18 13:15:53 UTC 
http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/490c97eb62641887

affects both 3.2.x and 3.3.0:

: 341...; grep -r open-whois rules
rules/72_active.cf:header          DNS_FROM_OPENWHOIS  eval:check_rbl_envfrom('openwhois', 'bl.open-whois.org.')
rules/72_active.cf:describe        DNS_FROM_OPENWHOIS  Envelope sender listed in bl.open-whois.org.
rules/72_active.cf:urirhssub       WHOIS_1AND1PR       bl.open-whois.org.  A   127.0.0.2
rules/72_active.cf:urirhssub       WHOIS_AITPRIV       bl.open-whois.org.  A   127.0.0.19
rules/72_active.cf:urirhssub       WHOIS_CONTACTPRIV   bl.open-whois.org.  A   127.0.0.37
rules/72_active.cf:urirhssub       WHOIS_DMNBYPROXY        bl.open-whois.org.  A   127.0.0.15
[... etc.]

we need to remove these rules immediately.
Comment 1 Matt Kettler 2009-07-18 19:50:31 UTC 
+1 on removing them in the swiftest manner possible, and publishing the updated rules to sa-update.

Clearly this give the squatter the potential to influence SA's accuracy. Not really to their own benefit, but they could cause problems for SA users (false positives).
Comment 2 Justin Mason 2009-07-20 07:24:06 UTC 
committed, pushed to 3.2.x updates as of r795855.
Comment 3 Gary C 2009-07-21 05:03:01 UTC 
Hi,

Has this issue been solved? When I run my Spamscore it keeps appearing:

2.43 because of the oepn-whois.org blacklist

Can you give me a hand?

thanks
Comment 4 Justin Mason 2010-04-01 10:21:20 UTC 
(In reply to comment #3)
> Has this issue been solved? When I run my Spamscore it keeps appearing:

hi -- it is fixed in SpamAssassin, yes.  please ask whoever provides the "Spamscore" service to upgrade their copy of SpamAssassin in turn.