7653 – Applying eval:check_uridnsbl to header does not work

Bug 7653 - Applying eval:check_uridnsbl to header does not work

Summary: Applying eval:check_uridnsbl to header does not work

Status:	RESOLVED INVALID

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 enhancement
Target Milestone:	Future
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-11-06 13:09 UTC by Manuel Schmitt (manitu)
Modified:	2019-03-26 04:52 UTC (History)
CC List:	3 users (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Manuel Schmitt (manitu) 2018-11-06 13:09:03 UTC

When using 

    eval:check_uridnsbl

in a rule for "header" this does not work, e.g.

    urirhsbl NAME_OF_RULE foo.bar.tld. A
    header   NAME_OF_RULE eval:check_uridnsbl('NAME_OF_RULE')
    describe NAME_OF_RULE Some text here
    tflags   NAME_OF_RULE net
    score    NAME_OF_RULE 2.5

Using the same for a body rule e.g.

    urirhsbl NAME_OF_RULE foo.bar.tld. A
    body     NAME_OF_RULE eval:check_uridnsbl('NAME_OF_RULE')
    describe NAME_OF_RULE Some text here
    tflags   NAME_OF_RULE net
    score    NAME_OF_RULE 2.5

it works perfectly.


The idea behind applying a blacklist to header is to block e.g. From: headers by means of a dns blacklist.

(And yes, the Mail::SpamAssassin::Plugin::URIDNSBL was loaded ;-) )

As to 

   http://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_release_3_0_0rc3/rules/25_uribl.cf

it should be possible to apply the eval:check_uridnsbl on headers.

Comment 1 AXB 2018-11-06 13:45:33 UTC

- the rule file you show as a sample is obsolete - release 3.0.rc3

see up to date rules on
http://svn.apache.org/repos/asf/spamassassin/trunk/rules/25_uribl.cf

- From: is not a header whcih is why it get eval'd by a body rule

Comment 2 Manuel Schmitt (manitu) 2018-11-06 13:59:15 UTC

As it seems, it the rule does even not get applied to From: in any way.

We tested it with a true spam mail and the rule URIBL_DBL_SPAM from spamassassins default ruleset.

Even URIBL_DBL_SPAM does not get applied to From: header.

Comment 3 Manuel Schmitt (manitu) 2018-11-06 13:59:59 UTC

Reopend due to last comment.

Comment 4 Manuel Schmitt (manitu) 2018-11-06 14:03:29 UTC

Additional info: But URIBL_DBL_SPAM does get applied to "misc" headers like DomainKey stuff.

Comment 5 Henrik Krohns 2018-11-06 14:30:48 UTC

https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Plugin_URIDNSBL.html

Can you find any mention of "header" from docs ? No.

Is there always mentioned "Note that you must also define a BODY-eval rule calling check_uridnsbl() to use this." ? Yes.

Is it reasonable to assume trying some random thing against documentations wishes would work ? No.

Is this extremely legacy configuration format with many urinsrhsdnscookiemunchbl keys and a "body eval"-clause (that actually doesn't itself do anything) confusing ? Yes, sorry. But atleast it's quite detailedly documented.

Comment 6 Henrik Krohns 2018-11-06 14:47:23 UTC

This was also lately discussed:
http://spamassassin.1065346.n5.nabble.com/using-URIBL-on-other-headers-td153007.html

Comment 7 Bill Cole 2018-11-06 15:27:02 UTC

THIS IS NOT A BUG. It is a request for a new feature. I have adjusted metadata fields appropriately. 

URIDNSBL rules apply only to body URIs and *optionally* to domains parsed from DKIM headers if parse_dkim_uris is set. This is well-documented intentional behavior.

As Henrik has noted, the existing URIDNSBL design is not intuitive and as the opening of this as a "major" bug demonstrates, it leads to confusion. To simply add on the mis-guessed rule syntax in this report to the core broken design would be short-sighted and would cement the confusing design in place. I think we need a broader discussion of what this enhancement should be precisely, involving users and list operators, rather than just an enhancement request in Bugzilla.

Comment 8 Henrik Krohns 2018-11-06 16:09:16 UTC

Added mention of parse_dkim_uris in URIDNSBL docs too so it's easier to find.

Sending        spamassassin-3.4/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
Sending        trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
Transmitting file data ..done
Committing transaction...
Committed revision 1845932.

Comment 9 Manuel Schmitt (manitu) 2018-11-07 07:32:02 UTC

Sorry - mea culpa.

Comment 10 Henrik Krohns 2019-03-26 04:52:13 UTC

Was resolved already, closing.