8016 – Remove uridnsbl_skip_domain(s)

Bug 8016 - Remove uridnsbl_skip_domain(s)

Summary: Remove uridnsbl_skip_domain(s)

Status:	NEW

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (show other bugs)
Version:	unspecified
Hardware:	PC Windows 10

Importance:	P2 normal
Target Milestone:	Undefined
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2022-07-20 07:54 UTC by Raymond Dijkxhoorn
Modified:	2022-12-08 10:25 UTC (History)
CC List:	2 users (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Raymond Dijkxhoorn 2022-07-20 07:54:06 UTC

Hi!

Please remove:

cloudfront.net
googleapis.com
amazonaws.com

From the skiplist in 25_uribl.cf

This was a good idea way back but right now its not allowing SURBL/DBL/URIBL and other lists to submit abused subdomains on these services. 

Thanks in advance, Raymond Dijkxhoorn - SURBL

Comment 1 Henrik Krohns 2022-07-20 08:08:09 UTC

I guess they should be added as util_rbl_2tld for 3.4 then, since notrim is only in 4.0?

Comment 2 Raymond Dijkxhoorn 2022-07-20 08:24:44 UTC

I think you are right Henrik. Good point.

Comment 3 Henrik Krohns 2022-07-20 08:32:04 UTC

Can you give some examples for all domains?

Atleast Amazon probably requires util_rb_3tld if it looks like this?
cardu-email.s3-eu-west-1.amazonaws.com

Comment 4 Raymond Dijkxhoorn 2022-07-20 08:47:56 UTC

Hi Henrik,

The list for SA3 will be rather big. 

Then you will basicly have to add all regions to fully support that. 
Like: 

us-east-2.compute.amazonaws.com
sa-east-1.compute.amazonaws.com
ap-northeast-1.compute.amazonaws.com

And those are 4 levels... 

We could also take the approach for SA3 to leave amazonaws inside the skiplist and only do the changes to SA4.

A tradeogff could be to add specific abused ones like: 

s3.amazonaws.com

For googleapis.com it would be 

storage.googleapis.com

cloudfront is just one level up 2l 

cloudfront.net


Thanks! Raymond

Comment 5 Henrik Krohns 2022-07-20 19:15:54 UTC

I'll just remove them for now, think about 3tld later when someone has time..

Committed revision 1902889.

Comment 6 Raymond Dijkxhoorn 2022-12-08 10:15:06 UTC

Hi!

In addition to this please also remove goo.gl from the skiplist. 
This is causing none of the abused google services to be reported. 

esca2.app.goo.gl
esca3.app.goo.gl
esca5.app.goo.gl
hg8mq.app.goo.gl
jf27z.app.goo.gl
n3m6x.app.goo.gl
na38w.app.goo.gl
r4y9.app.goo.gl
r5rx5.app.goo.gl
xy59r.app.goo.gl

And so on. 

For SA3 app.goo.gl could be added to the util_rb_3tld listings. 

Thanks! Raymond Dijkxhoorn

Comment 7 Henrik Krohns 2022-12-08 10:25:56 UTC

Removed goo.gl:

Sending        25_uribl.cf
Transmitting file data .done
Committing transaction...
Committed revision 1905853.

Still leaving this open if someone wants to comment on possible 3tld addons and how 3.4 & 4.0 might be affected. Can't spare time for indepth thinking right now.