From users-return-118936-archive-asf-public=cust-asf.ponee.io@spamassassin.apache.org Sun Sep 23 23:58:49 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 71867180658 for ; Sun, 23 Sep 2018 23:58:49 +0200 (CEST) Received: (qmail 99729 invoked by uid 500); 23 Sep 2018 21:58:48 -0000 Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@spamassassin.apache.org Received: (qmail 99714 invoked by uid 99); 23 Sep 2018 21:58:47 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 23 Sep 2018 21:58:47 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 1B65EC91F6 for ; Sun, 23 Sep 2018 21:58:47 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.103 X-Spam-Level: X-Spam-Status: No, score=-0.103 tagged_above=-999 required=6.31 tests=[DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=googlemail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id B_mjW-CKEUQk for ; Sun, 23 Sep 2018 21:58:46 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id F13025F525 for ; Sun, 23 Sep 2018 21:58:45 +0000 (UTC) Received: by mail-wm1-f44.google.com with SMTP id l7-v6so2993934wme.2 for ; Sun, 23 Sep 2018 14:58:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=BI62+yMH61HWwnC06H7+0+wrjRIk5ri3PckDKkx7Gss=; b=b42qda7EAw0qmAgt3YK/SepGNAtXptrcts4zjlnX7SlhOquJQ2WJJ92qrwAVxn7gn/ uA8mZQ13p85xAesAMpvElWUo7T8nRFnne9w58rKHDdCOj8FHS1XiPpJyfeZDjsPFl8s3 xy7HiZg7lf3a2ibBL+0A2v6w6YRjub4mIRywQ/DisXPNlBySpjc5amshLrJDMSrxZbbm mkZIk4vR+AY7BQBj/jfqTA/3vUpsf9pFCruNHSmlY3CQGkWcpBAGbWIhAzmVXZIXQX01 WaitGs+rsT4HHrp7EVTCtLDZ/4nXMvobkcpzusaTfAVBiSlG2e3GBdJ1juTEuJVHJiel iwdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BI62+yMH61HWwnC06H7+0+wrjRIk5ri3PckDKkx7Gss=; b=Z4jT0KShEkYHnYKI5nEQvs4fAxiODrMUbaWltAF2rWOqP8iVL6i0JCjQSeIamXOgnw IZ3KxGKGU0bmW1kdGuNmwrrVhBSGjvBblmxMXBS1jKomVHvkaV4bfLxCachfx7Ko2enf tG/43wRpsFJ54oMpaYlbW5NnKxW+Mt8HN35fdMHaQVlrZ3BnDnf2OkcA2sa/TNtSNtwA SB6RY4c+LdxMKDdQT0CumtcX3hEHuyRX0YullbNoHAsxRjit641elKcPbUNvBjKRvriz RBWJWgsE/fijhH3klna8l+lMQ4x9VHwIVdmJPLKV6c50QxvAY06MIZGQpqS89Yl+Wh6J ttOg== X-Gm-Message-State: ABuFfogwcI0ZIE/03PPQzortpf4F//sfgB+A/RHatgK38VDe/jNJFOzO UYBbG2joDZGLZ5zvhvFtg8AT3QJ2D1o= X-Google-Smtp-Source: ACcGV62L3Dbvcj3YntOhc2LlVtM0E5okedlX84Jim8iK9U9QBlCe6php+nMtWypZbZ10KVPcYAwu9g== X-Received: by 2002:a1c:3c87:: with SMTP id j129-v6mr5454597wma.40.1537739919200; Sun, 23 Sep 2018 14:58:39 -0700 (PDT) Received: from gumby.homeunix.com ([2.125.48.184]) by smtp.gmail.com with ESMTPSA id e141-v6sm23448271wmd.32.2018.09.23.14.58.37 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 23 Sep 2018 14:58:38 -0700 (PDT) Date: Sun, 23 Sep 2018 22:58:35 +0100 From: RW To: users@spamassassin.apache.org Subject: Re: using URIBL on other headers Message-ID: <20180923225835.594df6b0@gumby.homeunix.com> In-Reply-To: References: <7411e119-5b80-a421-78f3-351756ccd79b@apache.org> X-Mailer: Claws Mail 3.16.0 (GTK+ 2.24.32; amd64-portbld-freebsd11.1) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Sun, 23 Sep 2018 20:37:48 +0100 Michael Grant wrote: > I tried to read through the plugin. I'm not a spamassassin plugin > developer, I didn't have much luck trying to figure out how to do it > myself. I know this plugin only does subject and body but I saw > nothing in the plugin itself that referenced the subject header. > arbitrary header through this like the subject and body. The subject text is the first paragraph of the normalized body which is parsed for domains. > I am not sure you need to do that. Why not just run all the headers > or rather the entire message including headers through this plugin > just like the body, in fact, just extend it's scope to look at the > entire message rather than just the body & subject. Most emails don't have a domain in the body, so if you start adding a lot of domains from the headers, the number of look-ups could increase dramatically. It could push some mail servers beyond the usage limits. The main point of URI blocklists is to catch the website that's the point of contact with the spammer. I think it going to be pretty rare for a listed domain to appear in the headers without its being in the body. That was my experience with my askdns rules. The from header is already largely covered by the parse_dkim_uris option. Reply-to might be worth trying, but most of the interesting reply-to addresses are Freemail.