Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

dnsbl lookups for X-PHP-Script

  

 
SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


uhlar at fantomas

Oct 6, 2008, 8:31 AM

Post #1 of 8 (336 views)
Permalink
dnsbl lookups for X-PHP-Script
Hello,

did anyone try to use DNSBL lookups for header(s) X-PHP-Script?
I have patch into PHP that inserts IP address into that header, and looking
in dnsbl for spam sources could help me filter out spam posted through HTTP.

I could prepare such rules, but if anyone has such, I'd be glad not to
reinvent the wheel.

--
Matus UHLAR - fantomas, uhlar[at]fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept.


mouss at netoyen

Oct 6, 2008, 9:55 AM

Post #2 of 8 (324 views)
Permalink
Re: dnsbl lookups for X-PHP-Script [In reply to]
Matus UHLAR - fantomas a écrit :
> Hello,
>
> did anyone try to use DNSBL lookups for header(s) X-PHP-Script?
> I have patch into PHP that inserts IP address into that header, and looking
> in dnsbl for spam sources could help me filter out spam posted through HTTP.
>
>

you'd need a plugin for that. If you want to go the easy way, add a
Received header or an X-Originating-IP header.

> I could prepare such rules, but if anyone has such, I'd be glad not to
> reinvent the wheel.
>
>


hege at hege

Oct 6, 2008, 10:04 AM

Post #3 of 8 (326 views)
Permalink
Re: dnsbl lookups for X-PHP-Script [In reply to]
On Mon, Oct 06, 2008 at 05:31:55PM +0200, Matus UHLAR - fantomas wrote:
> Hello,
>
> did anyone try to use DNSBL lookups for header(s) X-PHP-Script?
> I have patch into PHP that inserts IP address into that header, and looking
> in dnsbl for spam sources could help me filter out spam posted through HTTP.
>
> I could prepare such rules, but if anyone has such, I'd be glad not to
> reinvent the wheel.

Why don't you check the BLs directly from PHP?


hege at hege

Oct 6, 2008, 10:55 AM

Post #4 of 8 (319 views)
Permalink
Re: dnsbl lookups for X-PHP-Script [In reply to]
On Mon, Oct 06, 2008 at 08:04:56PM +0300, Henrik K wrote:
> On Mon, Oct 06, 2008 at 05:31:55PM +0200, Matus UHLAR - fantomas wrote:
> > Hello,
> >
> > did anyone try to use DNSBL lookups for header(s) X-PHP-Script?
> > I have patch into PHP that inserts IP address into that header, and looking
> > in dnsbl for spam sources could help me filter out spam posted through HTTP.
> >
> > I could prepare such rules, but if anyone has such, I'd be glad not to
> > reinvent the wheel.
>
> Why don't you check the BLs directly from PHP?

Answering myself..

Ok, I was curious and googled a little.. I guess it could useful if you are
a shared provider (of course you should make sure users don't open holes in
the first place).

X-PHP-Script doesn't seem to be very widely patched - or PHP isn't abused
that much, which is nice. I grepped 3 weeks worth of spam quarantine, 17335
messages. 46 contained it. 28 unique IPS, out of which 8 was on sbl-xbl and
one or two on some other big lists. Doesn't seem very effective here.

Now, if you want to try it in SA, the easiest way is to just edit DNSEval.pm
and search X-Originating-IP inside it. Add X-PHP-Script to that array.


williamt at corp

Oct 6, 2008, 11:37 AM

Post #5 of 8 (319 views)
Permalink
Re: dnsbl lookups for X-PHP-Script [In reply to]
On Mon, Oct 06, 2008 at 08:55:29PM +0300, Henrik K wrote:
> X-PHP-Script doesn't seem to be very widely patched - or PHP isn't abused
> that much, which is nice. I grepped 3 weeks worth of spam quarantine, 17335
> messages. 46 contained it. 28 unique IPS, out of which 8 was on sbl-xbl and
> one or two on some other big lists. Doesn't seem very effective here.
>
> Now, if you want to try it in SA, the easiest way is to just edit DNSEval.pm
> and search X-Originating-IP inside it. Add X-PHP-Script to that array.
>

I wish php wasn't abused so much lol.
I thought they were going to make X-PHP-Script standard in php.. I could be wrong.
In a future realase of SA you will be able to define additional headers in your
conf file.


uhlar at fantomas

Oct 6, 2008, 12:39 PM

Post #6 of 8 (316 views)
Permalink
Re: dnsbl lookups for X-PHP-Script [In reply to]
> On Mon, Oct 06, 2008 at 05:31:55PM +0200, Matus UHLAR - fantomas wrote:
> > did anyone try to use DNSBL lookups for header(s) X-PHP-Script?
> > I have patch into PHP that inserts IP address into that header, and looking
> > in dnsbl for spam sources could help me filter out spam posted through HTTP.
> >
> > I could prepare such rules, but if anyone has such, I'd be glad not to
> > reinvent the wheel.

On 06.10.08 20:04, Henrik K wrote:
> Why don't you check the BLs directly from PHP?

because it's quite hard to score from PHP script.
And I expect to benefit from scripts I better would not edit...
--
Matus UHLAR - fantomas, uhlar[at]fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Science Programming: "Let God Debug It!".


hege at hege

Oct 7, 2008, 12:08 AM

Post #7 of 8 (306 views)
Permalink
Re: dnsbl lookups for X-PHP-Script [In reply to]
On Mon, Oct 06, 2008 at 09:39:06PM +0200, Matus UHLAR - fantomas wrote:
> > On Mon, Oct 06, 2008 at 05:31:55PM +0200, Matus UHLAR - fantomas wrote:
> > > did anyone try to use DNSBL lookups for header(s) X-PHP-Script?
> > > I have patch into PHP that inserts IP address into that header, and looking
> > > in dnsbl for spam sources could help me filter out spam posted through HTTP.
> > >
> > > I could prepare such rules, but if anyone has such, I'd be glad not to
> > > reinvent the wheel.
>
> On 06.10.08 20:04, Henrik K wrote:
> > Why don't you check the BLs directly from PHP?
>
> because it's quite hard to score from PHP script.

No. Form spam is pretty easy, you don't need to "score" thousand rules. And
even FPs are immediately obvious to a user who sees an error. Most spam can
be eliminated with captchas or such anyway.

> And I expect to benefit from scripts I better would not edit...

Fair enough.


uhlar at fantomas

Oct 7, 2008, 12:21 PM

Post #8 of 8 (297 views)
Permalink
Re: dnsbl lookups for X-PHP-Script [In reply to]
> On Mon, Oct 06, 2008 at 09:39:06PM +0200, Matus UHLAR - fantomas wrote:
> > > On Mon, Oct 06, 2008 at 05:31:55PM +0200, Matus UHLAR - fantomas wrote:
> > > > did anyone try to use DNSBL lookups for header(s) X-PHP-Script?
> > > > I have patch into PHP that inserts IP address into that header, and looking
> > > > in dnsbl for spam sources could help me filter out spam posted through HTTP.
> > > >
> > > > I could prepare such rules, but if anyone has such, I'd be glad not to
> > > > reinvent the wheel.
> >
> > On 06.10.08 20:04, Henrik K wrote:
> > > Why don't you check the BLs directly from PHP?
> >
> > because it's quite hard to score from PHP script.

On 07.10.08 10:08, Henrik K wrote:
> No. Form spam is pretty easy, you don't need to "score" thousand rules.

I've been looking at it, didn't seem that easy for me.

> And even FPs are immediately obvious to a user who sees an error. Most
> spam can be eliminated with captchas or such anyway.

like the google one? :)
Or like this one? http://ars.userfriendly.org/cartoons/?id=20081005

--
Matus UHLAR - fantomas, uhlar[at]fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
A day without sunshine is like, night.

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.