Handling hyperlinks in email RSS Back to forum
@Bazagee:
do you have the SURBL Blacklist test enabled and the recommended blacklists enabled?
http://vamsoft.com/r?o-hto-adm-urlblacklist
http://vamsoft.com/support/docs/knowledge-base/recommended-dnsbls-surbls-agents
If so, is ORF able to perform all queries successfully (you can verify this by checking the logs: http://vamsoft.com/support/docs/knowledge-base/using-the-log-viewer)?
Yes SURBL was enabled on Arrival. I was missing the Spamhaus lookup so I have added the newest SURBL list and enabled that lookup. This was post adding new list:
Active SURBLs: black.uribl.com, MULTI-SURBL, AB-SURBL, OB-SURBL, WS-SURBL, SC-SURBL.
I don't see any errors but I'm not sure I'm filtering the records correctly? At the moment am filtering SURBL in the Message column...
@Bazagee: You could disable AB-SURBL, OB-SURBL, WS-SURBL and SC-SURBL, as these are included in the MULTI-SURBL definition by default. Filtering the logs for .*SURBL.* in the message column (regular expression) should be fine, plus I recommend setting the severity to "Information" (invert rule), so you will see all errors, critical errors and warnings.
Just an observation, but it would be sure nice to have a little more correlation between the SURBL name long form and its reported short form. Eg. Which is the WS-SURBL? I can figure it out but enabling and disabling then reading the log. But I'm thinking with a better long name form recognition could be a lot easier. Or am I just being pedantic?
Ok now have SURBLs: black.uribl.com, SPAMHAUS-DBL, MULTI-SURBL, UB-BLACK. I'll see how the bogus HTML links go now.
Thanks
@Bazagee:
Actually, black.uribl.com and UB-BLACK are the same... I suspect you added the first manually for some reason instead of importing our definition set, hence the duplicate:
http://vamsoft.com/support/docs/knowledge-base/update-dnsbl-surbl
As for the short identifiers, by default we use the names and short IDs given by the blacklist operators (e.g., http://www.surbl.org/lists#ws). You can rewrite any of the short identifiers inserted in the log message in the definitions (Administration Tool: Blacklists / SURBL Test, double click the SURBL).
Is there any way to handle bogus hyperlinks in emails? We get spam with hyperlinks embedded in the email with href' tags pointing to 'drive by infection' sites. I see them as being Grey listed but then passing on second try.