Handling hyperlinks in email - ORF Forums

Handling hyperlinks in email RSS Back to forum

1

Is there any way to handle bogus hyperlinks in emails? We get spam with hyperlinks embedded in the email with href' tags pointing to 'drive by infection' sites. I see them as being Grey listed but then passing on second try.

by Bazagee 6 years ago
2

@Bazagee: do you have the SURBL Blacklist test enabled and the recommended blacklists enabled?

http://vamsoft.com/r?o-hto-adm-urlblacklist

http://vamsoft.com/support/docs/knowledge-base/recommended-dnsbls-surbls-agents

If so, is ORF able to perform all queries successfully (you can verify this by checking the logs: http://vamsoft.com/support/docs/knowledge-base/using-the-log-viewer)?

by Krisztián Fekete (Vamsoft) 6 years ago
(in reply to this post)

3

Yes SURBL was enabled on Arrival. I was missing the Spamhaus lookup so I have added the newest SURBL list and enabled that lookup. This was post adding new list:
Active SURBLs: black.uribl.com, MULTI-SURBL, AB-SURBL, OB-SURBL, WS-SURBL, SC-SURBL.

I don't see any errors but I'm not sure I'm filtering the records correctly? At the moment am filtering SURBL in the Message column...

by Bazagee 6 years ago
4

@Bazagee: You could disable AB-SURBL, OB-SURBL, WS-SURBL and SC-SURBL, as these are included in the MULTI-SURBL definition by default. Filtering the logs for .*SURBL.* in the message column (regular expression) should be fine, plus I recommend setting the severity to "Information" (invert rule), so you will see all errors, critical errors and warnings.

by Krisztián Fekete (Vamsoft) 6 years ago
(in reply to this post)

5

Just an observation, but it would be sure nice to have a little more correlation between the SURBL name long form and its reported short form. Eg. Which is the WS-SURBL? I can figure it out but enabling and disabling then reading the log. But I'm thinking with a better long name form recognition could be a lot easier. Or am I just being pedantic?

Ok now have SURBLs: black.uribl.com, SPAMHAUS-DBL, MULTI-SURBL, UB-BLACK. I'll see how the bogus HTML links go now.
Thanks

by Bazagee 6 years ago
6

@Bazagee: Actually, black.uribl.com and UB-BLACK are the same... I suspect you added the first manually for some reason instead of importing our definition set, hence the duplicate:

http://vamsoft.com/support/docs/knowledge-base/update-dnsbl-surbl

As for the short identifiers, by default we use the names and short IDs given by the blacklist operators (e.g., http://www.surbl.org/lists#ws). You can rewrite any of the short identifiers inserted in the log message in the definitions (Administration Tool: Blacklists / SURBL Test, double click the SURBL).

by Krisztián Fekete (Vamsoft) 6 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2