willt
commented
10 months ago It seems to be the SH_URLHASH_ALL rule catching way to many things. It just got a hit on an email from macys.com
Closed willt closed 10 months ago
willt
commented
10 months ago It seems to be the SH_URLHASH_ALL rule catching way to many things. It just got a hit on an email from macys.com
willt
commented
10 months ago I had this log info so I could try and track this down. I took this hash to the spamhaus lookup and it says no problems. What is going on? Either this is totally busted or something is broken in my setup?
generic: HIT! de3a274a294f996687e3e29faa9c8a0685be0fac._url.redacted.hbl.dq.spamhaus.net. = \x{7F}\x{00}\x{03}\x{1E} (fonts.googleapis.com/css2)
dig +short A de3a274a294f996687e3e29faa9c8a0685be0fac._url.redacted.hbl.dq.spamhaus.net 127.0.3.30
ricalfieri
commented
10 months ago Thhanks but this is not the place to discuss listings. I see you opened a contact ticket so this will continue there
I'm not sure the best way to trouble shoot this. Seeing what seems to be lots of false positives. Grabbing the hash from spamassassin debug output and looking up via https://www.spamhaus.org/query/hash/ doesn't show it being listed. Tried following the url docs to generate the hash using the provided perl code, and the two openssl commands. Each one produced a different hash. Verified it wasn't a special domain from the yaml listed here
Also should spamassassin really be listing our DQS key in the report? I feel like it shouldn't but does: 8.0 SH_URLHASH_ALL URIHash hit at _url.DQS_KEY_REMOVED_FOR_GITHUB_ISSUE.hbl.dq.spamhaus.net.