Is the HBL completely broken?

Question

Is the HBL completely broken?

willt opened this issue a year ago · 3 comments

I'm not sure the best way to trouble shoot this.
Seeing what seems to be lots of false positives.
Grabbing the hash from spamassassin debug output and looking up via https://www.spamhaus.org/query/hash/ doesn't show it being listed.
Tried following the url docs to generate the hash using the provided perl code, and the two openssl commands.
Each one produced a different hash.
Verified it wasn't a special domain from the yaml listed here

Also should spamassassin really be listing our DQS key in the report? I feel like it shouldn't but does:
8.0 SH_URLHASH_ALL URIHash hit at _url.DQS_KEY_REMOVED_FOR_GITHUB_ISSUE.hbl.dq.spamhaus.net.

Answer 1 · 2023-10-19T21:45:23.000Z

It seems to be the SH_URLHASH_ALL rule catching way to many things.
It just got a hit on an email from macys.com

Answer 2 · 2023-10-19T22:21:07.000Z

I had this log info so I could try and track this down. I took this hash to the spamhaus lookup and it says no problems. What is going on? Either this is totally busted or something is broken in my setup?

generic: HIT! de3a274a294f996687e3e29faa9c8a0685be0fac._url.redacted.hbl.dq.spamhaus.net. = \x{7F}\x{00}\x{03}\x{1E} (fonts.googleapis.com/css2)

dig +short A de3a274a294f996687e3e29faa9c8a0685be0fac._url.redacted.hbl.dq.spamhaus.net
127.0.3.30

Answer 3 · 2023-10-20T08:05:03.000Z

Thhanks but this is not the place to discuss listings. I see you opened a contact ticket so this will continue there