1. The trouble with ivuribl is it doesn't work too well with
dbl.spamhaus.org.
And I wish we'd see some changes to invuribl to accommodate it.
One problem is that all numbered IP addresses will return 127.0.1.255. Which
shouldn't be scored.
The second problem that the invuribl bitmasking really doesn't fit the dbl
result codes.
127.0.1.2 is a dbl listed spam domain.
127.0.1.3 is a spammed redirector domain.
How do you independently score these three result?
Here's my config. I would still consider this as being tested.
<!--URI LIST 7-->
<add key="URIBL_List7" value="dbl.spamhaus.org" />
<add key="URIBL_Weight_List7" value="0" />
<add key="Enable_Custom_Bitmask_Values_URIBL_List7" value="true" />
<add key="URI_Bitmask_BitValue_1_Weight_URIBL_List7" value="-25" />
<add key="URI_Bitmask_BitValue_2_Weight_URIBL_List7" value="50" />
<add key="URI_Bitmask_BitValue_4_Weight_URIBL_List7" value="0" />
<add key="URI_Bitmask_BitValue_8_Weight_URIBL_List7" value="0" />
<add key="URI_Bitmask_BitValue_16_Weight_URIBL_List7" value="0" />
<add key="URI_Bitmask_BitValue_32_Weight_URIBL_List7" value="0" />
<add key="URI_Bitmask_BitValue_64_Weight_URIBL_List7" value="0" />
<add key="URI_Bitmask_BitValue_128_Weight_URIBL_List7" value="-25" />
so a 127.0.1.2 will get 50 points on my scale
a 127.0.1.3 will get 50 -25 = 25 points
a 127.0.1.255 will get 50 - 25 -25 = 0 points
2. A couple of other options are the spameatingmonkey.net lists
<!--URI LIST 5-->
<add key="URIBL_List5" value="urired.spameatingmonkey.net" />
<add key="URIBL_Weight_List5" value="25" />
<add key="Enable_Custom_Bitmask_Values_URIBL_List5" value="false" />
<!--URI LIST 6-->
<add key="URIBL_List6" value="fresh15.spameatingmonkey.net" />
<add key="URIBL_Weight_List6" value="50" />
<add key="Enable_Custom_Bitmask_Values_URIBL_List6" value="false" />
3. I'd also changed the name server rbl from sbl.spamhaus.org to the
zen.spamhaus.org
<add key="Name_Server_RBL1" value="zen.spamhaus.org" />
<add key="Bitmask_Skip_Options_Name_Server_RBL1" value="5" />
<add key="Name_Server_Return_Code_RBL1" value="*" />
<add key="Name_Server_Weight_RBL1" value="50" />
-----Original Message-----
From: Nick Hayer [mailto:n...@madriveraccess.com]
Sent: Friday, March 18, 2011 2:59 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] How effective should Inv-Uribl be?
Well this all looks good. if this invuribl app makes a log check it to see
if you are getting hits; if you aren't that is a problem...
Additionally add dbl.spamhaus.org as an additional uribl test
-Nick
MadRiverAccess.com|Skywaves.com Tech Support
US/Canada 877-873-6482 or International +1-802-229-6574
Emergency Support 24/7: supp...@skywaves.net
General and Non-Emergency support ticket:
https://www.skywaves.com/content/secure/support_ticket.htm
_____
From: "IMail Admin" <imailad...@bcwebhost.net>
Sent: Friday, March 18, 2011 2:46 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] How effective should Inv-Uribl be?
I'm not quite sure what you mean. In the Declude global.cfg file the only
reference to inv-uribl is
INV-URIBL external weight "D:\imail\INVURIBL\INVURIBL.exe
%WEIGHT% %REMOTEIP%" 0 0
In the invUribl.exe.config file there is (in part):
****************************************************************************
***************************
<!-- This is the URI Blacklist That The URI Will Be Checked Against -->
<add key="URIBL_List1" value="multi.surbl.org" />
<!-- Weight added to the result code or custom bitmask total. -->
<add key="URIBL_Weight_List1" value="0" />
<!--Allows you to override the normal values for bitmasks for a custom
return weight-->
<add key="Enable_Custom_Bitmask_Values_URIBL_List1" value="true" />
<!--If using multi.surbl.org see http://www.surbl.org/lists.html#multi for
which lists correspond -->
<!--to which bitmask values -->
<!-- BitValue_2 = comes from sc.surbl.org -->
<!-- BitValue_4 = comes from ws.surbl.org -->
<!-- BitValue_8 = comes from phishing data source (labelled as [ph] in
multi) -->
<!-- BitValue_16 = comes from ob.surbl.org -->
<!-- BitValue_32 = comes from ab.surbl.org -->
<!-- BitValue_64 = comes from jp data source (labelled as [jp] in multi) -->
<add key="URI_Bitmask_BitValue_1_Weight_URIBL_List1" value="0" />
<add key="URI_Bitmask_BitValue_2_Weight_URIBL_List1" value="7" />
<add key="URI_Bitmask_BitValue_4_Weight_URIBL_List1" value="2" />
<add key="URI_Bitmask_BitValue_8_Weight_URIBL_List1" value="5" />
<add key="URI_Bitmask_BitValue_16_Weight_URIBL_List1" value="3" />
<add key="URI_Bitmask_BitValue_32_Weight_URIBL_List1" value="7" />
<add key="URI_Bitmask_BitValue_64_Weight_URIBL_List1" value="10" />
<add key="URI_Bitmask_BitValue_128_Weight_URIBL_List1" value="0" />
<!--URI LIST 2-->
<add key="URIBL_List2" value="multi.uribl.com" />
<add key="URIBL_Weight_List2" value="0" />
<!-- BitValue_2 = comes from black.uribl.org -->
<!-- BitValue_4 = comes from grey.uribl.org -->
<!-- BitValue_8 = comes from red.uribl.org -->
<add key="Enable_Custom_Bitmask_Values_URIBL_List2" value="true" />
<add key="URI_Bitmask_BitValue_1_Weight_URIBL_List2" value="0" />
<add key="URI_Bitmask_BitValue_2_Weight_URIBL_List2" value="7" />
<add key="URI_Bitmask_BitValue_4_Weight_URIBL_List2" value="0" />
<add key="URI_Bitmask_BitValue_8_Weight_URIBL_List2" value="2" />
<add key="URI_Bitmask_BitValue_16_Weight_URIBL_List2" value="0" />
<add key="URI_Bitmask_BitValue_32_Weight_URIBL_List2" value="0" />
<add key="URI_Bitmask_BitValue_64_Weight_URIBL_List2" value="0" />
<add key="URI_Bitmask_BitValue_128_Weight_URIBL_List2" value="0" />
<!--Enables the checking of the URI's name servers against an RBL. -->
<!--If the name servers are listed in the RBL the defined weight will be
added-->
<!--Max_Name_servers_To_Check - Sets the number of name servers to check.
-->
<!--If set to zero all name servers returned from the DNS query will be
checked-->
<!--Bitmask_Skip_Options_Name_Server_RBLx - Bitmask value that allows you to
skip -->
<!--the associated Namerserver check if the URI is listed in the URI list.
-->
<!--Values: 0 - no skipping will occur. 1 - Skip Nameserver check if URI was
listed-->
<!--in a URI list. 2 - Skip if the URI's name server was already found in he
given -->
<!--blacklist. This prevents double scoring. These are bitmask values and
would -->
<!--be added together based on the options you want.-->
<add key="Enable_URI_Name_Server_Check" value="true" />
<add key="Max_Name_Servers_To_Check" value="3" />
<add key="Name_Server_RBL1" value="sbl.spamhaus.org" />
<add key="Bitmask_Skip_Options_Name_Server_RBL1" value="2" />
<add key="Name_Server_Return_Code_RBL1" value="*" />
<add key="Name_Server_Weight_RBL1" value="5" />
****************************************************************************
***************************
In the inv-uribl log file I find references to multi.surbl.org,
sbl.spamhaus.org, multi.uribl.com, and xx.countries.nerd.dk (where xx is a
country code such as ru). All the lines that end in Total Weight = 0 don't
list any tests at all - they just resolve the IP.
Thanks.
From: Nick <mailto:n...@madriveraccess.com> Hayer
Sent: Friday, March 18, 2011 11:21 AM
To: Declude.JunkMail@declude.com
Subject: re: [Declude.JunkMail] How effective should Inv-Uribl be?
What uribl tests are you using and are you getting hits on them - check your
logs..
I'm suggesting you may need different tests - the one you are using may have
blacklisted you or are dead even...
-Nick
MadRiverAccess.com|Skywaves.com Tech Support
US/Canada 877-873-6482 or International +1-802-229-6574
Emergency Support 24/7: supp...@skywaves.net
General and Non-Emergency support ticket:
https://www.skywaves.com/content/secure/support_ticket.htm
_____
From: "IMail Admin" <imailad...@bcwebhost.net>
Sent: Friday, March 18, 2011 2:13 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] How effective should Inv-Uribl be?
I'm still having trouble with more spam seepage, so I've been looking at my
various tests. I noticed that in the past, the Inv-uribl test caught 63-70%
of messages, but recently it's only catching 56%. When I look at a lot of
the low value spam (messages that barely get classified as spam), they
always have an Inv-uribl result of score 0 range clean. Is it just that
this test is less effective now? Or have I somehow messed up my
configuration?
As an aside: I use DL Analyzer to check these results. One this it always
does is give the average weight/message and average weight/failed message.
Typically, these are scores such as 45 and 46. Just lately I started get
results like -131,000 and -136,000. I don't know if this is another sign of
something broken in my configuration or if the analyzer program has somehow
broken.
Thanks.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe,
just send an E-mail to imail...@declude.com, and type "unsubscribe
Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe,
just send an E-mail to imail...@declude.com, and type "unsubscribe
Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe,
just send an E-mail to imail...@declude.com, and type "unsubscribe
Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
