1. The trouble with ivuribl is it doesn't work too well with dbl.spamhaus.org.
And I wish we'd see some changes to invuribl to accommodate it. One problem is that all numbered IP addresses will return 127.0.1.255. Which shouldn't be scored. The second problem that the invuribl bitmasking really doesn't fit the dbl result codes. 127.0.1.2 is a dbl listed spam domain. 127.0.1.3 is a spammed redirector domain. How do you independently score these three result? Here's my config. I would still consider this as being tested. <!--URI LIST 7--> <add key="URIBL_List7" value="dbl.spamhaus.org" /> <add key="URIBL_Weight_List7" value="0" /> <add key="Enable_Custom_Bitmask_Values_URIBL_List7" value="true" /> <add key="URI_Bitmask_BitValue_1_Weight_URIBL_List7" value="-25" /> <add key="URI_Bitmask_BitValue_2_Weight_URIBL_List7" value="50" /> <add key="URI_Bitmask_BitValue_4_Weight_URIBL_List7" value="0" /> <add key="URI_Bitmask_BitValue_8_Weight_URIBL_List7" value="0" /> <add key="URI_Bitmask_BitValue_16_Weight_URIBL_List7" value="0" /> <add key="URI_Bitmask_BitValue_32_Weight_URIBL_List7" value="0" /> <add key="URI_Bitmask_BitValue_64_Weight_URIBL_List7" value="0" /> <add key="URI_Bitmask_BitValue_128_Weight_URIBL_List7" value="-25" /> so a 127.0.1.2 will get 50 points on my scale a 127.0.1.3 will get 50 -25 = 25 points a 127.0.1.255 will get 50 - 25 -25 = 0 points 2. A couple of other options are the spameatingmonkey.net lists <!--URI LIST 5--> <add key="URIBL_List5" value="urired.spameatingmonkey.net" /> <add key="URIBL_Weight_List5" value="25" /> <add key="Enable_Custom_Bitmask_Values_URIBL_List5" value="false" /> <!--URI LIST 6--> <add key="URIBL_List6" value="fresh15.spameatingmonkey.net" /> <add key="URIBL_Weight_List6" value="50" /> <add key="Enable_Custom_Bitmask_Values_URIBL_List6" value="false" /> 3. I'd also changed the name server rbl from sbl.spamhaus.org to the zen.spamhaus.org <add key="Name_Server_RBL1" value="zen.spamhaus.org" /> <add key="Bitmask_Skip_Options_Name_Server_RBL1" value="5" /> <add key="Name_Server_Return_Code_RBL1" value="*" /> <add key="Name_Server_Weight_RBL1" value="50" /> -----Original Message----- From: Nick Hayer [mailto:n...@madriveraccess.com] Sent: Friday, March 18, 2011 2:59 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] How effective should Inv-Uribl be? Well this all looks good. if this invuribl app makes a log check it to see if you are getting hits; if you aren't that is a problem... Additionally add dbl.spamhaus.org as an additional uribl test -Nick MadRiverAccess.com|Skywaves.com Tech Support US/Canada 877-873-6482 or International +1-802-229-6574 Emergency Support 24/7: supp...@skywaves.net General and Non-Emergency support ticket: https://www.skywaves.com/content/secure/support_ticket.htm _____ From: "IMail Admin" <imailad...@bcwebhost.net> Sent: Friday, March 18, 2011 2:46 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] How effective should Inv-Uribl be? I'm not quite sure what you mean. In the Declude global.cfg file the only reference to inv-uribl is INV-URIBL external weight "D:\imail\INVURIBL\INVURIBL.exe %WEIGHT% %REMOTEIP%" 0 0 In the invUribl.exe.config file there is (in part): **************************************************************************** *************************** <!-- This is the URI Blacklist That The URI Will Be Checked Against --> <add key="URIBL_List1" value="multi.surbl.org" /> <!-- Weight added to the result code or custom bitmask total. --> <add key="URIBL_Weight_List1" value="0" /> <!--Allows you to override the normal values for bitmasks for a custom return weight--> <add key="Enable_Custom_Bitmask_Values_URIBL_List1" value="true" /> <!--If using multi.surbl.org see http://www.surbl.org/lists.html#multi for which lists correspond --> <!--to which bitmask values --> <!-- BitValue_2 = comes from sc.surbl.org --> <!-- BitValue_4 = comes from ws.surbl.org --> <!-- BitValue_8 = comes from phishing data source (labelled as [ph] in multi) --> <!-- BitValue_16 = comes from ob.surbl.org --> <!-- BitValue_32 = comes from ab.surbl.org --> <!-- BitValue_64 = comes from jp data source (labelled as [jp] in multi) --> <add key="URI_Bitmask_BitValue_1_Weight_URIBL_List1" value="0" /> <add key="URI_Bitmask_BitValue_2_Weight_URIBL_List1" value="7" /> <add key="URI_Bitmask_BitValue_4_Weight_URIBL_List1" value="2" /> <add key="URI_Bitmask_BitValue_8_Weight_URIBL_List1" value="5" /> <add key="URI_Bitmask_BitValue_16_Weight_URIBL_List1" value="3" /> <add key="URI_Bitmask_BitValue_32_Weight_URIBL_List1" value="7" /> <add key="URI_Bitmask_BitValue_64_Weight_URIBL_List1" value="10" /> <add key="URI_Bitmask_BitValue_128_Weight_URIBL_List1" value="0" /> <!--URI LIST 2--> <add key="URIBL_List2" value="multi.uribl.com" /> <add key="URIBL_Weight_List2" value="0" /> <!-- BitValue_2 = comes from black.uribl.org --> <!-- BitValue_4 = comes from grey.uribl.org --> <!-- BitValue_8 = comes from red.uribl.org --> <add key="Enable_Custom_Bitmask_Values_URIBL_List2" value="true" /> <add key="URI_Bitmask_BitValue_1_Weight_URIBL_List2" value="0" /> <add key="URI_Bitmask_BitValue_2_Weight_URIBL_List2" value="7" /> <add key="URI_Bitmask_BitValue_4_Weight_URIBL_List2" value="0" /> <add key="URI_Bitmask_BitValue_8_Weight_URIBL_List2" value="2" /> <add key="URI_Bitmask_BitValue_16_Weight_URIBL_List2" value="0" /> <add key="URI_Bitmask_BitValue_32_Weight_URIBL_List2" value="0" /> <add key="URI_Bitmask_BitValue_64_Weight_URIBL_List2" value="0" /> <add key="URI_Bitmask_BitValue_128_Weight_URIBL_List2" value="0" /> <!--Enables the checking of the URI's name servers against an RBL. --> <!--If the name servers are listed in the RBL the defined weight will be added--> <!--Max_Name_servers_To_Check - Sets the number of name servers to check. --> <!--If set to zero all name servers returned from the DNS query will be checked--> <!--Bitmask_Skip_Options_Name_Server_RBLx - Bitmask value that allows you to skip --> <!--the associated Namerserver check if the URI is listed in the URI list. --> <!--Values: 0 - no skipping will occur. 1 - Skip Nameserver check if URI was listed--> <!--in a URI list. 2 - Skip if the URI's name server was already found in he given --> <!--blacklist. This prevents double scoring. These are bitmask values and would --> <!--be added together based on the options you want.--> <add key="Enable_URI_Name_Server_Check" value="true" /> <add key="Max_Name_Servers_To_Check" value="3" /> <add key="Name_Server_RBL1" value="sbl.spamhaus.org" /> <add key="Bitmask_Skip_Options_Name_Server_RBL1" value="2" /> <add key="Name_Server_Return_Code_RBL1" value="*" /> <add key="Name_Server_Weight_RBL1" value="5" /> **************************************************************************** *************************** In the inv-uribl log file I find references to multi.surbl.org, sbl.spamhaus.org, multi.uribl.com, and xx.countries.nerd.dk (where xx is a country code such as ru). All the lines that end in Total Weight = 0 don't list any tests at all - they just resolve the IP. Thanks. From: Nick <mailto:n...@madriveraccess.com> Hayer Sent: Friday, March 18, 2011 11:21 AM To: Declude.JunkMail@declude.com Subject: re: [Declude.JunkMail] How effective should Inv-Uribl be? What uribl tests are you using and are you getting hits on them - check your logs.. I'm suggesting you may need different tests - the one you are using may have blacklisted you or are dead even... -Nick MadRiverAccess.com|Skywaves.com Tech Support US/Canada 877-873-6482 or International +1-802-229-6574 Emergency Support 24/7: supp...@skywaves.net General and Non-Emergency support ticket: https://www.skywaves.com/content/secure/support_ticket.htm _____ From: "IMail Admin" <imailad...@bcwebhost.net> Sent: Friday, March 18, 2011 2:13 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] How effective should Inv-Uribl be? I'm still having trouble with more spam seepage, so I've been looking at my various tests. I noticed that in the past, the Inv-uribl test caught 63-70% of messages, but recently it's only catching 56%. When I look at a lot of the low value spam (messages that barely get classified as spam), they always have an Inv-uribl result of score 0 range clean. Is it just that this test is less effective now? Or have I somehow messed up my configuration? As an aside: I use DL Analyzer to check these results. One this it always does is give the average weight/message and average weight/failed message. Typically, these are scores such as 45 and 46. Just lately I started get results like -131,000 and -136,000. I don't know if this is another sign of something broken in my configuration or if the analyzer program has somehow broken. Thanks. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.