RE: [Declude.JunkMail] How effective should Inv-Uribl be?

[Scott Fisher]

1. The trouble with ivuribl is it doesn't work too well with
dbl.spamhaus.org.

And I wish we'd see some changes to invuribl to accommodate it.



One problem is that all numbered IP addresses will return 127.0.1.255. Which
shouldn't be scored.



The second problem that the invuribl bitmasking really doesn't fit the dbl
result codes.

127.0.1.2  is a dbl listed spam domain.

127.0.1.3  is a spammed redirector domain.



How do you independently score these three result?





Here's my config. I would still consider this as being tested.

   

























so a 127.0.1.2 will get 50 points on my scale

a 127.0.1.3  will get 50 -25 = 25 points

a 127.0.1.255 will get 50 - 25 -25 = 0 points





2.  A couple of other options are the spameatingmonkey.net lists

   











   











3. I'd also changed the name server rbl from sbl.spamhaus.org  to the
zen.spamhaus.org













-Original Message-
From: Nick Hayer [mailto:n...@madriveraccess.com]
Sent: Friday, March 18, 2011 2:59 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] How effective should Inv-Uribl be?



Well this all looks good. if this invuribl app makes a log check it to see
if you are getting hits; if you aren't that is a problem...

Additionally add dbl.spamhaus.org as an additional uribl test

-Nick

MadRiverAccess.com|Skywaves.com Tech Support
US/Canada 877-873-6482 or International +1-802-229-6574
Emergency Support 24/7: supp...@skywaves.net
General and Non-Emergency support ticket:
https://www.skywaves.com/content/secure/support_ticket.htm



  _

From: "IMail Admin" 
Sent: Friday, March 18, 2011 2:46 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] How effective should Inv-Uribl be?

I'm not quite sure what you mean.  In the Declude global.cfg file the only
reference to inv-uribl is



INV-URIBL external weight "D:\imail\INVURIBL\INVURIBL.exe
%WEIGHT% %REMOTEIP%" 0 0



In the invUribl.exe.config file there is (in part):




***


























































































































***



In the inv-uribl log file I find references to multi.surbl.org,
sbl.spamhaus.org, multi.uribl.com, and xx.countries.nerd.dk (where xx is a
country code such as ru).  All the lines that end in Total Weight = 0 don't
list any tests at all - they just resolve the IP.



Thanks.



From: Nick   Hayer

Sent: Friday, March 18, 2011 11:21 AM

To: Declude.JunkMail@declude.com

Subject: re: [Declude.JunkMail] How effective should Inv-Uribl be?



What uribl tests are you using and are you getting hits on them - check your
logs..
I'm suggesting you may need different tests - the one you are using may have
blacklisted you or are dead even...

-Nick

MadRiverAccess.com|Skywaves.com Tech Support
US/Canada 877-873-6482 or International +1-802-229-6574
Emergency Support 24/7: supp...@skywaves.net
General and Non-Emergency support ticket:
https://www.skywaves.com/content/secure/support_ticket.htm



  _

From: "IMail Admin" 
Sent: Friday, March 18, 2011 2:13 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] How effective should Inv-Uribl be?


I'm still having trouble with more spam seepage, so I've been looking at my
various tests. I noticed that in the past, the Inv-uribl test caught 63-70%
of messages, but recently it's only catching 56%. When I look at a lot of
the low value spam (messages that barely get classified as spam), they
always have an Inv-uribl result of score 0 range clean. Is it just that
this test is less effective now? Or have I somehow messed up my
configuration?

As an aside: I use DL Analyzer to check these results. One this it always
does is give the average weight/message and average weight/failed message.
Typically, these are scores such as 45 and 46. Just lately I started get
results like -131,000 and -136,000. I don't know if this is another sign of
something broken in my configuration or if the analyzer program has somehow
broken.

Thanks.


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.



--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe,
just send an E-mail to imail...@declude.com, and type "unsubscribe
Declude.JunkMail". The archives can be found at http://www.mail-archive.com.



--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe,
just send an E-mail to imail...@declude.com, and type "unsubscribe
Declude.JunkMail". The archives can b

re: [Declude.JunkMail] Sniffer settings

[Nick Hayer]

I suggest monitoring the sniffer hits and increase/decrease the scoring
accordingly depending on the false positives you see.  Ideally you should
be combo'ing a sniffer hit w/other tests to maximize sniffers
effectiveness.

-Nick

MadRiverAccess.com|Skywaves.com Tech Support
US/Canada 877-873-6482 or International +1-802-229-6574
Emergency Support 24/7: supp...@skywaves.net
General and Non-Emergency support ticket:
https://www.skywaves.com/content/secure/support_ticket.htm






From: "David Dodell" 
Sent: Friday, March 18, 2011 4:05 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] Sniffer settings

I am using the built-in version of Sniffer and the recommended Declude
setting.

However, lately I'm seeing lots of spam get through that is failing some of
the sniffer tests.   I'd like to increase the weight on some of these
failures.

Recommendations?

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Sniffer settings

[David Dodell]

I am using the built-in version of Sniffer and the recommended Declude setting.

However, lately I'm seeing lots of spam get through that is failing some of the 
sniffer tests.   I'd like to increase the weight on some of these failures.

Recommendations?


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] How effective should Inv-Uribl be?

[Nick Hayer]

Well this all looks good. if this invuribl app makes a log check it to see if 
you are getting hits; if you aren't that is a problem...

Additionally add dbl.spamhaus.org as an additional uribl test

-Nick

MadRiverAccess.com|Skywaves.com Tech Support
US/Canada 877-873-6482 or International +1-802-229-6574
Emergency Support 24/7: supp...@skywaves.net
General and Non-Emergency support ticket:
https://www.skywaves.com/content/secure/support_ticket.htm






From: "IMail Admin" 
Sent: Friday, March 18, 2011 2:46 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] How effective should Inv-Uribl be?



I'm not quite sure what you mean.  In the Declude global.cfg file the
only reference to inv-uribl is

INV-URIBL external
weight "D:\imail\INVURIBL\INVURIBL.exe %WEIGHT%
%REMOTEIP%" 0 0

In the invUribl.exe.config file there is (in part):

***




























































***

In the inv-uribl log file I find references to multi.surbl.org,
sbl.spamhaus.org, multi.uribl.com, and xx.countries.nerd.dk (where xx is a
country code such as ru).  All the lines that end in Total Weight = 0 don't
list any tests at all - they just resolve the IP.

Thanks.




From: Nick Hayer
Sent: Friday, March 18, 2011 11:21 AM
To: Declude.JunkMail@declude.com

Subject: re: [Declude.JunkMail] How effective should Inv-Uribl
be?




What uribl
tests are you using and are you getting hits on them - check your logs..
I'm
suggesting you may need different tests - the one you are using may have
blacklisted you or are dead even...

-Nick

MadRiverAccess.com|Skywaves.com Tech
Support

US/Canada 877-873-6482
or International +1-802-229-6574
Emergency Support 24/7:
supp...@skywaves.net
General and Non-Emergency support
ticket:
https://www.skywaves.com/content/secure/support_ticket.htm






From: "IMail Admin"

Sent: Friday, March 18,
2011 2:13 PM
To:
Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] How
effective should Inv-Uribl be?

I'm still having trouble
with more spam seepage, so I've been looking at my
various tests. I noticed
that in the past, the Inv-uribl test caught 63-70%
of messages, but recently
it's only catching 56%. When I look at a lot of
the low value spam (messages
that barely get classified as spam), they
always have an Inv-uribl result of
score 0 range clean. Is it just that
this test is less effective now? Or
have I somehow messed up my
configuration?

As an aside: I use DL
Analyzer to check these results. One this it always
does is give the average
weight/message and average weight/failed message.
Typically, these are
scores such as 45 and 46. Just lately I started get
results like -131,000
and -136,000. I don't know if this is another sign of
something broken in my
configuration or if the analyzer program has somehow
broken.

Thanks.


---
This E-mail came from the Declude.JunkMail mailing list.
To
unsubscribe, just send an E-mail to imail...@declude.com, and
type
"unsubscribe Declude.JunkMail". The archives can be found
at
http://www.mail-archive.com.

--- This E-mail came from the
Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to
imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can
be found at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] How effective should Inv-Uribl be?

[IMail Admin]

I’m not quite sure what you mean.  In the Declude global.cfg file the only 
reference to inv-uribl is

INV-URIBL external weight "D:\imail\INVURIBL\INVURIBL.exe %WEIGHT% 
%REMOTEIP%" 0 0

In the invUribl.exe.config file there is (in part):

***




























































***

In the inv-uribl log file I find references to multi.surbl.org, 
sbl.spamhaus.org, multi.uribl.com, and xx.countries.nerd.dk (where xx is a 
country code such as ru).  All the lines that end in Total Weight = 0 don’t 
list any tests at all – they just resolve the IP.

Thanks.

From: Nick Hayer
Sent: Friday, March 18, 2011 11:21 AM
To: Declude.JunkMail@declude.com
Subject: re: [Declude.JunkMail] How effective should Inv-Uribl be?

What uribl tests are you using and are you getting hits on them - check your 
logs..
I'm suggesting you may need different tests - the one you are using may have 
blacklisted you or are dead even...

-Nick


MadRiverAccess.com|Skywaves.com Tech Support
US/Canada 877-873-6482 or International +1-802-229-6574
Emergency Support 24/7: supp...@skywaves.net
General and Non-Emergency support ticket:
https://www.skywaves.com/content/secure/support_ticket.htm





From: "IMail Admin" 
Sent: Friday, March 18, 2011 2:13 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] How effective should Inv-Uribl be?


I'm still having trouble with more spam seepage, so I've been looking at my
various tests. I noticed that in the past, the Inv-uribl test caught 63-70%
of messages, but recently it's only catching 56%. When I look at a lot of
the low value spam (messages that barely get classified as spam), they
always have an Inv-uribl result of score 0 range clean. Is it just that
this test is less effective now? Or have I somehow messed up my
configuration?

As an aside: I use DL Analyzer to check these results. One this it always
does is give the average weight/message and average weight/failed message.
Typically, these are scores such as 45 and 46. Just lately I started get
results like -131,000 and -136,000. I don't know if this is another sign of
something broken in my configuration or if the analyzer program has somehow
broken.

Thanks.


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.



--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, 
just send an E-mail to imail...@declude.com, and type "unsubscribe 
Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

re: [Declude.JunkMail] How effective should Inv-Uribl be?

[Nick Hayer]

What uribl tests are you using and are you getting hits on them - check
your logs..
I'm suggesting you may need different tests - the one you are using may
have blacklisted you or are dead even...

-Nick

MadRiverAccess.com|Skywaves.com Tech Support
US/Canada 877-873-6482 or International +1-802-229-6574
Emergency Support 24/7: supp...@skywaves.net
General and Non-Emergency support ticket:
https://www.skywaves.com/content/secure/support_ticket.htm






From: "IMail Admin" 
Sent: Friday, March 18, 2011 2:13 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] How effective should Inv-Uribl be?

I'm still having trouble with more spam seepage, so I've been looking at my

various tests.  I noticed that in the past, the Inv-uribl test caught
63-70%
of messages, but recently it's only catching 56%.  When I look at a lot of

the low value spam (messages that barely get classified as spam), they
always have an Inv-uribl result of score 0 range clean.  Is it just that
this test is less effective now?  Or have I somehow messed up my
configuration?

As an aside: I use DL Analyzer to check these results.  One this it always

does is give the average weight/message and average weight/failed message.

Typically, these are scores such as 45 and 46.  Just lately I started get
results like -131,000 and -136,000.  I don't know if this is another sign
of
something broken in my configuration or if the analyzer program has somehow

broken.

Thanks.

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] How effective should Inv-Uribl be?

[IMail Admin]

I'm still having trouble with more spam seepage, so I've been looking at my
various tests.  I noticed that in the past, the Inv-uribl test caught 63-70%
of messages, but recently it's only catching 56%.  When I look at a lot of
the low value spam (messages that barely get classified as spam), they
always have an Inv-uribl result of score 0 range clean.  Is it just that
this test is less effective now?  Or have I somehow messed up my
configuration?

As an aside: I use DL Analyzer to check these results.  One this it always
does is give the average weight/message and average weight/failed message.
Typically, these are scores such as 45 and 46.  Just lately I started get
results like -131,000 and -136,000.  I don't know if this is another sign of
something broken in my configuration or if the analyzer program has somehow
broken.

Thanks.


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.