Scott, since SpamCop has now setup a RBL to support URI checking, is this
something you will consider adding support for in Declude JunkMail?
Bill
- Original Message -
From: Jeff Chan [EMAIL PROTECTED]
To: SpamAssassin Users [EMAIL PROTECTED]
Sent: Wednesday, April 07, 2004 6:22 PM
Subject: Announcing SURBL support in SA 2.63 and 3.0 plugins
Hello SpamAssassin Users,
I'm pleased to announce a new type of RBL for blocking messages
based on spam domains contained in message bodies called SURBL.
Unlike other RBLs, the Spam URI RBL (SURBL) is not used to block
spam server IP addresses, but instead to block messages based on
URI domains previously reported to SpamCop. We feel this is a
very direct approach to the issue of stopping spam. It is also
proving highly effective, with spam detection rates currently
approaching 60% together with zero false positives. Future
improvement is expected as we continue to tune things better.
Acknowledgements go to Julian Haight, Justin Mason, Eric Kolve
and countless others for making this possible, including
SpamCop and SpamAssassin developers and users.
Here's the Quick Start from our web site:
__
http://www.surbl.org/
SURBL -- Spam URI Realtime Blocklist
Quick Start
[...]
In order to use SURBL you need software that can parse URIs in
message bodies, extract their domains, and check them against
SURBL.
[...]
For those familiar with adding plugins to SpamAssassin, these
quick start comments may enough information to get started using
SURBL. More details about SURBL itself appear in following
sections.
SpamCopURI SpamAssassin 2.63 plugin
http://sourceforge.net/projects/spamcopuri/
One such program is Eric Kolve's SpamCopURI which is a
SpamAssassin 2.63 plug in.
In order to use SURBL in SpamCopURI, please comment out the older
tests SPAMCOP_URI and SPAMCOP_URI_HOST and increase the score for
the new test up to something like 2.5 or greater:
score SPAMCOP_URI_RBL 2.5
in the spamcop_uri.cf file. Values higher than 2.5 may be
appropriate because this test is a highly accurate indicator of
spam, for some of the reasons mentioned below. Some people are
using scores of 3.0; others are using up to 6.0.
URIBL SpamAssassin 3.0 plugin
http://spamassassin.org/full/3.0.x/dist/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
Another program is the SpamAssassin 3.0 plugin URIDNSBL, to which
Justin Mason recently added the urirhsbl command which can be
used to do name to name matching from message body URI to SURBL.
Here is a sample rule to use urirhsbl with SURBL from the config
file for URIBL:
http://www.spamassassin.org/full/3.0.x/dist/rules/25_uribl.cf
urirhsblURIBL_SC_SURBL sc.surbl.org. A
header URIBL_SC_SURBL eval:check_uridnsbl('URIBL_SC_SURBL')
describeURIBL_SC_SURBL Contains a URL listed in the SC SURBL
blocklist
tflags URIBL_SC_SURBL net
You will need to score it, presumably with some fairly high value:
score URI_SC_SURBL 5.0
Some results of using urirhsbl and SpamCopURI with SURBL appear
below. Spam detection rates are running 40-60% with zero false
positives noted so far, and with some improvements expected when
we revise the code to tune the data better.
Update: Feedback so far on the effectiveness of SURBL is very
positive, with spam hit rates ranging up to 60% and near-zero
False Positives. With some more tuning we may be able to improve
that further. We could use help with some more BIND-compatible
secondary DNS servers for the zone file since SURBL seems to be
starting to take off. Also valuable would be integration of SURBL
with an MTA such as postfix. Development of a sendmail milter to
use SURBL is rumored to be in the works. Contact jeffc at surbl
dot org if you would like to help. Thanks!
Raymond Dijkxhoorn has kindly set up an rsync server for the
SURBL rbldns and BIND zone files. Administrators of high volume
mail servers, please contact Raymond for access at:
[EMAIL PROTECTED] Please see the Notes section for more
information.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
