Re: How Do I Enable RBLs
Martin Strand wrote: It's fine for scoring against, but blocking is insanity! I tested SpamCop for our info@ address at work (about 200 messages a day) and didn't get a single FP for six months. I use it for blocking on our mailserver now (about 2000 accounts) and haven't received any complaints so far. :) This guy's stats seem to confirm my observations: http://stats.dnsbl.com/ Considering that SpamCop has listed Gmail and a LOT of major ISPs over the last 18 months I'd find the lack of FPs to be a matter of luck Scoring with it is one thing, but if you are handling mail for several thousand users over several thousand domains, then blocking based on it will cause you severe headaches. Please bear in mind that I'm looking at this from an ISP perspective not as an individual user Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 929 929 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763
Re: How Do I Enable RBLs
On Fri, 15 Jun 2007 01:51:50 +0200, Michele Neylon :: Blacknight <[EMAIL PROTECTED]> wrote: John Rudd wrote: LuKreme wrote: On 10-Jun-2007, at 16:54, Peter Pluta wrote: reject_rbl_client zen.spamhaus.org reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org Er, no. zen OR sbl-xbl. I've found spamcop to hit far too much ham for my tastes, and I never found that dsbl was hitting anything (or at least nothing that sbl-xbl (now zen) didn't already catch). I do zen and dsbl, and dsbl catches about 1 for every 20 that zen does. I do both _just_in_case_ there isn't perfect overlap. I agree entirely about spamcop. Some people use it for spam marking, which I am also leery about ... but it seems to me to be absolutely insane to use spamcop for an actual block list. It's fine for scoring against, but blocking is insanity! I tested SpamCop for our info@ address at work (about 200 messages a day) and didn't get a single FP for six months. I use it for blocking on our mailserver now (about 2000 accounts) and haven't received any complaints so far. :) This guy's stats seem to confirm my observations: http://stats.dnsbl.com/ Martin
Re: How Do I Enable RBLs
John Rudd wrote: LuKreme wrote: On 10-Jun-2007, at 16:54, Peter Pluta wrote: reject_rbl_client zen.spamhaus.org reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org Er, no. zen OR sbl-xbl. I've found spamcop to hit far too much ham for my tastes, and I never found that dsbl was hitting anything (or at least nothing that sbl-xbl (now zen) didn't already catch). I do zen and dsbl, and dsbl catches about 1 for every 20 that zen does. I do both _just_in_case_ there isn't perfect overlap. I agree entirely about spamcop. Some people use it for spam marking, which I am also leery about ... but it seems to me to be absolutely insane to use spamcop for an actual block list. It's fine for scoring against, but blocking is insanity! -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 929 929 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763
Re: How Do I Enable RBLs
LuKreme wrote: On 10-Jun-2007, at 16:54, Peter Pluta wrote: reject_rbl_client zen.spamhaus.org reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org Er, no. zen OR sbl-xbl. I've found spamcop to hit far too much ham for my tastes, and I never found that dsbl was hitting anything (or at least nothing that sbl-xbl (now zen) didn't already catch). I do zen and dsbl, and dsbl catches about 1 for every 20 that zen does. I do both _just_in_case_ there isn't perfect overlap. I agree entirely about spamcop. Some people use it for spam marking, which I am also leery about ... but it seems to me to be absolutely insane to use spamcop for an actual block list.
Re: How Do I Enable RBLs
Daniel J McDonald-2 wrote: > > On Thu, 2007-06-14 at 11:44 -0700, Peter Pluta wrote: > >> I see, I still get 5-6 spams per day or so, but I have bayes and auto >> white >> listing enabled. The DB so far has 2 hams and 14 spams recorded. I wonder >> how long it will take to see some good results from bayes and awl. > > Bayes is ignored until trained by at least 100 messages. > >> Will >> Spamassassin dump a message if it fits the "spam" characteristcs from >> bayes? > > Like everything else, it is a factor, but not always a deciding factor. > > > -- > Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX > Austin Energy > http://www.austinenergy.com > > I just enabled bayes and awl a few days ago after getting a lot of useless spam. -- View this message in context: http://www.nabble.com/How-Do-I-Enable-RBLs-tf3896474.html#a11126699 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: How Do I Enable RBLs
On Thu, 2007-06-14 at 11:44 -0700, Peter Pluta wrote: > I see, I still get 5-6 spams per day or so, but I have bayes and auto white > listing enabled. The DB so far has 2 hams and 14 spams recorded. I wonder > how long it will take to see some good results from bayes and awl. Bayes is ignored until trained by at least 100 messages. > Will > Spamassassin dump a message if it fits the "spam" characteristcs from bayes? Like everything else, it is a factor, but not always a deciding factor. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com
Re: How Do I Enable RBLs
LuKreme wrote: > > On 10-Jun-2007, at 16:54, Peter Pluta wrote: >> reject_rbl_client zen.spamhaus.org >> reject_rbl_client list.dsbl.org, >> reject_rbl_client bl.spamcop.net, >> reject_rbl_client sbl-xbl.spamhaus.org > > Er, no. zen OR sbl-xbl. I've found spamcop to hit far too much ham > for my tastes, and I never found that dsbl was hitting anything (or > at least nothing that sbl-xbl (now zen) didn't already catch). > > YMMV. > > > -- > Everybody hates a tourist, especially one who thinks it's all such a > laugh. Yeah, and the chipstains and grease will come out in the > bath. You will never understand how it feels to live your life with > no meaning or control, and with nowhere left to go. You are amazed > that they exist, and they burn so bright whilst you can only wonder why. > > > > I see, I still get 5-6 spams per day or so, but I have bayes and auto white listing enabled. The DB so far has 2 hams and 14 spams recorded. I wonder how long it will take to see some good results from bayes and awl. Will Spamassassin dump a message if it fits the "spam" characteristcs from bayes? -- View this message in context: http://www.nabble.com/How-Do-I-Enable-RBLs-tf3896474.html#a11126246 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: How Do I Enable RBLs
On 10-Jun-2007, at 16:54, Peter Pluta wrote: reject_rbl_client zen.spamhaus.org reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org Er, no. zen OR sbl-xbl. I've found spamcop to hit far too much ham for my tastes, and I never found that dsbl was hitting anything (or at least nothing that sbl-xbl (now zen) didn't already catch). YMMV. -- Everybody hates a tourist, especially one who thinks it's all such a laugh. Yeah, and the chipstains and grease will come out in the bath. You will never understand how it feels to live your life with no meaning or control, and with nowhere left to go. You are amazed that they exist, and they burn so bright whilst you can only wonder why.
Re: How Do I Enable RBLs
Server .116 The email attached has been identified by one of our team as legitimate but unfortunately was incorrectly tagged as SPAM. The email address has been whitelisted to ensure this will not happen again and we are currently looking into the reasons why this happened. No mail has been lost as the quarantined mail folder is continuously checked by members of Team Genesis, but please accept our apologies for any inconvenience caused. Your SPAM scanning system; Ullyses is continually being upgraded and refined so we anticipate a steadily decreasing number of incidents like this as the system learns your personal profile. If you feel that you are receiving an inappropriate amount of SPAM then can we ask you to contact us either by email to: [EMAIL PROTECTED] or call your Genesis representative who will be happy to assist. Please do not reply to this email address as it has been automatically generated, but email any queries to: [EMAIL PROTECTED] Thank you and take care Mark --- Begin Message --- Peter Pluta wrote: Thanks, I got these. reject_rbl_client zen.spamhaus.org reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org sbl-xbl.spamhaus.org is contained within zen.spamhaus.org. Therefore you are doing an extra, unnecessary DNS check. *** Qmail-Scanner Quarantine Envelope Details Begin *** X-Antivirus-GenesisGroup-Mail-From: "[EMAIL PROTECTED]" via ssdd X-Antivirus-GenesisGroup-Rcpt-To: "[EMAIL PROTECTED]" X-Antivirus-GenesisGroup: 1.25st (perlscan: 1.25st. clamdscan: 0.90.2/3398. spamassassin: 3.1.8. problem Found. Processed in 3.134308 secs) process 30268 Quarantine-Description: SPAM exceeds "quarantine" threshold - hits=3.8/3.2 SA_REPORT hits = 3.8/3.2 -0.0 SPF_PASS SPF: sender matches SPF record -0.7 GENESIS_thanks BODY: body contains the string thanks 2.1 namecheck_bad BODY: Invalid username for sender 1.4 GENESIS_USERCHECK HEADER: Recipient not recognised (destcheck) 1.1 GENESIS_REMOTESMTP BODY: 25/TCP not listening on remote host -0.1 AWLAWL: From: address is in the auto white-list *** Qmail-Scanner Envelope Details End ***--- End Message ---
Re: How Do I Enable RBLs
Peter Pluta wrote: Thanks, I got these. reject_rbl_client zen.spamhaus.org reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org sbl-xbl.spamhaus.org is contained within zen.spamhaus.org. Therefore you are doing an extra, unnecessary DNS check.
Re: How Do I Enable RBLs
Server .116 The email attached has been identified by one of our team as legitimate but unfortunately was incorrectly tagged as SPAM. The email address has been whitelisted to ensure this will not happen again and we are currently looking into the reasons why this happened. No mail has been lost as the quarantined mail folder is continuously checked by members of Team Genesis, but please accept our apologies for any inconvenience caused. Your SPAM scanning system; Ullyses is continually being upgraded and refined so we anticipate a steadily decreasing number of incidents like this as the system learns your personal profile. If you feel that you are receiving an inappropriate amount of SPAM then can we ask you to contact us either by email to: [EMAIL PROTECTED] or call your Genesis representative who will be happy to assist. Please do not reply to this email address as it has been automatically generated, but email any queries to: [EMAIL PROTECTED] Thank you and take care Mark --- Begin Message --- Peter, > I have a relatively stock install of amavisd-new and spamassassin. How can > I enable all the RBL checks. I think this is my main source of spam the > lack of RBL's. I checked an ip of a spam I recently got and it showed up as > "SPAM" in the dnstools spam database checker. I haven't been able to find > any good guides on RBL's and spamassassin on Google. Any help would be > greatly appreciated. Have you by any chance disabled SA network tests by setting $sa_local_tests_only to 1? It defaults to 0 (network tests not disabled). Running: 'amavisd debug-sa' would tell more details on SA operations. Mark *** Qmail-Scanner Quarantine Envelope Details Begin *** X-Antivirus-GenesisGroup-Mail-From: "[EMAIL PROTECTED]" via ssdd X-Antivirus-GenesisGroup-Rcpt-To: "[EMAIL PROTECTED]" X-Antivirus-GenesisGroup: 1.25st (perlscan: 1.25st. clamdscan: 0.90.2/3391. spamassassin: 3.1.8. problem Found. Processed in 3.507125 secs) process 2485 Quarantine-Description: SPAM exceeds "quarantine" threshold - hits=4.7/3.2 SA_REPORT hits = 4.7/3.2 0.1 FORGED_RCVD_HELO Received: contains a forged HELO -0.0 SPF_PASS SPF: sender matches SPF record 2.1 namecheck_bad BODY: Invalid username for sender 1.4 GENESIS_USERCHECK HEADER: Recipient not recognised (destcheck) 1.1 GENESIS_REMOTESMTP BODY: 25/TCP not listening on remote host *** Qmail-Scanner Envelope Details End ***--- End Message ---
Re: How Do I Enable RBLs
Quoting Peter Pluta <[EMAIL PROTECTED]>: > > I have a relatively stock install of amavisd-new and spamassassin. How can I > enable all the RBL checks. I think this is my main source of spam the lack > of RBL's. I checked an ip of a spam I recently got and it showed up as > "SPAM" in the dnstools spam database checker. I haven't been able to find > any good guides on RBL's and spamassassin on Google. Any help would be > greatly appreciated. You need to enable network tests. IIRC they are disabled by default: Please see: http://www.surbl.org/faq.html#nettest Jeff C.
Re: How Do I Enable RBLs
LuKreme wrote: > > On 10-Jun-2007, at 15:21, LuKreme wrote: >> On 10-Jun-2007, at 00:19, Peter Pluta wrote: >>> I haven't been able to find >>> any good guides on RBL's and spamassassin on Google. >> >> Towards the bottom of smtpd_recipient_restrictions (right before >> 'permit') >> >> reject_rbl_client zen.spamhaus.org >> >> That's all you need to know > > Oops, sorry, wrong list :) > > (but still, adding zen RBL to your postfix/MTA configuration will > save SA a lot of processing) > > -- > Please to meet you, Rose. Now run for your life! > > > > Thanks, I got these. reject_rbl_client zen.spamhaus.org reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org -- View this message in context: http://www.nabble.com/How-Do-I-Enable-RBLs-tf3896474.html#a11053138 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: How Do I Enable RBLs
On 10-Jun-2007, at 15:21, LuKreme wrote: On 10-Jun-2007, at 00:19, Peter Pluta wrote: I haven't been able to find any good guides on RBL's and spamassassin on Google. Towards the bottom of smtpd_recipient_restrictions (right before 'permit') reject_rbl_client zen.spamhaus.org That's all you need to know Oops, sorry, wrong list :) (but still, adding zen RBL to your postfix/MTA configuration will save SA a lot of processing) -- Please to meet you, Rose. Now run for your life!
Re: How Do I Enable RBLs
On 10-Jun-2007, at 00:19, Peter Pluta wrote: I haven't been able to find any good guides on RBL's and spamassassin on Google. Towards the bottom of smtpd_recipient_restrictions (right before 'permit') reject_rbl_client zen.spamhaus.org That's all you need to know -- Like the moment when the brakes lock/And you slide towards the big truck/You stretch the frozen moments with your fear
Re: How Do I Enable RBLs
Server .116 The email attached has been identified by one of our team as legitimate but unfortunately was incorrectly tagged as SPAM. The email address has been whitelisted to ensure this will not happen again and we are currently looking into the reasons why this happened. No mail has been lost as the quarantined mail folder is continuously checked by members of Team Genesis, but please accept our apologies for any inconvenience caused. Your SPAM scanning system; Ullyses is continually being upgraded and refined so we anticipate a steadily decreasing number of incidents like this as the system learns your personal profile. If you feel that you are receiving an inappropriate amount of SPAM then can we ask you to contact us either by email to: [EMAIL PROTECTED] or call your Genesis representative who will be happy to assist. Please do not reply to this email address as it has been automatically generated, but email any queries to: [EMAIL PROTECTED] Thank you and take care Mark --- Begin Message --- Peter Pluta wrote: > I have a relatively stock install of amavisd-new and spamassassin. How can I > enable all the RBL checks. I think this is my main source of spam the lack > of RBL's. I checked an ip of a spam I recently got and it showed up as > "SPAM" in the dnstools spam database checker. I haven't been able to find > any good guides on RBL's and spamassassin on Google. Any help would be > greatly appreciated. It is enabled by default, see `perldoc Mail::SpamAssassin::Conf`: "skip_rbl_checks ( 0 | 1 ) (default: 0) By default, SpamAssassin will run RBL checks. If your ISP already does this for you, set this to 1." I don't know amavis but, for instance MailScanner does disable it since it also does RBL checks, you can configure MS not to do it and let SA run them (with the difference than in MS you choose the RBL list, SA has a standard list). -- René Berber *** Qmail-Scanner Quarantine Envelope Details Begin *** X-Antivirus-GenesisGroup-Mail-From: "[EMAIL PROTECTED]" via ssdd X-Antivirus-GenesisGroup-Rcpt-To: "[EMAIL PROTECTED]" X-Antivirus-GenesisGroup: 1.25st (perlscan: 1.25st. clamdscan: 0.90.2/3391. spamassassin: 3.1.8. problem Found. Processed in 3.252942 secs) process 21358 Quarantine-Description: SPAM exceeds "quarantine" threshold - hits=4.1/3.2 SA_REPORT hits = 4.1/3.2 0.1 FORGED_RCVD_HELO Received: contains a forged HELO -0.0 SPF_PASS SPF: sender matches SPF record 1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO 1.4 GENESIS_USERCHECK HEADER: Recipient not recognised (destcheck) 1.1 GENESIS_REMOTESMTP BODY: 25/TCP not listening on remote host *** Qmail-Scanner Envelope Details End ***--- End Message ---
Re: How Do I Enable RBLs
Mark Martinec wrote: > > Peter, > >> I have a relatively stock install of amavisd-new and spamassassin. How >> can >> I enable all the RBL checks. I think this is my main source of spam the >> lack of RBL's. I checked an ip of a spam I recently got and it showed up >> as >> "SPAM" in the dnstools spam database checker. I haven't been able to find >> any good guides on RBL's and spamassassin on Google. Any help would be >> greatly appreciated. > > Have you by any chance disabled SA network tests by setting > $sa_local_tests_only to 1? It defaults to 0 (network tests not disabled). > > Running: 'amavisd debug-sa' would tell more details on SA operations. > > Mark > > It's set to 0 in /usr/local/etc/amavisd.conf René Berber-2 wrote: > > Peter Pluta wrote: > >> I have a relatively stock install of amavisd-new and spamassassin. How >> can I >> enable all the RBL checks. I think this is my main source of spam the >> lack >> of RBL's. I checked an ip of a spam I recently got and it showed up as >> "SPAM" in the dnstools spam database checker. I haven't been able to find >> any good guides on RBL's and spamassassin on Google. Any help would be >> greatly appreciated. > > It is enabled by default, see `perldoc Mail::SpamAssassin::Conf`: > > "skip_rbl_checks ( 0 | 1 ) (default: 0) >By default, SpamAssassin will run RBL checks. If your ISP >already does this for you, set this to 1." > > I don't know amavis but, for instance MailScanner does disable it since it > also > does RBL checks, you can configure MS not to do it and let SA run them > (with the > difference than in MS you choose the RBL list, SA has a standard list). > -- > René Berber > > > I have skip_rbl_checks 0 set in /usr/local/etc/mail/spamassassin/local.cf -- View this message in context: http://www.nabble.com/How-Do-I-Enable-RBLs-tf3896474.html#a11049859 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: How Do I Enable RBLs
Peter, > I have a relatively stock install of amavisd-new and spamassassin. How can > I enable all the RBL checks. I think this is my main source of spam the > lack of RBL's. I checked an ip of a spam I recently got and it showed up as > "SPAM" in the dnstools spam database checker. I haven't been able to find > any good guides on RBL's and spamassassin on Google. Any help would be > greatly appreciated. Have you by any chance disabled SA network tests by setting $sa_local_tests_only to 1? It defaults to 0 (network tests not disabled). Running: 'amavisd debug-sa' would tell more details on SA operations. Mark
Re: How Do I Enable RBLs
Peter Pluta wrote: > I have a relatively stock install of amavisd-new and spamassassin. How can I > enable all the RBL checks. I think this is my main source of spam the lack > of RBL's. I checked an ip of a spam I recently got and it showed up as > "SPAM" in the dnstools spam database checker. I haven't been able to find > any good guides on RBL's and spamassassin on Google. Any help would be > greatly appreciated. It is enabled by default, see `perldoc Mail::SpamAssassin::Conf`: "skip_rbl_checks ( 0 | 1 ) (default: 0) By default, SpamAssassin will run RBL checks. If your ISP already does this for you, set this to 1." I don't know amavis but, for instance MailScanner does disable it since it also does RBL checks, you can configure MS not to do it and let SA run them (with the difference than in MS you choose the RBL list, SA has a standard list). -- René Berber
How Do I Enable RBLs
I have a relatively stock install of amavisd-new and spamassassin. How can I enable all the RBL checks. I think this is my main source of spam the lack of RBL's. I checked an ip of a spam I recently got and it showed up as "SPAM" in the dnstools spam database checker. I haven't been able to find any good guides on RBL's and spamassassin on Google. Any help would be greatly appreciated. Thanks, Peter -- View this message in context: http://www.nabble.com/How-Do-I-Enable-RBLs-tf3896474.html#a11046193 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
