Scores, razor, and other questions

[MySQL Student]

Hi,

After another day of hacking, I have a handful of general questions
that I hoped you could help me to answer.

- How can I find the score of a particular rule, without having to use
grep? I'm concerned that I might find it at some score, only for it to
be redefined somewhere else that I didn't catch. Something I can do
from the command-line?

- How do I find out what servers razor is using? What is the current
license now that it's hosted on sf, or are the query servers not also
running there? It doesn't list any restrictions on the web site.

- The large majority of the spam that I receive these days is a result
of a URL not being listed in one of the SBLs. I'm using SURBL, URIBL,
and spamcop. For example, I caught guadelumbouis.com several hours
ago, and it's still not listed in any of the SBLs. Am I doing
something wrong or am I missing an SBL? Has anyone else's spam with
URLs increased a lot lately?

Thanks,
Alex

Re: Scores, razor, and other questions

[Matt Kettler]

MySQL Student wrote:
 Hi,

 After another day of hacking, I have a handful of general questions
 that I hoped you could help me to answer.

 - How can I find the score of a particular rule, without having to use
 grep? I'm concerned that I might find it at some score, only for it to
 be redefined somewhere else that I didn't catch. Something I can do
 from the command-line?
   
No, to be comprehensive you'd have to do a series of greps, one for the
default set, site rules, and user_prefs.

You could probably make a little shell script to automate grepping all 3.

 - How do I find out what servers razor is using? What is the current
 license now that it's hosted on sf, or are the query servers not also
 running there? It doesn't list any restrictions on the web site.
   
Wow.. the razor client has been hosted on SF for a LOOong time..
Like 6 years now?

Regardless, the servers are operated by Vipul's company, cloudmark. Try
running razor-admin -d -discover. Alternatively, look at razor's
server.lst file.
 - The large majority of the spam that I receive these days is a result
 of a URL not being listed in one of the SBLs. I'm using SURBL, URIBL,
 and spamcop. For example, I caught censored several hours
 ago, and it's still not listed in any of the SBLs. Am I doing
 something wrong or am I missing an SBL? Has anyone else's spam with
 URLs increased a lot lately?
   
Note: domain censored, verizon's spam outbreak controls won't let me
send the message with that domain in it right now.

URIBLs have some inherent lag, and spammers are playing a race game with
the URIBLs, trying to change domains faster than they get listed.
Fortunately, the domain registrations cost the spammers money, so
increasing the number of those they need is good.

Personally, I find bayes tends to clean up most of what gets missed,
although I auto-feed my bayes using spamtrap addresses that
automatically submit to sa-learn --spam, resulting in very fresh spam
training.

Looking at uribl, they've currently got it listed in URIBL gold, but
that's a non-free list of theirs. It's also a proactive list, so it
will list domains before they send spam, making it more effective
against mutating runs, but also might toss a FP or two on new domains.


 Thanks,
 Alex