Re: Single URI spam not checked against URIBLs
Ned Slider wrote: Wolfgang Zeikat wrote: Ned Slider wrote: For those using RHEL5/CentOS5 and wanting to update, We use Scientific Linux 5 which is a re-compiled RHEL 5 *erm*, actually it's Scientific Linux 4 (RHEL 4), the rest is true tho ;) - with Dag's 3.56 rpm installed. I installed HTML::Parser 3.59 there from CPAN (with local make) without unistalling the rpm. The URI detection behavious didn't change, so I am interested in your procedure. Yes, I downloaded the perl-HTML-Parser-3.56 src.rpm package from RPMForge: http://dag.wieers.com/rpm/packages/perl-HTML-Parser/perl-HTML-Parser-3.56-1.rf.src.rpm Extract the SPEC file, edit the Version and Release lines to 3.59 and 1.el5, respectively. (no need for the latter here, see above) Download the HTML-Parser-3.59 tarball http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/HTML-Parser-3.59.tar.gz Copy the edited SPEC file to the /SPECS dir and the source tarball to the /SOURCES dir of your build environment, and build the package with: rpmbuild -ba --target=`uname -m` perl-HTML-Parser.spec and install the package with rpm. Hope that helps :) Worked like a charm, thank you very much! Regards, wolfgang
Re: Single URI spam not checked against URIBLs
On Sat, 2008-12-06 at 18:22 -0500, Theo Van Dinter wrote: On Sat, Dec 06, 2008 at 11:16:03PM +0100, Wolfgang Zeikat wrote: Could you describe more elaborately how you did that? You may wish to take a look at cpan2rpm, fwiw. deprecated. look at cpan2dist if you are running perl 5.10 -- Daniel J McDonald - CCIE #2495, CISSP # 78281, CNX
Re: Single URI spam not checked against URIBLs
Bill Landry a écrit : This issue has been resolved. Thanks to Justin Mason and Gisle Aas (HTML::Parser guy) for finding the fix. The resolution is to update HTML::Parser to the latest version and then restart SA. Thanks for the heads up. it indeed works (HTML::Parser 3.59).
Re: Single URI spam not checked against URIBLs
mouss wrote: Bill Landry a écrit : This issue has been resolved. Thanks to Justin Mason and Gisle Aas (HTML::Parser guy) for finding the fix. The resolution is to update HTML::Parser to the latest version and then restart SA. Thanks for the heads up. it indeed works (HTML::Parser 3.59). For those using RHEL5/CentOS5 and wanting to update, I built a perl-HTML-Parser-3.59 RPM package from Dag's SPEC file (v3.56) on RPMForge by dropping in the 3.59 source tarball. It built cleanly and is now running on my system :)
Re: Single URI spam not checked against URIBLs
Ned Slider wrote: Thanks for the heads up. it indeed works (HTML::Parser 3.59). For those using RHEL5/CentOS5 and wanting to update, We use Scientific Linux 5 which is a re-compiled RHEL 5 - with Dag's 3.56 rpm installed. I installed HTML::Parser 3.59 there from CPAN (with local make) without unistalling the rpm. The URI detection behavious didn't change, so I am interested in your procedure. I built a perl-HTML-Parser-3.59 RPM package from Dag's SPEC file (v3.56) on RPMForge by dropping in the 3.59 source tarball. It built cleanly and is now running on my system :) Could you describe more elaborately how you did that? Regards, wolfgang
Re: Single URI spam not checked against URIBLs
Wolfgang Zeikat wrote: Ned Slider wrote: Thanks for the heads up. it indeed works (HTML::Parser 3.59). For those using RHEL5/CentOS5 and wanting to update, We use Scientific Linux 5 which is a re-compiled RHEL 5 - with Dag's 3.56 rpm installed. I installed HTML::Parser 3.59 there from CPAN (with local make) without unistalling the rpm. The URI detection behavious didn't change, so I am interested in your procedure. I built a perl-HTML-Parser-3.59 RPM package from Dag's SPEC file (v3.56) on RPMForge by dropping in the 3.59 source tarball. It built cleanly and is now running on my system :) Could you describe more elaborately how you did that? Regards, wolfgang Yes, I downloaded the perl-HTML-Parser-3.56 src.rpm package from RPMForge: http://dag.wieers.com/rpm/packages/perl-HTML-Parser/perl-HTML-Parser-3.56-1.rf.src.rpm Extract the SPEC file, edit the Version and Release lines to 3.59 and 1.el5, respectively. Download the HTML-Parser-3.59 tarball http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/HTML-Parser-3.59.tar.gz Copy the edited SPEC file to the /SPECS dir and the source tarball to the /SOURCES dir of your build environment, and build the package with: rpmbuild -ba --target=`uname -m` perl-HTML-Parser.spec and install the package with rpm. Alternatively, I've uploaded my src.rpm here which may be easier: http://www.pperry.f2s.com/linux/perl-HTML-Parser/ and you can build it with: rpmbuild --rebuild perl-HTML-Parser-3.59-1.el5.src.rpm There is a guide on rebuilding source RPMs here: http://wiki.centos.org/HowTos/RebuildSRPM I've also uploaded my RPM package there too, but I only built a package for x86_64, so if your running a xen kernel or are running on i386 you'll need to rebuild it yourself. Hope that helps :)
Re: Single URI spam not checked against URIBLs
On Sat, Dec 06, 2008 at 11:16:03PM +0100, Wolfgang Zeikat wrote: Could you describe more elaborately how you did that? You may wish to take a look at cpan2rpm, fwiw. -- Randomly Selected Tagline: ... Either this man is suffering from serious brain damage, or the new vacuum cleaner's arrived... - Rowan Atkinson pgpHwSmixaDmg.pgp Description: PGP signature
Re: Single URI spam not checked against URIBLs
Bill Landry wrote: mouss wrote: Bill Landry wrote: I've posted a short pharma spam message to: http://www.inetmsg.com/spam.txt and debug output to: http://www.inetmsg.com/sa-debug.txt It displays a single URI linked line in an e-mail client that only displays: Please visit our shop. There seems to be something about the URI in the message that allows it to bypass all URIBL testing by SpamAssassin. The domain is listed in the following URIBLs: URIBL_JP_SURBL URIBL_OB_SURBL dig canadiansitetable.com.multi.surbl.org +short 127.0.0.80 and URIBL_BLACK dig canadiansitetable.com.multi.uribl.com +short 127.0.0.2 Yet there were no URIBL hits. The message scored high and was tagged as spam, but I'm just curious as to what it is about this message that allowed it to bypass all SA URIBL tests? I'm running spamassassin -V SpamAssassin version 3.2.5 running on Perl version 5.8.8 And in case you're wondering, I'm not using the shortcircuit plugin. looks like a bug. it looks like in ' http://uri' the uri isn't detected (aka quoted-string). In the message, the URI is insisde quoted (the one in You'll and the one in don't). if you remove one of the quotes or if you break the line so that they aren't in the same line, the URI is detected. Thanks, I've opened up a bug report: Bug 6017. Bill This issue has been resolved. Thanks to Justin Mason and Gisle Aas (HTML::Parser guy) for finding the fix. The resolution is to update HTML::Parser to the latest version and then restart SA. Regards, Bill
Single URI spam not checked against URIBLs
I've posted a short pharma spam message to: http://www.inetmsg.com/spam.txt and debug output to: http://www.inetmsg.com/sa-debug.txt It displays a single URI linked line in an e-mail client that only displays: Please visit our shop. There seems to be something about the URI in the message that allows it to bypass all URIBL testing by SpamAssassin. The domain is listed in the following URIBLs: URIBL_JP_SURBL URIBL_OB_SURBL dig canadiansitetable.com.multi.surbl.org +short 127.0.0.80 and URIBL_BLACK dig canadiansitetable.com.multi.uribl.com +short 127.0.0.2 Yet there were no URIBL hits. The message scored high and was tagged as spam, but I'm just curious as to what it is about this message that allowed it to bypass all SA URIBL tests? I'm running spamassassin -V SpamAssassin version 3.2.5 running on Perl version 5.8.8 And in case you're wondering, I'm not using the shortcircuit plugin. Bill
Re: Single URI spam not checked against URIBLs
Bill Landry wrote: I've posted a short pharma spam message to: http://www.inetmsg.com/spam.txt and debug output to: http://www.inetmsg.com/sa-debug.txt It displays a single URI linked line in an e-mail client that only displays: Please visit our shop. There seems to be something about the URI in the message that allows it to bypass all URIBL testing by SpamAssassin. The domain is listed in the following URIBLs: URIBL_JP_SURBL URIBL_OB_SURBL dig canadiansitetable.com.multi.surbl.org +short 127.0.0.80 and URIBL_BLACK dig canadiansitetable.com.multi.uribl.com +short 127.0.0.2 Yet there were no URIBL hits. The message scored high and was tagged as spam, but I'm just curious as to what it is about this message that allowed it to bypass all SA URIBL tests? I'm running spamassassin -V SpamAssassin version 3.2.5 running on Perl version 5.8.8 And in case you're wondering, I'm not using the shortcircuit plugin. looks like a bug. it looks like in ' http://uri' the uri isn't detected (aka quoted-string). In the message, the URI is insisde quoted (the one in You'll and the one in don't). if you remove one of the quotes or if you break the line so that they aren't in the same line, the URI is detected.
Re: Single URI spam not checked against URIBLs
mouss wrote: Bill Landry wrote: I've posted a short pharma spam message to: http://www.inetmsg.com/spam.txt and debug output to: http://www.inetmsg.com/sa-debug.txt It displays a single URI linked line in an e-mail client that only displays: Please visit our shop. There seems to be something about the URI in the message that allows it to bypass all URIBL testing by SpamAssassin. The domain is listed in the following URIBLs: URIBL_JP_SURBL URIBL_OB_SURBL dig canadiansitetable.com.multi.surbl.org +short 127.0.0.80 and URIBL_BLACK dig canadiansitetable.com.multi.uribl.com +short 127.0.0.2 Yet there were no URIBL hits. The message scored high and was tagged as spam, but I'm just curious as to what it is about this message that allowed it to bypass all SA URIBL tests? I'm running spamassassin -V SpamAssassin version 3.2.5 running on Perl version 5.8.8 And in case you're wondering, I'm not using the shortcircuit plugin. looks like a bug. it looks like in ' http://uri' the uri isn't detected (aka quoted-string). In the message, the URI is insisde quoted (the one in You'll and the one in don't). if you remove one of the quotes or if you break the line so that they aren't in the same line, the URI is detected. Thanks, I've opened up a bug report: Bug 6017. Bill
