as planned. If
this is something no one else has thought of before, then obviously
document it for science so it may save other people's lives. :)
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
http://lists.surbl.org/pipermail/announce/2013-May/000209.html
Date: Wed, 1 May 2013 05:54:48 -0700
To: SURBL Announce annou...@lists.surbl.org
Subject: [SURBL-Announce] MW malware sublist added to multi, replaces OB
As announced last October, malware data has been moved from PH
to a new
On Thursday, December 1, 2011, 10:11:35 AM, Darxus Darxus wrote:
On 12/01, Jeff Chan wrote:
Also keep in mind that PH has a generally low score even for net
+ bayes since it doesn't hit a large portion of spam in the SA
corpus.
No. Scores are not determined by how many spams a rule hits
it does hit are
generally going to be phishing or malware, so IMO it should have
a much higher score. Unless people want to get phishing and
malware
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
-setup
and:
http://www.surbl.org/links#mirrors
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
there is a responsible party to hopefully act on
unsubscriptions, fire the spammy marketer, etc. It's sort of a
degenerate case of the degenerate case of email addresses going
to to a third party, except it's the same party.
Spam is easy. Ham is hard.
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
approaches.
Those degenerate cases of both are indeed interesting.
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
that struggle with these
issues every day. Maintaining accurate ham and spam corpora and
making policies for what belongs in which category is trivial in
some easy cases like bot pill spam, but non-trivial in other
cases.
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
://cbl.abuseat.org/totalflow.html
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
rbldnsd an BIND configs for the zone and
spamassassin rule, and we will check them.
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
goes into further
detail on this new list.
Please also see this bugzilla:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6335
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
As I understand it, as soon as rules are published, some of the
senders of unsolicited messages immediately change their behavior
to defeat or bypass the rules, so publishing them is somewhat
counterproductive.
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
On Wednesday, May 27, 2009, 1:39:11 AM, Justin Mason wrote:
Yes. it immediately exposes a backchannel from the spam to the spammer,
thereby enabling a number of interesting security holes.
--j.
Yes, it's impractical for some of the reasons Rob mentions, and
it would also allow any of the
a link for some known
spam URLs. I suspect they are indeed doing SURBL lookups. Hope I didn't
end up blacklisting myself :-}
Yes, tinyurl and several other URL shortening services use SURBL
data to fight abuse of their services:
http://www.surbl.org/redirect.html
Jeff C.
--
Jeff Chan
mailto:je
rule as suggested in the Code Rot thread.
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
own domain, then
use SPF or DKIM on your real outbound mail. Then any message
claiming to be from your domain that doesn't match the SPF record
or DKIM key can be considered a forgery and handled
appropriately.
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
On 3/1/09, Jeff Chan je...@surbl.org wrote:
For historical reasons, the SURBL public nameservers were serving
individual lists ab, sc, ob and ws in addition to multi. However
these individual lists have all been deprecated in favor of multi for
several years since multi contains all lists
traffic.
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
that SA would
penalize the score of these emails. Not because blackberry.com is doing
something wrong (because it doesn't appear to be), but because this
specific SExchange gateway is doing its best to impersonate a
header-randomizing bot.
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http
of their services and networks.
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
deceptively or incorrectly some
of the time or don't set it at all other times, so that an
attempt to automatically detect the character set is useful in
some cases? This is just a guess on my part however.
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
the reference. :)
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
For historical reasons, the SURBL public nameservers were serving
individual lists ab, sc, ob and ws in addition to multi. However
these individual lists have all been deprecated in favor of multi for
several years since multi contains all lists. Traffic for the
individual lists is relatively
. They
should almost certainly upgrade to something more recent.
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
solution is to use a nameservice that doesn't change
DNSBL results. One such service is:
http://www.opendns.com/
See:
http://www.surbl.org/faq.html#dnsproxy
and:
http://www.surbl.org/faq.html#opendns
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
not for profit organisations?
Peter
We deliberately chose 1,000 users and 250,000 messages to be high
limits. Most small to medium sized organizations would not hit
them and could therefore keep using the free DNS queries.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
On Wednesday, November 12, 2008, 10:55:52 AM, Larry Rosenbaum wrote:
Where is the price list? I haven't been able to find it.
Hi Larry,
The pricing calculator is the first step of the data feed form:
http://www.surbl.org/datafeed/
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http
On Wednesday, November 12, 2008, 3:15:26 AM, Henrik K wrote:
On Tue, Nov 11, 2008 at 04:33:50PM -0800, Jeff Chan wrote:
Hi Micah,
Thanks very much for the feedback. Does anyone know how many
non-profits have more than 1,000 users (i.e., users with
mailboxes)? The non-profit pricing
On Tuesday, November 11, 2008, 4:58:01 PM, Dave Koontz wrote:
Jeff Chan wrote ... (11/11/2008 7:33 PM):
Hi Micah,
Thanks very much for the feedback. Does anyone know how many
non-profits have more than 1,000 users (i.e., users with
mailboxes)? The non-profit pricing is below ISPs and half
On Tuesday, November 11, 2008, 8:49:44 AM, Micah Anderson wrote:
Jeff Chan [EMAIL PROTECTED] writes:
I think that SURBL is a valuable service, and I understand how it is
difficult to maintain such a service without resources.
The funding is, by design, very moderate and will provide much
will change as a result of any
of these changes, however the additional resources should enable
improvements to the completeness and coverage of SURBL data.
Sincerely,
Jeff Chan
William Stearns
Joe Wein
Raymond Dijkxhoorn
Andy Warner
SURBL
http://www.surbl.org/
Arnie Bjorklund
MXTools
http
, consider increasing the score.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
for the trouble...
Something tells me Theo may not be sharing his FPs with you
anymore. ;)
Seems you don't need them anyway
Cheers,
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
[Pardon the spam; thought this new blacklist might be worth at
least trying.]
Apparently Barracuda will be publishing a free-to-use sender
blacklist called BRBL:
http://www.barracudacentral.org/rbl
Haven't tried it myself but thought it may be of interest.
Cheers,
Jeff C.
--
Jeff Chan
. Make a rule with a pattern for the message text
Both can and probably should be done.
P.S. Please contact the owners of the site or their web host and
ask them to secure the server. It's probably an insecure or
sniffed password.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
through? 419s are hard to
catch.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
of the nameservers of web sites
in the message body against the Spamhaus SBL list.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Use SURBLs. Enable network tests:
http://www.surbl.org/faq.html#nettest
jp.surbl.org blacklisted that domain at 14:33 CEST
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
scoreGMD_R_DOT_HTML 3.5
Note: making it an uri rule doesn't hit them all.
enjoy
It and video.exe are Storm.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
by Checkfree.
customercenter.com appears to be owned by domainers/squatters.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
”, or as a
side-effect attempts to evade over-simplistic sender address
verification as seen in spam, viruses, and so on.
[...]
It helped us.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Quoting Rocco Scappatura [EMAIL PROTECTED]:
Maybe, now is the case to set up a copy of zone locally on my server.. I
ve about 1300K messages rejected per day!!
Yes, you should not query 1.3 million messages per day on the public
nameservers. That would be considered abusive.
Jeff C.
Quoting Rocco Scappatura [EMAIL PROTECTED]:
I have to
enable only the plugin with loadPlugin.
... and it's enabled by default, so you should be all set. :)
Then I have to use the command 'urirhssub' of the plugin
URIDNSBL to
specify that I want to use SURBLs:
... the rules exist by
Quoting Jeff Chan [EMAIL PROTECTED]:
SpamAssassin and Exim cannot work together without some other program
coordinating them. You're probably going to need to find out what that
program is in order to solve things. Any FAQs about SpamAssassin
itself may address the coordinating program
the coordinating program, but only peripherally.
SpamAssassin only scores the messages. It doesn't deliver them and it
doesn't control how they're delivered based on that score.
Jeff C.
Jeff Chan wrote:
Quoting ploppy [EMAIL PROTECTED]:
i enabled SA on one of my accounts and since
Quoting ploppy [EMAIL PROTECTED]:
i enabled SA on one of my accounts and since disabling, no mails for that
account are being received. i did tail -f /var/log/exim_mainlog and they are
showing as completed, but they are not being delivered. they are not even in
th mail que. i am using exim
Quoting Rocco Scappatura [EMAIL PROTECTED]:
I have looked at the SURBL site. If I have well understood I have to
enable only the plugin with loadPlugin.
Then I have to use the command 'urirhssub' of the plugin URIDNSBL to
specify that I want to use SURBLs:
urirhssub URIBL_JP_SURBL
If you think blacklists should be free, then you should set up your
own, spend thousands of hours per year on it, undergo constant threats
of DDOs or worse, and listen to complaints if you dare to consider
being partially paid for your work.
Jeff C.
Quoting Sean Kennedy [EMAIL PROTECTED]:
Sorry for replying to my own topic, but I've figured out what's causing
it to go so slow.
It's the rules in sa-blacklist.current.uri.cf from
http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current.uri.cf.
This ruleset works fine in 3.1,
Quoting Per Jessen [EMAIL PROTECTED]:
Matt Kettler wrote:
For some reason one of my domains has all of a sudden been listed in
the above listed db. Which is rather ironic since there are only 3
active accounts at this domain. 1 used for a couple of mailing lists,
1 - postmaster (inbound email
Also, the sa-blacklist inclusion policy is at:
http://www.stearns.org/sa-blacklist/README.policy
Jeff C.
Quoting giga328 [EMAIL PROTECTED]:
Thank you Jeff and Anthony.
If I'm right, there is big possibility for SpamAssassin to mark as spam some
email from for example doubleclick or other companies if there is
personalized URL in it because it can look like spam or even like phishing.
If I'm
Quoting mouss [EMAIL PROTECTED]:
giga328 wrote:
Hi Anthony,
I will ask people from MailScanner also but for my email system is not
possible to use MailScanner directly so I'm using spamd. My question is
about lowering chances for false positives by having safe list from
MailScanner. But since
Quoting David Zinder [EMAIL PROTECTED]:
I think my problem is related to surbl.org, but I can't figure out how
to reach them. list.surbl.org times out, and has for several weeks.
I had been using Spamassassin 3.1.5 under RHEL 3. Works great, until
Jan 1, 2008. I started getting false
Quoting Justin Mason [EMAIL PROTECTED]:
Per Jessen writes:
Check this out
http://jessen.ch/files/spam55.txt
It's a typical spam-email with a single gif advertising drugs. The gif
is loaded from a website which is listed by uribl.com.
The emails has hrefs to the following '.com'
Quoting Jeff Chan [EMAIL PROTECTED]:
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
The TLD root servers delegate the control of the II level domain to the NS
servers defined at registration time. That is delegation. But from there,
warping the entire domain to different NSes
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
-Original Message-
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Sent: Saturday, January 26, 2008 12:23 PM
Quoting Jeff Chan [EMAIL PROTECTED]:
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
The TLD root servers delegate the control
Quoting Jeff Chan [EMAIL PROTECTED]:
DNS works by delegation from parent zones to child zones.
Or more generally from one zone to another. DNS is built on
delegation. Some spammers abuse delegation in unusual ways, but not
all unusual delegation is abuse.
Jeff C.
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
From: Jeff Chan [mailto:[EMAIL PROTECTED]
There are lots of legitimate reasons to delegate zones, for example,
migration to a new nameserver. I suggest you ask someone who runs
major nameservers. I have.
This is a temporary solution. Later you
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Sometimes it's temporary, sometimes it's not. Sometimes temporary
solutions remain in place for many years.
Then you're not obeying to the agreements with your registrar.
Delegation is a primary
Quoting Matt Kettler [EMAIL PROTECTED]:
Matt Kettler wrote:
Giampaolo Tomassoni wrote:
It doesn't use whois *instead of* dns. It uses both and attempts even to
detect any discrepancy between their responses.
Both types of queries can cause problems.
How are these going to be different??
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Yes, delegation is the other, more usual, way that the nameserver in
the whois and TLD root server may differ. Some spammers do make use
of a lot of delegation, more than usual and sometimes in long
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
Please note that one generally can't issue a DNS request to a specific
server from SA, since its resolver engine only uses the globally-defined DNS
server(s). Thereby, in the common case I should get the NSes published by
root servers, which should
Quoting Matt Kettler [EMAIL PROTECTED]:
The only big difference I see at face value is it uses whois instead of
DNS to find the NS records.. that hardly seems efficient..
Whois is definitely the wrong protocol to use for automated testing,
especially for any high volumes. It was not
Quoting ram [EMAIL PROTECTED]:
I had read about the whois plugin into SA. But I cant seem to find it
now Can someone tell me how do I install this
I beleive that could be a very effective idea to score on domain names
who have bad registrars
Every hour hundreds of domains get registered
Quoting Justin Mason [EMAIL PROTECTED]:
the redirect detection should have no problem finding that...
And the redirected-to domain is on two SURBL blacklists, so it should
be hitting.
Jeff C.
Loren Wilton writes:
I guess btnl is no longer working. Now they are doing a redirect:
Quoting Jai Gupta [EMAIL PROTECTED]:
My server has 8GB of ram, around 4 GB is currently used by spamassassin (too
many process of /usr/bin/perl -T /usr/local/psa/admin/sbin/spammng -c -C
--max-children=1 start).
Is this normal? Can I somehow limit the process concurrency of spamassassin
or I
Quoting Justin Mason [EMAIL PROTECTED]:
Theo Van Dinter writes:
On Wed, Jan 09, 2008 at 11:18:40PM +0100, Yet Another Ninja wrote:
util_rb_2tld googlepages.com
in local.cf will alllow black.uribl.com to match the listed googlepages
sites
To note, what this option really does is change
Quoting Yet Another Ninja [EMAIL PROTECTED]:
On 1/10/2008 11:13 AM, Jeff Chan wrote:
Quoting Justin Mason [EMAIL PROTECTED]:
Theo Van Dinter writes:
On Wed, Jan 09, 2008 at 11:18:40PM +0100, Yet Another Ninja wrote:
util_rb_2tld googlepages.com
in local.cf will alllow black.uribl.com
Quoting Yet Another Ninja [EMAIL PROTECTED]:
On 1/10/2008 11:13 AM, Jeff Chan wrote:
Quoting Justin Mason [EMAIL PROTECTED]:
Theo Van Dinter writes:
On Wed, Jan 09, 2008 at 11:18:40PM +0100, Yet Another Ninja wrote:
util_rb_2tld googlepages.com
in local.cf will alllow black.uribl.com
Quoting Jean-Marc Liotier [EMAIL PROTECTED]:
I am looking for a way to weed out referrer spam from Apache logs and Awstats
data files. I have seen some tools, but they rely on static blacklist -
often very small ones, rarely maintained. It just occurs to me that this is
a perfect job for
Quoting Matt Kettler [EMAIL PROTECTED]:
[18696] dbg: config: read file /etc/mail/spamassassin/blacklist-uri.cf
[18696] dbg: config: read file /etc/mail/spamassassin/blacklist.cf
Ditch blacklist and blacklist-uri. These two are well known ways to
kill spamassassin on all but the absolute
Quoting Matt Kettler [EMAIL PROTECTED]:
Justin Mason wrote:
OK, we really need to figure out some way to kill these FAQs off. Every
week, someone asks a question about why SpamAssassin is killing their
server, and most of the time the answer is stop using blacklist.cf and
Quoting Joey [EMAIL PROTECTED]:
I am currently running SA 3.2.3 compiled from cpan.
I have a situation where CPU is just going through the roof on just a few
messages and I really can't tell what part of SA is the slow down.
[...]
Here is a list of files in each of my SA folders as well as
Quoting Matt Kettler [EMAIL PROTECTED]:
cpayne wrote:
Robert Braver wrote:
Hello Payne,
On Wednesday, October 17, 2007, 9:08:53 PM, you wrote:
c I am getting a lot mail which I know is from a mail program use by
c spammers, called the bat.
Yea, I did a search. And found you
Quoting Alan Morgan [EMAIL PROTECTED]:
Hi,
We use SPAM Assassin in Silverpop. We have been having a tough time with
the messages and results after running SPAM A. Can someone help? We want a
guide of definitions.
The latest we got is 2.2 REMOVE_BEFORE_LINK BODY: Removal phrase
Quoting Chris 'Xenon' Hanson [EMAIL PROTECTED]:
[...]
X-Spam-Status: Yes, hits=4.4 required=4.0
X-Spam-Level:
X-Spam-Report: SA TESTS
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
0.1 HTML_40_50 BODY: Message is 40% to 50% HTML
0.0 HTML_MESSAGE
Quoting Mark Wendt (Contractor) [EMAIL PROTECTED]:
I've started seeing some spam come through that gets labeled with
RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/;,
which imparts a negative score if the relay is listed in their
db. Here at the Lab, we have an email gateway at
Quoting Richard Smits [EMAIL PROTECTED]:
Thanks for all the advice.. I think we will be using spamhaus. I am
running a test and it blocks a lot of spam. Currently I use the
sbl.spamhaus and pbl.spamhaus
Is this wise, or should I also use the xbl and switch to zen.spamhaus?
Please do not
Quoting Skip [EMAIL PROTECTED]:
I am not certain how anyone can claim that they have no FPs running through
those services unless they have prior knowledge of every inbound email.
That is impossible. My company deals with on the order of thousands of
companies and multiple times that in
Quoting R.Smits [EMAIL PROTECTED]:
Jeff Chan wrote:
Quoting Richard Smits [EMAIL PROTECTED]:
Thanks for all the advice.. I think we will be using spamhaus. I am
running a test and it blocks a lot of spam. Currently I use the
sbl.spamhaus and pbl.spamhaus
Is this wise, or should I
Quoting mouss [EMAIL PROTECTED]:
If they really run a normal MTA, and if that is authorized by their
ISP, then they should ask to be unlisted. (They should also get a
meaningful reverse DNS so that they can be identified).
Otherwise, they should relay via their ISP...
Indeed, one of the
Quoting John Rudd [EMAIL PROTECTED]:
R.Smits wrote:
Hello,
Which spam blacklists do you use in your MTA config. (postfix)
smptd_client_restrictions
Currently we only use : reject_rbl_client list.dsbl.org
We let spamassassin fight the rest of the spam. But the load of spam is
Quoting Kenneth Porter [EMAIL PROTECTED]:
--On Thursday, September 27, 2007 7:05 PM +0200 Giampaolo Tomassoni
[EMAIL PROTECTED] wrote:
The only problem is that a spammer could query it days before it will
bulk send, thereby impairing the effectiveness of such approach.
I think we need
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
I think there is a lot of people in this list who runs a small business like
mine, and who may benefit from using the URIWhois plugin with no negative
consequences. The others, well, they have influence and resources to spend
in a centralized
Quoting Bret Miller [EMAIL PROTECTED]:
Perhaps rather than arguing about whether we'd all get blocked by running
this, it would be more productive to lobby a registrar to provide the data
in rsynch-able form to URIBL or SURBL where DNS infrastructure could be used
to make the data available
Quoting Jonas Eckerman [EMAIL PROTECTED]:
(The idea below is not mine, someone else (I'm sorry, but I
forgot who) wrote about it here (I think) before.)
Giampaolo Tomassoni wrote:
brand-new domains,
Something that could work for this without the problems inherent
in using whois or
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
Dears,
well, I just did version 0.01 of the URIWhois plugin.
Its purpose is mainly to detect some spam containing URIs to sites in
brand-new domains, or having some conflict in whois and dns records, or
being driven by specific dns servers.
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
How do they handle these domains in a centralized way? Do they simply
relay a whois request for not-yet-seen domains? Because in this case they
have to tune their whois parsers a bit: dob.sibl.support-intelligence.net,
in example, reports both
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
the issue covered by the
URIWhois plugin would be much more efficiently solved by a centralized
solution, in which someone gathers registration data from registars (maybe
even not through whois, but through direct db access) and then publics this
Quoting Henrik Krohns [EMAIL PROTECTED]:
On Fri, Sep 07, 2007 at 10:09:27AM +1200, Jason Haar wrote:
I knew things like this would eventually happen. Spammers basically have
infinite resources, they can deliver us a LOT of hurt when they wish to.
I can think of a lot worse things they
Quoting Rajkumar S [EMAIL PROTECTED]:
Hi,
Does any one seeing increasing smtp concurrency for the past couple of
weeks? I run couple of (qmail/simscan/spamassassin) mail servers and
all experience the same problem. The spam does not increase, but this
is hogging my mail servers. Probably a
Quoting Kelsey Forsythe [EMAIL PROTECTED]:
My network tests are not implemented on my server.
If I run spamassassin manually from command line on a message I see
the network
filters in play but when I examine messages that have gone through my
Xserve no network tests
are performed. I
Quoting Kelsey Forsythe [EMAIL PROTECTED]:
I meant (and I just checked) 'sa_local_tests_only' is set to 0.
But the network tests still are not implemented.
Make sure it's also not commented out. Some installations have it commented out
by default.
Jeff C.
Quoting Jason Haar [EMAIL PROTECTED]:
..that seems new. I see it's an RBL that contains domains registered
within the last five days.
Can someone explain what that means? I guess it means seen by DOB
within the last five days more than a domain that was registered within
the last five days?
Quoting Jason Haar [EMAIL PROTECTED]:
I've spotted the fault - they've blacklisted the *ENTIRE* .org
domain!!! (I just tested some made-up .org domains - they are all on it)
I'll see if I can find an email address to notify them
Arghhh, that would do it. I'm writing to Rick Wesson about it.
Quoting Rick Macdougall [EMAIL PROTECTED]:
Greg Skouby wrote:
With SA-3.2.0 I seem to be getting sub 5 second scan times pretty
regularly but when I upgraded to SA-3.2.3 I was lucky to get sub 10
second. I flipped on debugging and see a bunch of these messages:
Thu Aug 16 15:22:53 2007
Quoting martin f krafft [EMAIL PROTECTED]:
also sprach Jeff Chan [EMAIL PROTECTED] [2007.08.16.1125 +0200]:
The two do very different things. MTA blacklists are direct
rejection of incoming smtp connections by the MTA (in this case
postfix). URIDNSBL is a SpamAssassin check of web sites
Quoting Kai Schaetzl [EMAIL PROTECTED]:
Thomas Raef wrote on Sun, 12 Aug 2007 06:19:43 -0500:
a dnsbl is the way to go.
On first look I disagree. We already have SURBL and URIBL. I don't see how
this would add any benefit on top of that. We are talking about URI's in
mail, not about
1 - 100 of 624 matches
Mail list logo
