On Friday, March 11, 2005, 11:27:52 PM, Jeff Chan wrote:
> Does anyone have or know about a list of spam-advertised URIs
> where the spam they appeared in was sent through open relays,
> zombies, open proxies, etc. In other words does anyone know
> of a list of spamvertised web si
ually remove spyware, the FTC said.
A U.S. court has ordered the company and its owner, Thomas
Delanoy, to suspend its activities until a court hearing on
Tuesday. The company could be required to give back all the money
it made from selling Spyware Assassin.
__
Comment: LOL!
Jeff C.
--
Jeff
Does anyone have or know about a list of spam-advertised URIs
where the spam they appeared in was sent through open relays,
zombies, open proxies, etc. In other words does anyone know
of a list of spamvertised web sites or their domains that's
been cross referenced to exploited hosts?
We could us
here they're highly effective at detecting future
pam.
I would definitely encourage everyone to use SpamCop.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
ts disabled is important. IIRC there is
a matrix of 4 possible scores, with and without Bayes and with
and without network tests.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
; pyzor and all of the subl.org URI lookups.
I believe they are using rsynced local zone files. (I'm hoping
they're using rbldnsd since it's so much faster and more
efficient than BIND.)
http://www3.surbl.org/rsync-signup.html
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
tch you to the
> network score sets giving you lower scores for other tests. Without the
> other network tests to balance things out, you may end up with lower
> scores overall.
Or you could boost the SURBL scores, or lower your spam
threshold. :-)
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
On Friday, March 11, 2005, 7:51:45 AM, Jeff Chan wrote:
> On Friday, March 11, 2005, 7:48:26 AM, Vivek Khera wrote:
>> in your preferences file,
>> skip_rbl_checks 1
>> will turn off the RBL checks but leave SURBL checks on.
>> Vivek Khera, Ph.D.
>> +1-301-86
; skip_rbl_checks 1
> will turn off the RBL checks but leave SURBL checks on.
> Vivek Khera, Ph.D.
> +1-301-869-4449 x806
Hmm, but is that a good thing or an inconsistency? In any case
setting the scores of the regular RBL checks to 0 will definitely
do the right thing, and is arguably
nt on expressions.
How about reporting the spams to Tucows and Primus to get them to
shut down the domains like Joker did?
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
c63affa/YriLMz/filename";
border="0">>
> http://muoniofgj.net/6481ddc2353481dae6c63affa/filename";
border='0'>>
> http://muoniofgj.net/6481ddc2353481dae6c63affa/txU/t1q/filename";
border=0>>
These three domains appear to belong to the same spammer.
Joker shut down tatighk.com for having an invalid address on
the registration, but the other two remain up at Tucows and
Primus Domain/Planetdomain.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
ces and different reasons
for whitelisting, it will probably be useful to take note of
that source/reason info for each record. If that's a comment
after each record, or a field in a database, or both, it would
probably be helpful for managing these records in the long run.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
On Wednesday, March 9, 2005, 6:20:49 PM, Robert Menschel wrote:
> Wednesday, March 9, 2005, 1:00:33 AM, Jeff Chan wrote:
>>> Goal: There are public newsletters, services, etc., which a) do not
>>> spam, and b) can easily be mistaken as spam by SpamAssassin for a
>>&
On Wednesday, March 9, 2005, 8:20:33 AM, Jeff Chan wrote:
> What this means is that the nameserver for gov.ru is listed
> in SBL.
> http://www.spamhaus.org/sbl/sbl.lasso?query=SBL13545
>> Ref: SBL13545
>>
>> 213.59.0.0/23 is listed on the Spamhaus Block List (SBL)
&
hones) property for personal use? Seems kinda dumb
for a spammer to list their work phone....
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
e
it hosts send-safe.com.
Personally I don't like escalations like that, but I don't run
Spamhaus.
Fortunately URIBL_SBL usually gets a fairly low score due to
false positives like this. I'd say keep it low.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
oking at message body URIs do like uridnsbl
commands do.
As the data was proposed to be collected from local
whitelist_from_rcvd lists, apparently it would be for headers.
That should be safe, and we could probably still use them to
limited effect in SURBLs to keep those domains off SURBLs.
It's still a good idea.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
around thanks to Jeff's work. He went mad for a few weeks and collected
> just about every bit of whitelist info from the net.
Yep, you're right. We don't want spammers packing their
messages full of legitimate domains and getting them through
SA because of it.
Jeff C.
--
Jeff
onsensus
about what should be whitelisted. That could be a subset of
the local whitelist_froms of all SpamAssassin installations.
It could also grow into something larger, and that's not
necessarily a bad thing. Collecting up SA local whitelist_froms
is a reasonable place to start.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
4.3 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
> [URIs: dftphildeutschv.net]
> 0.0 MIME_BOUND_NEXTPARTSpam tool pattern in MIME boundary
> -1.2 AWLAWL: From: address is in the auto white-list
(It's on jp.
this in{to} your browser" rule.
Might be worth a check
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
organization and its published mail practices, especially
including published anti-spam policies. We typically unlist
organizations that do not make large-scale use of spam.
Generally speaking those who don't spam will never get listed on
SURBLs, and our false positive rate is very low.
Jef
ng the messages disappear. You may want to check your
procmail use.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
principle
could eventually act as such a whitelist also, but getting there
is non-trivial and has many as yet unanswered questions.
As you suggest, even an uncomplete whitelist could be useful for
whitening (improving scores (decreasing ham scores)) messages in
SpamAssassin, but there are caveats and potential pitfalls.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
s always a lag between zombies being
detected and their being listed in RBLs. That delay can be
exploited by spammers to do a lot of sending.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
version 0.24
I don't know about the other modules, but your version of
Net::DNS is way too old to use with a recent version of
SpamAssassin. You need to update it and possibly some of
the other modules also.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
stfix
and the standard RBL configs in SpamAssassin.
For us, sbl-xbl.spamhaus.org and list.dsbl.org were by far the
most safe and effective at the MTA level. YMMV.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
the
upcoming 3.1 version of SpamAssassin's urirhs*.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
an't fake it because it can be validated by a trusted relay.
Spammers have access to hundreds of thousands of zombies. They
probably have all the computing power they need to calculate a
few hashes.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
quot;positive" rules in SA. SPF or Domain
Keys may (or may not) be examples, but the nice thing is
that SA lets us give them "relative goodness scores" and
not an outright pass or fail, so they don't need to be
perfect out of the box. That may actually help their
adoption as it arguably has with SURBLs.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
>> 3.0:
>> debug: URIDNSBL: domains to query:
>>
>> 3.1:
>> debug: uridnsbl: domains to query: crazyrxl0wprices.com
> Any ETA on 3.1 ?
Well it sounds like they're in C-T-R mode now, so not quite
yet, but maybe within the next month or two?
http://wiki.apache.or
On Friday, March 4, 2005, 7:37:45 PM, David Funk wrote:
> On Fri, 4 Mar 2005, Jeff Chan wrote:
>> On Friday, March 4, 2005, 5:12:28 PM, Theo Dinter wrote:
>> > On Fri, Mar 04, 2005 at 05:10:42PM -0800, Jeff Chan wrote:
>> >> The URI is a little unusual, with a
On Friday, March 4, 2005, 5:12:28 PM, Theo Dinter wrote:
> On Fri, Mar 04, 2005 at 05:10:42PM -0800, Jeff Chan wrote:
>> The URI is a little unusual, with a missing port number after the
>> colon:
>>
>> http://crazyrxl0wprices-MUNGED.com:/
>>
>> Maybe
gt; SURBL seems to work on all other spams, just wondering if they have found a
> way to avoid spamassassin catching the URL.
> Martin
The URI is a little unusual, with a missing port number after the
colon:
http://crazyrxl0wprices-MUNGED.com:/
Maybe that syntax is throwing off SA?
> Management Committee and two of them (Justin Mason and Theo Van Dinter)
> write at least as much code as me. (And Michael Parker is catching up.)
Perhaps a follow letter from you to them might be appropriate? :-)
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
les it´s not good for fight spammers as a group
> (i.e. SA users).
Try the SARE Fraud rule. It will probably catch these.
http://www.rulesemporium.com/rules.htm
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
, in particular, the URI rules that use SURBL,
> looking for spammer domains in Web links.
Thanks DQ! ;-)
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
last bit of
history I'm only guessing. :-)
Cheers,
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
0.34
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
(envelope-from
> <[EMAIL PROTECTED]>, uid 503) with qmail-scanner-1.23
> (spamassassin: 2.64.
> Clear:RC:0(220.104.187.146):SA:0(2.1/4.5):.
> Processed in 5.891302 secs); 26 Feb 2005 15:18:08 -
> X-Spam-Status: No, hits=2.1 required=4.5
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
, since they
advertise this web site, it will get detected by systems using
SURBLs, like SA 3 does by default (if it has network tests
running, fresh Net::DNS, etc.).
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Just want to confirm that the current rules on the SARE site
will work with both 2.64 and 3.X. I know it says so on their
rules page, but wanted to double check. :-)
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
/domain/named.root
> ; on server FTP.INTERNIC.NET
> ; -OR-RS.INTERNIC.NET
> ;
> ; last update:Jan 29, 2004
> ; related version of root zone: 2004012900
Somewhat WAG, but probably worth checking.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
u checked all of your:
/etc/resolv.conf
$HOME/.resolv.conf
./.resolv.conf
for the user mimedefang or SA runs as to make sure they're all
correct and all the name servers on them resolve the RBLs
correctly?
Also when you say "At some point, SA seems to stop doing lookups
on the DNS
On Tuesday, February 22, 2005, 6:19:06 AM, Robert Brooks wrote:
> David B Funk wrote:
>> I'm seeing a new spam varient that is clearly designed to get
>> past SURBL. It is an HTML message that contains many (50~100)
>> 'invisible' links; links that have no target text, just:
>> http://garbage.siten
eeing contain URIs (web site links), then
SURBL use will probably catch them.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
but I think the "lots of URI" spams are still somewhat
rare, so it should only be an occasional occurrence.
It sounds like this thread "SA 3.01 eventually stops noticing
DNSBLs" is more likely an installation or configuration issue for
this particular system.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
ease keep reporting them the SpamCop. The SURBL engine for
extracting those reports will be more efficient at catching the
major spammers in future.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
sed to block outright, but to increase the scores
to indicate a degree of spammyness. An advantage is that false
positives on any particular list can contribute less to blocking
a ham (a wanted message).
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
N:
> mghtaurism.net.multi.surbl.org. 15M IN TXT "Blocked, mghtaurism.net on
> lists [
> sc][ws][ob][ab][jp], See: http://www.surbl.org/lists.html";
Or do they mention other domains?
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
spam URI mghtaurism .net has been
listed in SURBLs for at least 30 hours.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
of spam I get.
Please ask them to use SURBLs, like you are at home. That should
catch a lot more spams if they're not using them, even without
Bayes.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
main).
Note that the other two files mentioned are .resolv.conf, not
resolv.conf:
> >> /etc/resolv.conf
> >> $HOME/.resolv.conf
> >> ./.resolv.conf
and that you'd want to check them for the specific user that
SpamAssassin (spamd, etc.) runs as.
Jeff C.
gest. Do you have any DNS caching or
accelerating programs? Perhaps they're doing something similar.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Using different upgrade
methods can confuse things.
Did you see the recent thread about the various resolve.conf's
used by Net::DNS? Are they all correct for the user SpamAssassin
runs as?
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Even tried rebooting. Even tried re-install Net::DNS again from (from
> source).
> Net::DNS must save it's settings somewhere? I can't tell why it is not
> dropping the bad server.
Do you have any of the other files:
>> /etc/resolv.conf
>> $HOME/.resolv.conf
>> ./.resolv.conf
where . and $HOME are for the user SA runs as.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
nd why so many
> syntactical checks are completely disabled or strongly damped when
> using Bayes and network tests together.
My understanding is that the scores are optimized automatically
using a perceptron. Probably it's mentioned in the SA wiki or faq.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
quot;body" as
mentioned at:
http://www.surbl.org/faq.html#body
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
>>
>> What is URIDNSBL and what is this error?
> that's not an error. you're running with debugs on, and it's
> a debugging message ;)
> URIDNSBL is the plugin used to do SURBL lookups.
And SBL nameserver checks and other RHSBLs. :-)
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
tion's Product of the
> Year 2005 Awards.
Congrats SpamAssassin folks!
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
On Tuesday, February 8, 2005, 10:27:21 PM, Matthew Romanek wrote:
> On Tue, 8 Feb 2005 17:34:44 -0800, Jeff Chan <[EMAIL PROTECTED]> wrote:
>> On Tuesday, February 8, 2005, 4:52:53 PM, mouss mouss wrote:
>> > Jeff Chan wrote:
>> >> On Wednesday, December 8, 200
On Tuesday, February 8, 2005, 4:52:53 PM, mouss mouss wrote:
> Jeff Chan wrote:
>> On Wednesday, December 8, 2004, 8:22:24 AM, Matthew Romanek wrote:
>>
>>>FYI (and for future list-searchers), the problem with URIDNSBL
>>>appearing to work but not actual
ever resolver the system
it's on is configured to use.
What you should do is set up forwarding for the "auth2.homes.com"
custom zone (and any other rbldnsd zones locally served) from your
BIND server to your rbldnsd server. See for examples:
http://njabl.org/rsync.html
http://www.surbl.org/rbldnsd-howto.html
http://www.surbl.org/rbldnsd-bind-freebsd.html
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
On Tuesday, February 8, 2005, 5:08:32 AM, Jeff Chan wrote:
> Please complain to Barak that their customer walla.com is sending
> spam. The problem is not really with SpamHaus but that Barak
> apparently continues to allow walla.com to be mentioned in
> thousands of reported spam (
ed on it.
Please complain to Barak that their customer walla.com is sending
spam. The problem is not really with SpamHaus but that Barak
apparently continues to allow walla.com to be mentioned in
thousands of reported spam (and probably many times that
unreported). SpamHaus is simply noting that fact.
g their feet,
> since the spam will now be bogging down their servers, instead of bypassing
> them.
And the answer is: scan outbound mail using SURBLs.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
On Thursday, January 27, 2005, 9:51:41 PM, Jeff Chan wrote:
> As a practical matter an N of 1 seems to
> stop most spammers and probably prevents most from even
> trying in the first place, which is even better.
(But that's with the manual un-moderating, and not auto
un-modera
On Thursday, January 27, 2005, 9:34:09 PM, Daniel Quinlan wrote:
> Jeff Chan <[EMAIL PROTECTED]> writes:
>> Yahoo Groups has a "moderate new members" setting which leaves new
>> members in a moderated state until the owner manually changes it.
>> It's a
eaves
new members in a moderated state until the owner manually changes
it. It's a deterrent against spam since initial posts are
moderated. Works great.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
l of the Yahoo Groups I run. Spam
no longer gets through to the lists. The software also has a
convenient "Ban" button on the new message moderation page.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
odge-tread
> s-aunt
Looks like they're trying to get victims to go to their hijacked
computer at 24.74.30.29:8180 . I doubt it has anything to do
with postcards.org.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
ually use it. Sadly, people still do.
> Whatever your unstated reasons are, I beg to differ. Weekly mass-check
> results for SURBL:
I think Raymond is referring to the SPEWS list being not too
useful, given its high FP rate.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
A that will allow a
> marketeer to check their mail before sending out?
> thanks,
> simon
I'd feel a lot better answering your question if you had
a real name and address (how do we know you're not a spammer?),
but the quick answer is that you can feed your message into
SpamA
essages per day.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
some things in the earlier
versions, and should be more efficient.
2. Make sure you have network tests enabled:
http://www.surbl.org/faq.html#nettest
3. As requested, give some sample spam rule hits or a sample
spam so folks here can check your results.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
7.sbl.spamhaus.org a
how long does it take? If more than a few milliseconds
then your DNS configuration may be broken.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
ng done even
> though our local.cf says they are turned off.
Depends how you're starting SpamAssassin. Various flags are
described at:
http://www.surbl.org/faq.html#nettest
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
n names that
would be registered. There are several reasons for this but
the main is to ignore the extra subdomains/levels/hostnames
that spammers sometimes add. This is described more on the
SURBL site, for example at:
http://www.surbl.org/implementation.html
in the FAQ, etc.
http://ww
> [100%]
> package perl-Net-DNS-0.48-0.1.fc2.rf is already installed
Perhaps you installed SA or Net::DNS from CPAN and the other
another way like tarbals? Sometimes that confuses the
installations.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
users. Any idea what I have
> set wrong?
It it enabled in the default installation, but you need to have a
recent version of Net::DNS and have network tests enabled. Here
are some suggestions:
http://www.surbl.org/faq.html#nettest
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
et
> KennedyWestern@
> Kennedy Western
> I sincerely appreciate the help.
> Cheers,
> - Bill
I see 43 NANAS hits on a 1996 domain (kw.edu) that probably has
legitimate uses. I may whitelist their domains on SURBLs unless
they are spammers on the order of a Ral
;1">
> href="http://mysite.verizon.net/resoxfmz/ServiceBasic.htm";>Preferences> DEFANGED_STYLE="font-size:
1pt">>>> >> Will they give the child a good religious upbringing?
> That's our religion, isn't it? How ya doin'?
Let verizon know. They probably have an AUP and probably enforce
it.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
t;> >> Will they give the child a good religious upbringing?
>> That's our religion, isn't it? How ya doin'?
>>
> yep. and if you mail "abuse" from europe the won't accept the message. :-)
> blocked locally :-)
urirhs* may not catch it since it's the third level of a gtld.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Please note that if you upgraded from 3.0.0 to 3.0.1 or 3.0.2,
the uridnsbl rules changed from type "header" to type "body".
If the rules are not similarly updated, they will not trigger.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
On Thursday, January 13, 2005, 1:19:58 AM, Darren Coleman wrote:
>> From: Jeff Chan [mailto:[EMAIL PROTECTED]
>> % dig 2.0.0.127.sbl.spamhaus.org a
>>
>> ; <<>> DiG 8.3 <<>> 2.0.0.127.sbl.spamhaus.org a
>> ;; res options: init recurs def
On Wednesday, January 12, 2005, 4:57:57 PM, Jeff Chan wrote:
> On Wednesday, January 12, 2005, 8:15:12 AM, Darren Coleman wrote:
>> Figured out why URIBL_SBL wasn't firing for me for that email - I can't
>> even resolve that domain! Have tried resolving it on several
er with
> different providers), and none of them can do it.
Which domain? sbl.spamhaus.org should resolve from anywhere....
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
wrong with this?
> Thanks,
> Darren
Try installing a current Net::DNS and enabling network tests.
SURBL and other URIBL rules triggered on the URIs in
your spam:
URIBL_AB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL
Those should be plenty to get them marked as spam.
Jeff C.
t version of Net::DNS. How you enable network tests
depends on how you start SA. Some suggestions are at:
http://www.surbl.org/faq.html#nettest
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
,
I'm not sure that this is a correct use of urirhssub, which
may have been more suited towards bitmasked lists such as
multi.surbl.org and CBL. In other words, it may only be
useable with power of two results like 127.0.0.2,4,8,16,32.
To be honest I haven't checked how the urirhssub source
itives. Our FP rate is low, but non-zero.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
u calling SpamAssassin? In addition to Net::DNS
you need to have network tests enabled:
http://www.surbl.org/faq.html#nettest
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
On Friday, January 7, 2005, 8:46:41 AM, Jeff Chan wrote:
> On Friday, January 7, 2005, 8:43:30 AM, Jerry Jerry wrote:
>> I currently use the spamcop RBL..
> to you mean bl.spamcop.net or sc.surbl.org. The two are not
> the same.
That should read:
Do you mean bl.spamcop.net
On Friday, January 7, 2005, 8:42:45 AM, Jerry Jerry wrote:
>> What version of SpamAssassin are you running?
> Running 3
Do you have a recent Net::DNS installed and are you using
network tests? How do you run SpamAssassin?
Do you see any hits on the URIBL rules?
Jeff C.
--
Jeff Ch
>
>>> Also, Is there like a public shared Bayesian database that can help
>>> improve
>>> the detection of spam messages?
>>>
>>> TIA
>>>
>>>
>>>
>>>
>>
>>
>> David Groce
>> North Kitsap School District
>> Network Server Analyst/Coordinator
>> [EMAIL PROTECTED]
>> (360) 394-2621
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
> 23,666 XBL RBL 45%
On behalf of everyone helping out with the SURBL project,
thanks for sharing your kind words and good results!
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
spam messages?
>>
>> TIA
>>
>>
>>
>>
> David Groce
> North Kitsap School District
> Network Server Analyst/Coordinator
> [EMAIL PROTECTED]
> (360) 394-2621
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
2.64 rule and score using SpamCopURI 0.22 or later looks like
this:
uri JP_URI_RBL
eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+64')
describe JP_URI_RBL Has URI in JP at http://www.surbl.org/lists.html
tflagsJP_URI_RBL net
score JP_URI_RB
On Thursday, January 6, 2005, 7:25:32 AM, Dave Goodrich wrote:
> Of 284673 messages processed, 217538 were spam, 175941 hit at least one
> SURBL rule. So give me 80%. Best single anti-spam tool I've seen yet.
Thanks! :-) 80% sounds about right.
Jeff C.
--
Jeff Chan
mailto:[EMAI
port them to
whitelist at surbl dot org.
Cheers,
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
401 - 500 of 765 matches
Mail list logo
