> You can test with:
>
> header SURBL_MULTI_HDR eval:check_hashbl_emails('multi.surbl.org',
> 'raw/max=10/shuffle/host', 'ALLFROM/Reply-To', '^127\.0\.0\.\d+$')
> priority SURBL_MULTI_HDR -100
> describe SURBL_MULTI_HDR Domain in email headers found in
>
On 2023-02-07 at 05:07:36 UTC-0500 (Tue, 07 Feb 2023 10:07:36 +)
Laurent S. <110ef9e3086d8405c2929e34be5b4...@protonmail.ch>
is rumored to have said:
You could also use check_rbl_headers
THANK YOU!
I had not recalled that feature when I wrote my reply. I'm glad there
are people here
On 2023-02-06 at 12:50:29 UTC-0500 (Mon, 6 Feb 2023 17:50:29 +)
Michael Grant via users
is rumored to have said:
I’m noticing that check_uridnsbl() seems only to check the message
body. Is there some way to make it check the headers as well?
On 06.02.23 16:16, Bill Cole wrote:
No. Which
Hello Michael,
No. Which is fine, because there are usually no URIs in headers, and when
there are, they are likely to be standard List-* headers, which are unlikely
to be useful.
Dont agree with that. We see many usecases for header checks...
We see many spams with a from domain inside
On Mon, Feb 06, 2023 at 04:16:46PM -0500, Bill Cole wrote:
> On 2023-02-06 at 12:50:29 UTC-0500 (Mon, 6 Feb 2023 17:50:29 +)
> Michael Grant via users
> is rumored to have said:
>
> > I’m noticing that check_uridnsbl() seems only to check the message body.
> > Is there some way to make it
On 2023-02-06 at 12:50:29 UTC-0500 (Mon, 6 Feb 2023 17:50:29 +)
Michael Grant via users
is rumored to have said:
I’m noticing that check_uridnsbl() seems only to check the message
body. Is there some way to make it check the headers as well?
No. Which is fine, because there are usually
On 09/03/2015 12:18 PM, Martin Gregorie wrote:
On Thu, 2015-09-03 at 11:15 +0700, Olivier Nicole wrote:
Oh well, I will give a look at URIDNSBL and see whether/how I can
change
it.
Implementing a simple lookup server using a hashtable of a B-tree can
be very good performance, even from a
On Thu, 2015-09-03 at 11:15 +0700, Olivier Nicole wrote:
> Oh well, I will give a look at URIDNSBL and see whether/how I can
> change
> it.
>
Implementing a simple lookup server using a hashtable of a B-tree can
be very good performance, even from a single-threaded local server.
Back in 2000 I
Am 03.09.2015 um 14:06 schrieb Martin Gregorie:
On Thu, 2015-09-03 at 12:28 +0200, Axb wrote:
Please excuse my ignorance
but wouldn't a key:value server like Redis do the trick?
It can't get much faster than that.. ok.. maybe memcached
Yes, I don't see why not: I hadn't considered Redis
On Thu, 2015-09-03 at 12:28 +0200, Axb wrote:
> Please excuse my ignorance
>
> but wouldn't a key:value server like Redis do the trick?
> It can't get much faster than that.. ok.. maybe memcached
>
Yes, I don't see why not: I hadn't considered Redis because I thought
that, like the Berkeley
Am 02.09.2015 um 10:23 schrieb Axb:
On 09/02/15 09:51, Olivier Nicole wrote:
Hi,
I am looking at malware patrol, but they offer a list of over 300,000
rules, that is way too big.
So I was considering using it in a URIDNSBL type of way, but including
the full URL, not only the host part. It
On 09/02/15 10:44, Reindl Harald wrote:
Am 02.09.2015 um 10:23 schrieb Axb:
On 09/02/15 09:51, Olivier Nicole wrote:
Hi,
I am looking at malware patrol, but they offer a list of over 300,000
rules, that is way too big.
So I was considering using it in a URIDNSBL type of way, but including
On 02-09-15 10:44, Reindl Harald wrote:
>
>
> Am 02.09.2015 um 10:23 schrieb Axb:
>> On 09/02/15 09:51, Olivier Nicole wrote:
>>> Hi,
>>>
>>> I am looking at malware patrol, but they offer a list of over 300,000
>>> rules, that is way too big.
>>>
>>> So I was considering using it in a
Subject: Re: URIDNSBL but with full URL
On 09/02/15 10:44, Reindl Harald wrote:
>
>
> Am 02.09.2015 um 10:23 schrieb Axb:
>> On 09/02/15 09:51, Olivier Nicole wrote:
>>> Hi,
>>>
>>> I am looking at malware patrol, but they offer a list of over 300,000
&g
On 09/02/15 09:51, Olivier Nicole wrote:
Hi,
I am looking at malware patrol, but they offer a list of over 300,000
rules, that is way too big.
So I was considering using it in a URIDNSBL type of way, but including
the full URL, not only the host part. It should be able to accept things
like
On Wed, 2 Sep 2015, Axb wrote:
On 09/02/15 16:12, John Hardin wrote:
On Wed, 2 Sep 2015, Olivier Nicole wrote:
> Malware Patrol (malwarepatrol.net) has a file with over 100,000 rules of
> the form:
>
> body MBL_2931645/files\.oqayiq\.biz\/javasoft\/different\//i
>
> This causes
On 02/09/15 10:10, Sujit Acharyya-choudhury wrote:
It seems from the web site, one can use ClamAV and SaneSecurity to add extra
signatures. Would it not be more efficient?
http://sanesecurity.com/usage/signatures/
Second!
--
Paul Stead
Systems Engineer
Zen Internet
Martin Gregorie writes:
> On Wed, 2015-09-02 at 14:12 +0200, Axb wrote:
>
>> afaik, there is no code freely available to [recode the Malware
>> Patrol rules], on server or client side.
>>
> ...the translation is easy to do with a simple awk script. Something
> like this:
>
On Wed, 2015-09-02 at 14:12 +0200, Axb wrote:
> afaik, there is no code freely available to [recode the Malware
> Patrol rules], on server or client side.
>
...the translation is easy to do with a simple awk script. Something
like this:
#!/bin/bash
awk '
/body/ { url = substr($3,2);
On 09/02/15 15:48, Martin Gregorie wrote:
On Wed, 2015-09-02 at 14:12 +0200, Axb wrote:
afaik, there is no code freely available to [recode the Malware
Patrol rules], on server or client side.
...the translation is easy to do with a simple awk script. Something
like this:
#!/bin/bash
awk '
Axb writes:
> On 09/02/15 09:51, Olivier Nicole wrote:
>> Hi,
>>
>> I am looking at malware patrol, but they offer a list of over 300,000
>> rules, that is way too big.
>>
>> So I was considering using it in a URIDNSBL type of way, but including
>> the full URL, not only the
On 09/02/15 11:21, Olivier Nicole wrote:
Axb writes:
On 09/02/15 09:51, Olivier Nicole wrote:
Hi,
I am looking at malware patrol, but they offer a list of over 300,000
rules, that is way too big.
So I was considering using it in a URIDNSBL type of way, but including
On Wed, 2 Sep 2015, Olivier Nicole wrote:
Malware Patrol (malwarepatrol.net) has a file with over 100,000 rules of
the form:
body MBL_2931645/files\.oqayiq\.biz\/javasoft\/different\//i
This causes spamassassin --lint to never terminate (well, I killed it
afetr one hour).
I
On 09/02/15 16:12, John Hardin wrote:
On Wed, 2 Sep 2015, Olivier Nicole wrote:
Malware Patrol (malwarepatrol.net) has a file with over 100,000 rules of
the form:
body MBL_2931645/files\.oqayiq\.biz\/javasoft\/different\//i
This causes spamassassin --lint to never terminate (well, I
On 7/26/2014 11:54 AM, Noel Butler wrote:
On 26/07/2014 03:26, Kevin A. McGrail wrote:
On 7/24/2014 9:42 PM, Noel Butler wrote:
Hi, Is there a way to get the return code in the generated reports?
eg: uridnssub ALT_URI bl.foo A 127.0.0.2-127.0.0.11 body ALT_URI
eval:check_uridnsbl('ALT_URI')
IOn 30/07/2014 00:30, Kevin A. McGrail wrote:
Nothing currently in the code Looks like you would have to modify URIDNSBL.pm
to add that info in the sub got_dnsbl_hit to add to the test_log data
From looking, $str contains the return data so likely need to look through
$uris and add
On 26/07/2014 03:26, Kevin A. McGrail wrote:
On 7/24/2014 9:42 PM, Noel Butler wrote:
Hi, Is there a way to get the return code in the generated reports? eg:
uridnssub ALT_URI bl.foo A 127.0.0.2-127.0.0.11 body ALT_URI
eval:check_uridnsbl('ALT_URI') describe ALT_URI URL's domain A
On 7/24/2014 9:42 PM, Noel Butler wrote:
Hi,
Is there a way to get the return code in the generated reports?
eg:
uridnssub ALT_URI bl.foo A 127.0.0.2-127.0.0.11
body ALT_URI eval:check_uridnsbl('ALT_URI')
describe ALT_URI URL's domain A record listed in bl.foo ($RETRUN_CODE)
score
On 07/25/2014 07:26 PM, Kevin A. McGrail wrote:
On 7/24/2014 9:42 PM, Noel Butler wrote:
Hi,
Is there a way to get the return code in the generated reports?
eg:
uridnssub ALT_URI bl.foo A 127.0.0.2-127.0.0.11
body ALT_URI eval:check_uridnsbl('ALT_URI')
describe ALT_URI URL's domain A
Hi Kevin,
Thanks, will try this out after lunch and get back to you.
Cheers
Noel
On 26/07/2014 03:26, Kevin A. McGrail wrote:
On 7/24/2014 9:42 PM, Noel Butler wrote:
Hi, Is there a way to get the return code in the generated reports? eg:
uridnssub ALT_URI bl.foo A
On 26/07/2014 03:32, Axb wrote:
On 07/25/2014 07:26 PM, Kevin A. McGrail wrote:
On 7/24/2014 9:42 PM, Noel Butler wrote: Hi, Is there a way to get the return
code in the generated reports? eg: uridnssub ALT_URI bl.foo A
127.0.0.2-127.0.0.11 body ALT_URI eval:check_uridnsbl('ALT_URI')
On Sat, 2014-07-26 at 11:12 +1000, Noel Butler wrote:
On 26/07/2014 03:32, Axb wrote:
what's the advantage of such a response method?
The idea of separate return codes is to use different rules/scores and
different rule descriptions which describe the type of listing
As you see, we
On Friday 09 August 2013 01:13:38 Benny Pedersen wrote:
seen idn spamming urls here that is not tested in uridnsbl, have
spamassassin 3.4.0 not idn support yet ?
is it just missing tld defines for idn domains ?
should it be filled a bug ?
There is currently (3.4.0) no specific IDN support
Mark Martinec skrev den 2013-08-09 13:49:
There is currently (3.4.0) no specific IDN support yet,
mainly because not much of these have been observed in the wild.
okay, created
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6966
If the domain found in a mail body is encoded in
On Fri, 2013-06-21 at 10:27 +0200, Fabio Sangiovanni wrote:
Hi everybody,
I've configured my MSA (Postfix) so that a copy of submitted mail is
sent (BCC'd) to a postfix/amavisd-new/spamassassin system for
out-of-band antispam analysis.
The MSA is set to write envelope from/rcpt addresses
Il 21/06/13 14:19, Martin Gregorie ha scritto:
Assuming that the copy is sent to a maildir format mailbox you can
periodically run a shell script something this:
for m in maildir/*
do
spamc $m | rescanned_results_filter
mv $m scanned_dir
done
This could be a second pass through your
On 06/21/2013 03:21 PM, Fabio Sangiovanni wrote:
Il 21/06/13 14:19, Martin Gregorie ha scritto:
Assuming that the copy is sent to a maildir format mailbox you can
periodically run a shell script something this:
for m in maildir/*
do
spamc $m | rescanned_results_filter
mv $m scanned_dir
On Fri, 2013-06-21 at 15:21 +0200, Fabio Sangiovanni wrote:
I normally already scan the BCCed message *only*. The main submission
channel doesn't have an antispam system on its own; instead, an
out-of-band antispam stack (postfix + amavisd-new + spamassassin) is in
place; it receives BCCed
Il 21/06/13 16:27, Axb ha scritto:
This is possible against standard headers.
you can see how it's done in 20_dnsbl_tests.cf DNS_FROM_AHBL_RHSBL
Ok, so I assume there's no way to force checks against custom headers.
Plus, I'm more interested in check against envelope recipients.
Why do you
On 06/21/2013 05:07 PM, Fabio Sangiovanni wrote:
Il 21/06/13 16:27, Axb ha scritto:
This is possible against standard headers.
you can see how it's done in 20_dnsbl_tests.cf DNS_FROM_AHBL_RHSBL
Ok, so I assume there's no way to force checks against custom headers.
Plus, I'm more interested in
Il 21/06/13 16:49, Martin Gregorie ha scritto:
On Fri, 2013-06-21 at 15:21 +0200, Fabio Sangiovanni wrote:
I normally already scan the BCCed message *only*. The main submission
channel doesn't have an antispam system on its own; instead, an
out-of-band antispam stack (postfix + amavisd-new +
Il 21/06/13 17:16, Axb ha scritto:
On 06/21/2013 05:07 PM, Fabio Sangiovanni wrote:
Il 21/06/13 16:27, Axb ha scritto:
This is possible against standard headers.
you can see how it's done in 20_dnsbl_tests.cf DNS_FROM_AHBL_RHSBL
Ok, so I assume there's no way to force checks against custom
On 06/21/2013 05:29 PM, Fabio Sangiovanni wrote:
I'm using amavisd-new to pass messages to SA.
Envelope recipients are in the mail message, as payloads of my custom
X-header. That's why I asked for a way to check headers against URI BLs.
I'm considering filtering out bad recipient domains using
Hi,
thanks to everybody for your answers.
Il giorno 04/gen/2013, alle ore 18:12, Kris Deugau kdeu...@vianet.ca ha
scritto:
Mmmm, the problem the OP was asking about is how do I make sure that
only the specific URIBLs I want are active, no matter what may be added
upstream?.
IIRC this
Alex, from prypiat.
Yes, I recycle.
On 13-01-07 04:18 AM, Fabio Sangiovanni wrote:
Hi,
thanks to everybody for your answers.
Il giorno 04/gen/2013, alle ore 18:12, Kris Deugau kdeu...@vianet.ca ha
scritto:
Mmmm, the problem the OP was asking about is how do I make sure that
only the
Hi there,
Why dont you perform those checks at the pre-data level, within postfix?
It's faster and cuts a lot of treatment for the data analysis.
The way you are doing is the way I would do, but someone on the list might
have a better way.
Alex, from N7.
Hello list,
I'm a relatively new user
Alexandre Boyer wrote:
Hi there,
Why dont you perform those checks at the pre-data level, within postfix?
Because you don't absolutely trust the DNSBL as a one-shot
this-is-spam test, but you want to use its data to influence the
spam/not-spam decision.
-kgd
On 1/4/13 8:38 AM, Kris Deugau kdeu...@vianet.ca wrote:
Alexandre Boyer wrote:
Hi there,
Why dont you perform those checks at the pre-data level, within postfix?
Because you don't absolutely trust the DNSBL as a one-shot
this-is-spam test, but you want to use its data to influence the
Daniel McDonald wrote:
And, uridnsbls look at body text for uris embedded inside the message,
something that postfix doesn't do terribly well (which is why you need to
test these sorts of things after normalizing the text, which SpamAssassin
does very well..)
*nod* Yeah, that too; I've been
I am using the 3.0 line of SpamAssassin and it's being invoked through
amavisd-maia
(Maia Mailguard.) I have a certain domain name that's blocked in several
of the
URIDNSBL lists as fm.interia.pl however my DNSBL checks are only doing
interia.pl
Just as I'm curious, what does SA score that
On 4/23/2009 2:31 PM, Casartello, Thomas wrote:
Hello.
I am using the 3.0 line of SpamAssassin and it's being invoked through
amavisd-maia (Maia Mailguard.) I have a certain domain name that's blocked
in several of the URIDNSBL lists as fm.interia.pl however my DNSBL checks
are only doing
, 2009 8:40 AM
To: 'users@spamassassin.apache.org'
Subject: Re: URIDNSBL
On 4/23/2009 2:31 PM, Casartello, Thomas wrote:
Hello.
I am using the 3.0 line of SpamAssassin and it's being invoked through
amavisd-maia (Maia Mailguard.) I have a certain domain name that's blocked
in several
On Thu, 2009-04-23 at 14:40 +0200, Yet Another Ninja wrote:
On 4/23/2009 2:31 PM, Casartello, Thomas wrote:
Hello.
I am using the 3.0 line of SpamAssassin and it's being invoked through
amavisd-maia (Maia Mailguard.) I have a certain domain name that's blocked
in several of the
Casartello, Thomas wrote:
Hello.
I am using the 3.0 line of SpamAssassin and it’s being invoked through
amavisd-maia (Maia Mailguard.) I have a certain domain name that’s
blocked in several of the URIDNSBL lists as “fm.interia.pl” however my
DNSBL checks are only doing interia.pl . My OS is
On 4/23/2009 2:57 PM, McDonald, Dan wrote:
On Thu, 2009-04-23 at 14:40 +0200, Yet Another Ninja wrote:
On 4/23/2009 2:31 PM, Casartello, Thomas wrote:
Hello.
I am using the 3.0 line of SpamAssassin and it's being invoked through
amavisd-maia (Maia Mailguard.) I have a certain domain name
[mailto:sa-l...@alexb.ch]
Sent: Thursday, April 23, 2009 9:09 AM
To: users@spamassassin.apache.org
Subject: Re: URIDNSBL
On 4/23/2009 2:57 PM, McDonald, Dan wrote:
On Thu, 2009-04-23 at 14:40 +0200, Yet Another Ninja wrote:
On 4/23/2009 2:31 PM, Casartello, Thomas wrote:
Hello.
I am using
Matt Kettler wrote:
Casartello, Thomas wrote:
Hello.
I am using the 3.0 line of SpamAssassin and it’s being invoked through
amavisd-maia (Maia Mailguard.) I have a certain domain name that’s
blocked in several of the URIDNSBL lists as “fm.interia.pl” however my
DNSBL checks are only
David Birnbaum wrote:
I've tracked this down to the behavior of
Mail::SpamAssassin::Message::Node::rendered, which seems to be
rendering out the URIs which should be hitting! The messages tend to
have two parts - a text/plain and a text/html. The text/plain doesn't
have any URLs which might
David Birnbaum wrote:
Greetings,
I've experienced a pretty significant upswing in spam over the last few
weeks, and I finally had a chance to track it down. Although not
responsible for 100% of the increase, I found that the URIDNSBL isn't
getting all of the URLs it should be.
I've
On 06/04/2008, Matt Kettler [EMAIL PROTECTED] wrote:
Juan Miscaro wrote:
Hi, I recently activated URIDNSBL and my scores went through the roof.
I'm a little worried about it.
So first, is this method a recommended in the SA community?
Given that it is on by default in all
Juan Miscaro wrote:
Do you use spamd? did you restart it? (spamd only reads .cf and .pre files
on startup)
I use SA in conjunction with amavisd-new. So there answer to your
question is, I'm not sure. :)
Amavis (Well, amavisd-new) caches it's own Mail::SpamAssassin instance,
so in
Juan Miscaro wrote:
Hi, I recently activated URIDNSBL and my scores went through the roof.
I'm a little worried about it.
So first, is this method a recommended in the SA community?
Given that it is on by default in all versions of spamassassin from
3.0.0 onward, calling it recommended
On Sun, 2008-04-06 at 20:00 -0400, Juan Miscaro wrote:
Hi, I recently activated URIDNSBL and my scores went through the roof.
You mean you activated the plugin? What's your SA version? These checks
are enabled by default and actually are quite effective. As you noticed.
And as the plugin doc [1]
Sorry for quoting myself, just elaborating some more...
On Mon, 2008-04-07 at 02:52 +0200, Karsten Bräckelmann wrote:
On Sun, 2008-04-06 at 20:00 -0400, Juan Miscaro wrote:
Hi, I recently activated URIDNSBL and my scores went through the roof.
You mean you activated the plugin? What's your
On Mon, 2008-04-07 at 03:09 +0200, Karsten Bräckelmann wrote:
Sorry for quoting myself, just elaborating some more...
(c) Coming up with a new rule, that triggers on 30%+ of my low scoring
spam (aka 10). ;)
Eep -- I did mean to say 15 there. It's been a long day...
guenther
--
char
Hi all,
as I stated in my previous message, I have a problem with certain messages
not getting any URIDNSBL-hits, despite containing listed URL:s. The most
interesting part is that an older (SA 3.2.0) box seems to catch them
perfectly,
when the newer (first 3.2.3, now 3.2.4) don't seem to find
On Thu, Feb 07, 2008 at 12:42:06PM -0500, [EMAIL PROTECTED] wrote:
Does anyone know where this plugin has the DNS servers set so you can
change them?
The plugin doesn't set DNS servers. It queries the servers as listed in
resolv.conf, same as everything else.
--
Randomly Selected Tagline:
On Saturday, September 2, 2006, 8:43:21 PM, Chris Chris wrote:
On Saturday 02 September 2006 8:46 am, SM wrote:
At 20:22 01-09-2006, Chris wrote:
I've been testing OpenDNS tonight vice using Earthlinks DNS nameservers.
Looking at my hourly syslog snip, about half way through my NANAS run I
On Friday, September 1, 2006, 8:22:42 PM, Chris Chris wrote:
I've been testing OpenDNS tonight vice using Earthlinks DNS nameservers.
Looking at my hourly syslog snip, about half way through my NANAS run I
noticed the below entries. First of all, what are these entries telling
me?
At 20:22 01-09-2006, Chris wrote:
I've been testing OpenDNS tonight vice using Earthlinks DNS nameservers.
Looking at my hourly syslog snip, about half way through my NANAS run I
noticed the below entries. First of all, what are these entries telling
[snip]
Sep 1 21:51:25 localhost
On Saturday 02 September 2006 8:46 am, SM wrote:
At 20:22 01-09-2006, Chris wrote:
I've been testing OpenDNS tonight vice using Earthlinks DNS nameservers.
Looking at my hourly syslog snip, about half way through my NANAS run I
noticed the below entries. First of all, what are these entries
On Fri, Sep 01, 2006 at 10:22:42PM -0500, Chris wrote:
First of all, what are these entries telling me? Secondly, if this
is an error in the uridnsbl plug-in is it possibly caused by the change
in nameservers?
The error is saying that it's looking for a 127/8 result, but it gets
208.67.219.40
From: Kai Schaetzl [EMAIL PROTECTED]
Reply-To: users@spamassassin.apache.org
X-Rcpt-To: users@spamassassin.apache.org
Christoph Reichenberger wrote on Mon, 5 Jun 2006 18:30:53 +0200:
I already received a couple of spams that got BAYES_99, but got
a total of less than 5. All these mails are
Christoph Reichenberger wrote:
Hi,
it's me once again. After all your help my BAYES is now running fine.
Although I said, I wanted to wait a couple of days, the BAYES is
running so fine now that I could not stand to go further.
I already received a couple of spams that got BAYES_99, but got
On Mon, Jun 05, 2006 at 06:38:51PM +0200, [EMAIL PROTECTED] wrote:
You may want to run a simple debug:
spamassassin -D --lint
and look if URIDNSBL gets used and throws no errors.
btw, spamassassin --lint -D uridnsbl will just output the uridnsbl
stuff. :)
--
Randomly Generated Tagline:
Theo Van Dinter wrote on Mon, 5 Jun 2006 12:42:13 -0400:
btw, spamassassin --lint -D uridnsbl will just output the uridnsbl
stuff. :)
Thanks for the info, Theo!
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
On 05.06.2006, at 18:40, Bowie Bailey wrote:
Christoph Reichenberger wrote:
[...snip...]
Not that I can think of. The next step is to look at the debug output
and see what is breaking.
spamassassin -D dns --lint
This will show you all of the DNS debugging info. If there is a
problem,
and
down.
-Original Message-
From: Jonathan Nichols [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 17, 2005 12:50 AM
To: [EMAIL PROTECTED]
Cc: users@spamassassin.apache.org
Subject: Re: URIDNSBL: found domain geocities.com in skip list
Here is another way to do it as well
Greg Allen a écrit :
Their china, Russia and Korea RBLs are still working for me. I can't tell
you if they work 100% or not but they are on every single Geocities spam,
and I see them on other spams as well... so, I don't know about timeouts on
the RBLs, whether that is truth or fiction. Yes,
Jon Drukman wrote:
I'm getting a lot of spams slipping thru the net lately. They hit
BAYES_99 and nothing else, usually, because they contain almost no
content other than a URL:
Have you tried: http://antispam.imp.ch/rules/asciispam.cf ?
Michele
This was discussed a week or 2 ago.
Here is what I am using per somebody's post
uri GEOCITIES /^http:\/\/uk\.geocities\.com\b/i
describe GEOCITIES GEOCITIES with uk.geocities.com
score GEOCITIES 3.1
Brian
- Original Message -
From: Jon Drukman [EMAIL PROTECTED]
To:
On Tuesday 16 August 2005 03:47 pm, Jon Drukman wrote:
I'm getting a lot of spams slipping thru the net lately. They hit
BAYES_99 and nothing else, usually, because they contain almost no
content other than a URL:
http://uk.geocities.com/Robt_Bright/?M0v=Make.your.day_enjoyable.without
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chr. v. Stuckrad writes:
Not yet, because it seems 'too variable' to be caught by
simple rules. (But who ever would 'click' on such nonsense?)
Isn't that the real mystery? Of course, we don't know if anyone actually
*does*...
- --j.
-BEGIN
On Thursday, July 21, 2005, 7:28:53 PM, Charles Sprickman wrote:
Hello,
I've been watching some of the misses that have passed through
spamassassin (3.0.4) lately and they are pretty clean; no DNS BL hits,
etc.
One thing I did notice is that many of them have a fairly contorted URL
for
On Thu, 21 Jul 2005, Loren Wilton wrote:
Sounds like an surbl problem if spamsite.com isn't listed.
That's just an example I made up... :)
The leading subdomains are supposed to be trimmed off, since they are
usually identifying strings for a given spam target rather than an
actual part of
OK, so that's supposed to happen. Is there any way to have the entire
host checked? I've seen a good volume of junk where the domain is clean,
but if I do a manual lookup on the entire hostname in the spam it is
indeed listed.
I *suspect* what is happening here is that the domain isn't in
...
On Thu, 21 Jul 2005, Loren Wilton wrote:
Sounds like an surbl problem if spamsite.com isn't listed.
That's just an example I made up... :)
...
Bad choice of example: spamsite. com is an actual spamsite.
The domain example.com is reserved for exactly this type of usage
and should
Sounds like an surbl problem if spamsite.com isn't listed. The leading
subdomains are supposed to be trimmed off, since they are usually
identifying strings for a given spam target rather than an actual part of
the target name. There are a few cases where things go to three levels
rather than
On Wed, Jun 29, 2005 at 09:45:15AM -0400, Kern, Tom wrote:
i'm running SA 3.0.4.
How do I use the uridnsbl?
It'll just work if you have Net::DNS and the network tests enabled (default).
Run with -D to see what's going on.
Do i just download it from CPAN?
Download what from CPAN?
I'm
At 09:45 AM 6/29/2005, Kern, Tom wrote:
i'm running SA 3.0.4.
How do I use the uridnsbl?
You should be already
Do i just download it from CPAN?
No need, it comes with SA 3.0.0 and higher.
Do i need to do anything to configure it?
You do need a fairly recent version of Net::DNS, and you
Dallas L. Engelken wrote:
I'm running a more recent snapshot and URI's that are
dotted-decimal
are not being reversed and checked properly against
uridnsbl lists.
For example, a test on '202.99.223.139'.
You mean they ARE being lookup up, right? Not are not?
Yes, sorry. All
-Original Message-
From: Niek [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 07, 2005 10:48 AM
To: users@spamassassin.apache.org
Subject: uridnsbl only spamhaus in 3.0.4 ?
Hi,
I just downgraded from a svn version to 3.0.4
*snip*
And that's it, no surbl.org or uribl.com lookups.
At
On 6/7/2005 5:39 PM +0200, Chris Santerre wrote:
URIBL has not officially requested to be included yet. We are doing some
behind the scenes beef ups. Our front end seems to be ever improving. :)
I know, but that doesn't matter in this case.
The ip listed in multi.surbl.org too, but SA seems
On Tue, Jun 07, 2005 at 06:11:18PM +0200, Niek wrote:
On 6/7/2005 5:39 PM +0200, Chris Santerre wrote:
URIBL has not officially requested to be included yet. We are doing some
behind the scenes beef ups. Our front end seems to be ever improving. :)
I know, but that doesn't matter in this
On 6/7/2005 6:13 PM +0200, Theo Van Dinter wrote:
The debug output specified what happened. The domains were all in the
skip list, and SURBL and such doesn't have IPs looked up. SBL does do
IPs, so it was queried.
debug: uri found: http://pics.ebaystatic.com/aw/pics/x.gif
debug: uri found:
It wants to query the domain: 212.203.31.2 It does so here:
debug: URIDNSBL: query for 212.203.31.2 took 1 seconds to
look up (sbl.spamhaus.org.:2.31.203.212)
debug: URIDNSBL: queries completed: 1 started: 0
debug: URIDNSBL: queries active: at Tue Jun 7 18:10:32 2005
So, why is
Dallas L. Engelken wrote:
I'm running a more recent snapshot and URI's that are dotted-decimal are
not being reversed and checked properly against uridnsbl lists. For
example, a test on '202.99.223.139'.
You mean they ARE being lookup up, right? Not are not?
Daryl
OK, I uninstalled SA 3.0.0 and did a clean install of 3.0.3, downloaded new
SARE rules and tried again. I am still not getting any URI results. Can any one
explain what happens in the
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x2982e68) implements
'check_post_dnsbl'
section
OK, I uninstalled SA 3.0.0 and did a clean install of 3.0.3, downloaded new
SARE rules and tried again. I am still not getting any URI results. Can any one
explain what happens in the
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x2982e68) implements
'check_post_dnsbl'
section
OK, I uninstalled SA 3.0.0 and did a clean install of 3.0.3, downloaded new
SARE rules and tried again. I am still not getting any URI results. Can any one
explain what happens in the
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x2982e68) implements
'check_post_dnsbl'
section
1 - 100 of 122 matches
Mail list logo