Re: URIDNSBL full message checking

> You can test with: > > header SURBL_MULTI_HDR eval:check_hashbl_emails('multi.surbl.org', > 'raw/max=10/shuffle/host', 'ALLFROM/Reply-To', '^127\.0\.0\.\d+$') > priority SURBL_MULTI_HDR -100 > describe SURBL_MULTI_HDR Domain in email headers found in >

Re: URIDNSBL full message checking

On 2023-02-07 at 05:07:36 UTC-0500 (Tue, 07 Feb 2023 10:07:36 +) Laurent S. <110ef9e3086d8405c2929e34be5b4...@protonmail.ch> is rumored to have said: You could also use check_rbl_headers THANK YOU! I had not recalled that feature when I wrote my reply. I'm glad there are people here

Re: URIDNSBL full message checking

On 2023-02-06 at 12:50:29 UTC-0500 (Mon, 6 Feb 2023 17:50:29 +) Michael Grant via users is rumored to have said: I’m noticing that check_uridnsbl() seems only to check the message body. Is there some way to make it check the headers as well? On 06.02.23 16:16, Bill Cole wrote: No. Which

Re: URIDNSBL full message checking

Hello Michael, No. Which is fine, because there are usually no URIs in headers, and when there are, they are likely to be standard List-* headers, which are unlikely to be useful. Dont agree with that. We see many usecases for header checks... We see many spams with a from domain inside

Re: URIDNSBL full message checking

On Mon, Feb 06, 2023 at 04:16:46PM -0500, Bill Cole wrote: > On 2023-02-06 at 12:50:29 UTC-0500 (Mon, 6 Feb 2023 17:50:29 +) > Michael Grant via users > is rumored to have said: > > > I’m noticing that check_uridnsbl() seems only to check the message body. > > Is there some way to make it

Re: URIDNSBL full message checking

On 2023-02-06 at 12:50:29 UTC-0500 (Mon, 6 Feb 2023 17:50:29 +) Michael Grant via users is rumored to have said: I’m noticing that check_uridnsbl() seems only to check the message body. Is there some way to make it check the headers as well? No. Which is fine, because there are usually

Re: URIDNSBL but with full URL

On 09/03/2015 12:18 PM, Martin Gregorie wrote: On Thu, 2015-09-03 at 11:15 +0700, Olivier Nicole wrote: Oh well, I will give a look at URIDNSBL and see whether/how I can change it. Implementing a simple lookup server using a hashtable of a B-tree can be very good performance, even from a

Re: URIDNSBL but with full URL

On Thu, 2015-09-03 at 11:15 +0700, Olivier Nicole wrote: > Oh well, I will give a look at URIDNSBL and see whether/how I can > change > it. > Implementing a simple lookup server using a hashtable of a B-tree can be very good performance, even from a single-threaded local server. Back in 2000 I

Re: URIDNSBL but with full URL

Am 03.09.2015 um 14:06 schrieb Martin Gregorie: On Thu, 2015-09-03 at 12:28 +0200, Axb wrote: Please excuse my ignorance but wouldn't a key:value server like Redis do the trick? It can't get much faster than that.. ok.. maybe memcached Yes, I don't see why not: I hadn't considered Redis

Re: URIDNSBL but with full URL

On Thu, 2015-09-03 at 12:28 +0200, Axb wrote: > Please excuse my ignorance > > but wouldn't a key:value server like Redis do the trick? > It can't get much faster than that.. ok.. maybe memcached > Yes, I don't see why not: I hadn't considered Redis because I thought that, like the Berkeley

Re: URIDNSBL but with full URL

Am 02.09.2015 um 10:23 schrieb Axb: On 09/02/15 09:51, Olivier Nicole wrote: Hi, I am looking at malware patrol, but they offer a list of over 300,000 rules, that is way too big. So I was considering using it in a URIDNSBL type of way, but including the full URL, not only the host part. It

Re: URIDNSBL but with full URL

On 09/02/15 10:44, Reindl Harald wrote: Am 02.09.2015 um 10:23 schrieb Axb: On 09/02/15 09:51, Olivier Nicole wrote: Hi, I am looking at malware patrol, but they offer a list of over 300,000 rules, that is way too big. So I was considering using it in a URIDNSBL type of way, but including

Re: URIDNSBL but with full URL

On 02-09-15 10:44, Reindl Harald wrote: > > > Am 02.09.2015 um 10:23 schrieb Axb: >> On 09/02/15 09:51, Olivier Nicole wrote: >>> Hi, >>> >>> I am looking at malware patrol, but they offer a list of over 300,000 >>> rules, that is way too big. >>> >>> So I was considering using it in a

RE: URIDNSBL but with full URL

Subject: Re: URIDNSBL but with full URL On 09/02/15 10:44, Reindl Harald wrote: > > > Am 02.09.2015 um 10:23 schrieb Axb: >> On 09/02/15 09:51, Olivier Nicole wrote: >>> Hi, >>> >>> I am looking at malware patrol, but they offer a list of over 300,000 &g

Re: URIDNSBL but with full URL

On 09/02/15 09:51, Olivier Nicole wrote: Hi, I am looking at malware patrol, but they offer a list of over 300,000 rules, that is way too big. So I was considering using it in a URIDNSBL type of way, but including the full URL, not only the host part. It should be able to accept things like

Re: URIDNSBL but with full URL

On Wed, 2 Sep 2015, Axb wrote: On 09/02/15 16:12, John Hardin wrote: On Wed, 2 Sep 2015, Olivier Nicole wrote: > Malware Patrol (malwarepatrol.net) has a file with over 100,000 rules of > the form: > > body MBL_2931645/files\.oqayiq\.biz\/javasoft\/different\//i > > This causes

Re: URIDNSBL but with full URL

On 02/09/15 10:10, Sujit Acharyya-choudhury wrote: It seems from the web site, one can use ClamAV and SaneSecurity to add extra signatures. Would it not be more efficient? http://sanesecurity.com/usage/signatures/ Second! -- Paul Stead Systems Engineer Zen Internet

Re: URIDNSBL but with full URL

Martin Gregorie writes: > On Wed, 2015-09-02 at 14:12 +0200, Axb wrote: > >> afaik, there is no code freely available to [recode the Malware >> Patrol rules], on server or client side. >> > ...the translation is easy to do with a simple awk script. Something > like this: >

Re: URIDNSBL but with full URL

On Wed, 2015-09-02 at 14:12 +0200, Axb wrote: > afaik, there is no code freely available to [recode the Malware > Patrol rules], on server or client side. > ...the translation is easy to do with a simple awk script. Something like this: #!/bin/bash awk ' /body/ { url = substr($3,2);

Re: URIDNSBL but with full URL

On 09/02/15 15:48, Martin Gregorie wrote: On Wed, 2015-09-02 at 14:12 +0200, Axb wrote: afaik, there is no code freely available to [recode the Malware Patrol rules], on server or client side. ...the translation is easy to do with a simple awk script. Something like this: #!/bin/bash awk '

Re: URIDNSBL but with full URL

Axb writes: > On 09/02/15 09:51, Olivier Nicole wrote: >> Hi, >> >> I am looking at malware patrol, but they offer a list of over 300,000 >> rules, that is way too big. >> >> So I was considering using it in a URIDNSBL type of way, but including >> the full URL, not only the

Re: URIDNSBL but with full URL

On 09/02/15 11:21, Olivier Nicole wrote: Axb writes: On 09/02/15 09:51, Olivier Nicole wrote: Hi, I am looking at malware patrol, but they offer a list of over 300,000 rules, that is way too big. So I was considering using it in a URIDNSBL type of way, but including

Re: URIDNSBL but with full URL

On Wed, 2 Sep 2015, Olivier Nicole wrote: Malware Patrol (malwarepatrol.net) has a file with over 100,000 rules of the form: body MBL_2931645/files\.oqayiq\.biz\/javasoft\/different\//i This causes spamassassin --lint to never terminate (well, I killed it afetr one hour). I

Re: URIDNSBL but with full URL

On 09/02/15 16:12, John Hardin wrote: On Wed, 2 Sep 2015, Olivier Nicole wrote: Malware Patrol (malwarepatrol.net) has a file with over 100,000 rules of the form: body MBL_2931645/files\.oqayiq\.biz\/javasoft\/different\//i This causes spamassassin --lint to never terminate (well, I

Re: URIDNSBL check return code

On 7/26/2014 11:54 AM, Noel Butler wrote: On 26/07/2014 03:26, Kevin A. McGrail wrote: On 7/24/2014 9:42 PM, Noel Butler wrote: Hi, Is there a way to get the return code in the generated reports? eg: uridnssub ALT_URI bl.foo A 127.0.0.2-127.0.0.11 body ALT_URI eval:check_uridnsbl('ALT_URI')

Re: URIDNSBL check return code

IOn 30/07/2014 00:30, Kevin A. McGrail wrote: Nothing currently in the code Looks like you would have to modify URIDNSBL.pm to add that info in the sub got_dnsbl_hit to add to the test_log data From looking, $str contains the return data so likely need to look through $uris and add

Re: URIDNSBL check return code

On 26/07/2014 03:26, Kevin A. McGrail wrote: On 7/24/2014 9:42 PM, Noel Butler wrote: Hi, Is there a way to get the return code in the generated reports? eg: uridnssub ALT_URI bl.foo A 127.0.0.2-127.0.0.11 body ALT_URI eval:check_uridnsbl('ALT_URI') describe ALT_URI URL's domain A

Re: URIDNSBL check return code

On 7/24/2014 9:42 PM, Noel Butler wrote: Hi, Is there a way to get the return code in the generated reports? eg: uridnssub ALT_URI bl.foo A 127.0.0.2-127.0.0.11 body ALT_URI eval:check_uridnsbl('ALT_URI') describe ALT_URI URL's domain A record listed in bl.foo ($RETRUN_CODE) score

Re: URIDNSBL check return code

On 07/25/2014 07:26 PM, Kevin A. McGrail wrote: On 7/24/2014 9:42 PM, Noel Butler wrote: Hi, Is there a way to get the return code in the generated reports? eg: uridnssub ALT_URI bl.foo A 127.0.0.2-127.0.0.11 body ALT_URI eval:check_uridnsbl('ALT_URI') describe ALT_URI URL's domain A

Re: URIDNSBL check return code

Hi Kevin, Thanks, will try this out after lunch and get back to you. Cheers Noel On 26/07/2014 03:26, Kevin A. McGrail wrote: On 7/24/2014 9:42 PM, Noel Butler wrote: Hi, Is there a way to get the return code in the generated reports? eg: uridnssub ALT_URI bl.foo A

Re: URIDNSBL check return code

On 26/07/2014 03:32, Axb wrote: On 07/25/2014 07:26 PM, Kevin A. McGrail wrote: On 7/24/2014 9:42 PM, Noel Butler wrote: Hi, Is there a way to get the return code in the generated reports? eg: uridnssub ALT_URI bl.foo A 127.0.0.2-127.0.0.11 body ALT_URI eval:check_uridnsbl('ALT_URI')

Re: URIDNSBL check return code

On Sat, 2014-07-26 at 11:12 +1000, Noel Butler wrote: On 26/07/2014 03:32, Axb wrote: what's the advantage of such a response method? The idea of separate return codes is to use different rules/scores and different rule descriptions which describe the type of listing As you see, we

Re: uridnsbl does not work with idn domains

On Friday 09 August 2013 01:13:38 Benny Pedersen wrote: seen idn spamming urls here that is not tested in uridnsbl, have spamassassin 3.4.0 not idn support yet ? is it just missing tld defines for idn domains ? should it be filled a bug ? There is currently (3.4.0) no specific IDN support

Re: uridnsbl does not work with idn domains

Mark Martinec skrev den 2013-08-09 13:49: There is currently (3.4.0) no specific IDN support yet, mainly because not much of these have been observed in the wild. okay, created https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6966 If the domain found in a mail body is encoded in

Re: uridnsbl checks on domains in headers

On Fri, 2013-06-21 at 10:27 +0200, Fabio Sangiovanni wrote: Hi everybody, I've configured my MSA (Postfix) so that a copy of submitted mail is sent (BCC'd) to a postfix/amavisd-new/spamassassin system for out-of-band antispam analysis. The MSA is set to write envelope from/rcpt addresses

Re: uridnsbl checks on domains in headers

Il 21/06/13 14:19, Martin Gregorie ha scritto: Assuming that the copy is sent to a maildir format mailbox you can periodically run a shell script something this: for m in maildir/* do spamc $m | rescanned_results_filter mv $m scanned_dir done This could be a second pass through your

Re: uridnsbl checks on domains in headers

On 06/21/2013 03:21 PM, Fabio Sangiovanni wrote: Il 21/06/13 14:19, Martin Gregorie ha scritto: Assuming that the copy is sent to a maildir format mailbox you can periodically run a shell script something this: for m in maildir/* do spamc $m | rescanned_results_filter mv $m scanned_dir

Re: uridnsbl checks on domains in headers

On Fri, 2013-06-21 at 15:21 +0200, Fabio Sangiovanni wrote: I normally already scan the BCCed message *only*. The main submission channel doesn't have an antispam system on its own; instead, an out-of-band antispam stack (postfix + amavisd-new + spamassassin) is in place; it receives BCCed

Re: uridnsbl checks on domains in headers

Il 21/06/13 16:27, Axb ha scritto: This is possible against standard headers. you can see how it's done in 20_dnsbl_tests.cf DNS_FROM_AHBL_RHSBL Ok, so I assume there's no way to force checks against custom headers. Plus, I'm more interested in check against envelope recipients. Why do you

Re: uridnsbl checks on domains in headers

On 06/21/2013 05:07 PM, Fabio Sangiovanni wrote: Il 21/06/13 16:27, Axb ha scritto: This is possible against standard headers. you can see how it's done in 20_dnsbl_tests.cf DNS_FROM_AHBL_RHSBL Ok, so I assume there's no way to force checks against custom headers. Plus, I'm more interested in

Re: uridnsbl checks on domains in headers

Il 21/06/13 16:49, Martin Gregorie ha scritto: On Fri, 2013-06-21 at 15:21 +0200, Fabio Sangiovanni wrote: I normally already scan the BCCed message *only*. The main submission channel doesn't have an antispam system on its own; instead, an out-of-band antispam stack (postfix + amavisd-new +

Re: uridnsbl checks on domains in headers

Il 21/06/13 17:16, Axb ha scritto: On 06/21/2013 05:07 PM, Fabio Sangiovanni wrote: Il 21/06/13 16:27, Axb ha scritto: This is possible against standard headers. you can see how it's done in 20_dnsbl_tests.cf DNS_FROM_AHBL_RHSBL Ok, so I assume there's no way to force checks against custom

Re: uridnsbl checks on domains in headers

On 06/21/2013 05:29 PM, Fabio Sangiovanni wrote: I'm using amavisd-new to pass messages to SA. Envelope recipients are in the mail message, as payloads of my custom X-header. That's why I asked for a way to check headers against URI BLs. I'm considering filtering out bad recipient domains using

Re: URIDNSBL: how to query certain lists only?

Hi, thanks to everybody for your answers. Il giorno 04/gen/2013, alle ore 18:12, Kris Deugau kdeu...@vianet.ca ha scritto: Mmmm, the problem the OP was asking about is how do I make sure that only the specific URIBLs I want are active, no matter what may be added upstream?. IIRC this

Re: URIDNSBL: how to query certain lists only?

Alex, from prypiat. Yes, I recycle. On 13-01-07 04:18 AM, Fabio Sangiovanni wrote: Hi, thanks to everybody for your answers. Il giorno 04/gen/2013, alle ore 18:12, Kris Deugau kdeu...@vianet.ca ha scritto: Mmmm, the problem the OP was asking about is how do I make sure that only the

Re: URIDNSBL: how to query certain lists only?

Hi there, Why dont you perform those checks at the pre-data level, within postfix? It's faster and cuts a lot of treatment for the data analysis. The way you are doing is the way I would do, but someone on the list might have a better way. Alex, from N7. Hello list, I'm a relatively new user

Re: URIDNSBL: how to query certain lists only?

Alexandre Boyer wrote: Hi there, Why dont you perform those checks at the pre-data level, within postfix? Because you don't absolutely trust the DNSBL as a one-shot this-is-spam test, but you want to use its data to influence the spam/not-spam decision. -kgd

Re: URIDNSBL: how to query certain lists only?

On 1/4/13 8:38 AM, Kris Deugau kdeu...@vianet.ca wrote: Alexandre Boyer wrote: Hi there, Why dont you perform those checks at the pre-data level, within postfix? Because you don't absolutely trust the DNSBL as a one-shot this-is-spam test, but you want to use its data to influence the

Re: URIDNSBL: how to query certain lists only?

Daniel McDonald wrote: And, uridnsbls look at body text for uris embedded inside the message, something that postfix doesn't do terribly well (which is why you need to test these sorts of things after normalizing the text, which SpamAssassin does very well..) *nod* Yeah, that too; I've been

Re: URIDNSBL

I am using the 3.0 line of SpamAssassin and it's being invoked through amavisd-maia (Maia Mailguard.) I have a certain domain name that's blocked in several of the URIDNSBL lists as fm.interia.pl however my DNSBL checks are only doing interia.pl Just as I'm curious, what does SA score that

Re: URIDNSBL

On 4/23/2009 2:31 PM, Casartello, Thomas wrote: Hello. I am using the 3.0 line of SpamAssassin and it's being invoked through amavisd-maia (Maia Mailguard.) I have a certain domain name that's blocked in several of the URIDNSBL lists as fm.interia.pl however my DNSBL checks are only doing

RE: URIDNSBL

, 2009 8:40 AM To: 'users@spamassassin.apache.org' Subject: Re: URIDNSBL On 4/23/2009 2:31 PM, Casartello, Thomas wrote: Hello. I am using the 3.0 line of SpamAssassin and it's being invoked through amavisd-maia (Maia Mailguard.) I have a certain domain name that's blocked in several

Re: URIDNSBL

On Thu, 2009-04-23 at 14:40 +0200, Yet Another Ninja wrote: On 4/23/2009 2:31 PM, Casartello, Thomas wrote: Hello. I am using the 3.0 line of SpamAssassin and it's being invoked through amavisd-maia (Maia Mailguard.) I have a certain domain name that's blocked in several of the

Re: URIDNSBL

Casartello, Thomas wrote: Hello. I am using the 3.0 line of SpamAssassin and it’s being invoked through amavisd-maia (Maia Mailguard.) I have a certain domain name that’s blocked in several of the URIDNSBL lists as “fm.interia.pl” however my DNSBL checks are only doing interia.pl . My OS is

Re: URIDNSBL

On 4/23/2009 2:57 PM, McDonald, Dan wrote: On Thu, 2009-04-23 at 14:40 +0200, Yet Another Ninja wrote: On 4/23/2009 2:31 PM, Casartello, Thomas wrote: Hello. I am using the 3.0 line of SpamAssassin and it's being invoked through amavisd-maia (Maia Mailguard.) I have a certain domain name

RE: URIDNSBL

[mailto:sa-l...@alexb.ch] Sent: Thursday, April 23, 2009 9:09 AM To: users@spamassassin.apache.org Subject: Re: URIDNSBL On 4/23/2009 2:57 PM, McDonald, Dan wrote: On Thu, 2009-04-23 at 14:40 +0200, Yet Another Ninja wrote: On 4/23/2009 2:31 PM, Casartello, Thomas wrote: Hello. I am using

Re: URIDNSBL

Matt Kettler wrote: Casartello, Thomas wrote: Hello. I am using the 3.0 line of SpamAssassin and it’s being invoked through amavisd-maia (Maia Mailguard.) I have a certain domain name that’s blocked in several of the URIDNSBL lists as “fm.interia.pl” however my DNSBL checks are only

Re: URIDNSBL not getting all URLs

David Birnbaum wrote: I've tracked this down to the behavior of Mail::SpamAssassin::Message::Node::rendered, which seems to be rendering out the URIs which should be hitting! The messages tend to have two parts - a text/plain and a text/html. The text/plain doesn't have any URLs which might

Re: URIDNSBL not getting all URLs

David Birnbaum wrote: Greetings, I've experienced a pretty significant upswing in spam over the last few weeks, and I finally had a chance to track it down. Although not responsible for 100% of the increase, I found that the URIDNSBL isn't getting all of the URLs it should be. I've

Re: URIDNSBL recommended?

On 06/04/2008, Matt Kettler [EMAIL PROTECTED] wrote: Juan Miscaro wrote: Hi, I recently activated URIDNSBL and my scores went through the roof. I'm a little worried about it. So first, is this method a recommended in the SA community? Given that it is on by default in all

Re: URIDNSBL recommended?

Juan Miscaro wrote: Do you use spamd? did you restart it? (spamd only reads .cf and .pre files on startup) I use SA in conjunction with amavisd-new. So there answer to your question is, I'm not sure. :) Amavis (Well, amavisd-new) caches it's own Mail::SpamAssassin instance, so in

Re: URIDNSBL recommended?

Juan Miscaro wrote: Hi, I recently activated URIDNSBL and my scores went through the roof. I'm a little worried about it. So first, is this method a recommended in the SA community? Given that it is on by default in all versions of spamassassin from 3.0.0 onward, calling it recommended

Re: URIDNSBL recommended?

On Sun, 2008-04-06 at 20:00 -0400, Juan Miscaro wrote: Hi, I recently activated URIDNSBL and my scores went through the roof. You mean you activated the plugin? What's your SA version? These checks are enabled by default and actually are quite effective. As you noticed. And as the plugin doc [1]

Re: URIDNSBL recommended?

Sorry for quoting myself, just elaborating some more... On Mon, 2008-04-07 at 02:52 +0200, Karsten Bräckelmann wrote: On Sun, 2008-04-06 at 20:00 -0400, Juan Miscaro wrote: Hi, I recently activated URIDNSBL and my scores went through the roof. You mean you activated the plugin? What's your

Re: URIDNSBL recommended?

On Mon, 2008-04-07 at 03:09 +0200, Karsten Bräckelmann wrote: Sorry for quoting myself, just elaborating some more... (c) Coming up with a new rule, that triggers on 30%+ of my low scoring spam (aka 10). ;) Eep -- I did mean to say 15 there. It's been a long day... guenther -- char

Re: uridnsbl: domains to query: empty - more info

Hi all, as I stated in my previous message, I have a problem with certain messages not getting any URIDNSBL-hits, despite containing listed URL:s. The most interesting part is that an older (SA 3.2.0) box seems to catch them perfectly, when the newer (first 3.2.3, now 3.2.4) don't seem to find

Re: URIDNSBL Question

On Thu, Feb 07, 2008 at 12:42:06PM -0500, [EMAIL PROTECTED] wrote: Does anyone know where this plugin has the DNS servers set so you can change them? The plugin doesn't set DNS servers. It queries the servers as listed in resolv.conf, same as everything else. -- Randomly Selected Tagline:

Re: uridnsbl error, info what?

On Saturday, September 2, 2006, 8:43:21 PM, Chris Chris wrote: On Saturday 02 September 2006 8:46 am, SM wrote: At 20:22 01-09-2006, Chris wrote: I've been testing OpenDNS tonight vice using Earthlinks DNS nameservers. Looking at my hourly syslog snip, about half way through my NANAS run I

Re: uridnsbl error, info what?

On Friday, September 1, 2006, 8:22:42 PM, Chris Chris wrote: I've been testing OpenDNS tonight vice using Earthlinks DNS nameservers. Looking at my hourly syslog snip, about half way through my NANAS run I noticed the below entries. First of all, what are these entries telling me?

Re: uridnsbl error, info what?

At 20:22 01-09-2006, Chris wrote: I've been testing OpenDNS tonight vice using Earthlinks DNS nameservers. Looking at my hourly syslog snip, about half way through my NANAS run I noticed the below entries. First of all, what are these entries telling [snip] Sep 1 21:51:25 localhost

Re: uridnsbl error, info what?

On Saturday 02 September 2006 8:46 am, SM wrote: At 20:22 01-09-2006, Chris wrote: I've been testing OpenDNS tonight vice using Earthlinks DNS nameservers. Looking at my hourly syslog snip, about half way through my NANAS run I noticed the below entries. First of all, what are these entries

Re: uridnsbl error, info what?

On Fri, Sep 01, 2006 at 10:22:42PM -0500, Chris wrote: First of all, what are these entries telling me? Secondly, if this is an error in the uridnsbl plug-in is it possibly caused by the change in nameservers? The error is saying that it's looking for a 127/8 result, but it gets 208.67.219.40

Re: URIDNSBL does not work

From: Kai Schaetzl [EMAIL PROTECTED] Reply-To: users@spamassassin.apache.org X-Rcpt-To: users@spamassassin.apache.org Christoph Reichenberger wrote on Mon, 5 Jun 2006 18:30:53 +0200: I already received a couple of spams that got BAYES_99, but got a total of less than 5. All these mails are

RE: URIDNSBL does not work

Christoph Reichenberger wrote: Hi, it's me once again. After all your help my BAYES is now running fine. Although I said, I wanted to wait a couple of days, the BAYES is running so fine now that I could not stand to go further. I already received a couple of spams that got BAYES_99, but got

Re: URIDNSBL does not work

On Mon, Jun 05, 2006 at 06:38:51PM +0200, [EMAIL PROTECTED] wrote: You may want to run a simple debug: spamassassin -D --lint and look if URIDNSBL gets used and throws no errors. btw, spamassassin --lint -D uridnsbl will just output the uridnsbl stuff. :) -- Randomly Generated Tagline:

Re: URIDNSBL does not work

Theo Van Dinter wrote on Mon, 5 Jun 2006 12:42:13 -0400: btw, spamassassin --lint -D uridnsbl will just output the uridnsbl stuff. :) Thanks for the info, Theo! Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com

Re: URIDNSBL does not work

On 05.06.2006, at 18:40, Bowie Bailey wrote: Christoph Reichenberger wrote: [...snip...] Not that I can think of. The next step is to look at the debug output and see what is breaking. spamassassin -D dns --lint This will show you all of the DNS debugging info. If there is a problem,

RE: URIDNSBL: found domain geocities.com in skip list

and down. -Original Message- From: Jonathan Nichols [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 12:50 AM To: [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Subject: Re: URIDNSBL: found domain geocities.com in skip list Here is another way to do it as well

Re: URIDNSBL: found domain geocities.com in skip list

Greg Allen a écrit : Their china, Russia and Korea RBLs are still working for me. I can't tell you if they work 100% or not but they are on every single Geocities spam, and I see them on other spams as well... so, I don't know about timeouts on the RBLs, whether that is truth or fiction. Yes,

Re: URIDNSBL: found domain geocities.com in skip list

Jon Drukman wrote: I'm getting a lot of spams slipping thru the net lately. They hit BAYES_99 and nothing else, usually, because they contain almost no content other than a URL: Have you tried: http://antispam.imp.ch/rules/asciispam.cf ? Michele

Re: URIDNSBL: found domain geocities.com in skip list

This was discussed a week or 2 ago. Here is what I am using per somebody's post uri GEOCITIES /^http:\/\/uk\.geocities\.com\b/i describe GEOCITIES GEOCITIES with uk.geocities.com score GEOCITIES 3.1 Brian - Original Message - From: Jon Drukman [EMAIL PROTECTED] To:

Re: URIDNSBL: found domain geocities.com in skip list

On Tuesday 16 August 2005 03:47 pm, Jon Drukman wrote: I'm getting a lot of spams slipping thru the net lately. They hit BAYES_99 and nothing else, usually, because they contain almost no content other than a URL: http://uk.geocities.com/Robt_Bright/?M0v=Make.your.day_enjoyable.without

Re: URIDNSBL: found domain geocities.com in skip list

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chr. v. Stuckrad writes: Not yet, because it seems 'too variable' to be caught by simple rules. (But who ever would 'click' on such nonsense?) Isn't that the real mystery? Of course, we don't know if anyone actually *does*... - --j. -BEGIN

Re: URIDNSBL and subdomains

On Thursday, July 21, 2005, 7:28:53 PM, Charles Sprickman wrote: Hello, I've been watching some of the misses that have passed through spamassassin (3.0.4) lately and they are pretty clean; no DNS BL hits, etc. One thing I did notice is that many of them have a fairly contorted URL for

Re: URIDNSBL and subdomains

On Thu, 21 Jul 2005, Loren Wilton wrote: Sounds like an surbl problem if spamsite.com isn't listed. That's just an example I made up... :) The leading subdomains are supposed to be trimmed off, since they are usually identifying strings for a given spam target rather than an actual part of

Re: URIDNSBL and subdomains

OK, so that's supposed to happen. Is there any way to have the entire host checked? I've seen a good volume of junk where the domain is clean, but if I do a manual lookup on the entire hostname in the spam it is indeed listed. I *suspect* what is happening here is that the domain isn't in

Re: URIDNSBL and subdomains

... On Thu, 21 Jul 2005, Loren Wilton wrote: Sounds like an surbl problem if spamsite.com isn't listed. That's just an example I made up... :) ... Bad choice of example: spamsite. com is an actual spamsite. The domain example.com is reserved for exactly this type of usage and should

Re: URIDNSBL and subdomains

Sounds like an surbl problem if spamsite.com isn't listed. The leading subdomains are supposed to be trimmed off, since they are usually identifying strings for a given spam target rather than an actual part of the target name. There are a few cases where things go to three levels rather than

Re: uridnsbl

On Wed, Jun 29, 2005 at 09:45:15AM -0400, Kern, Tom wrote: i'm running SA 3.0.4. How do I use the uridnsbl? It'll just work if you have Net::DNS and the network tests enabled (default). Run with -D to see what's going on. Do i just download it from CPAN? Download what from CPAN? I'm

Re: uridnsbl

At 09:45 AM 6/29/2005, Kern, Tom wrote: i'm running SA 3.0.4. How do I use the uridnsbl? You should be already Do i just download it from CPAN? No need, it comes with SA 3.0.0 and higher. Do i need to do anything to configure it? You do need a fairly recent version of Net::DNS, and you

RE: uridnsbl only spamhaus in 3.0.4 ?

Dallas L. Engelken wrote: I'm running a more recent snapshot and URI's that are dotted-decimal are not being reversed and checked properly against uridnsbl lists. For example, a test on '202.99.223.139'. You mean they ARE being lookup up, right? Not are not? Yes, sorry. All

RE: uridnsbl only spamhaus in 3.0.4 ?

-Original Message- From: Niek [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 07, 2005 10:48 AM To: users@spamassassin.apache.org Subject: uridnsbl only spamhaus in 3.0.4 ? Hi, I just downgraded from a svn version to 3.0.4 *snip* And that's it, no surbl.org or uribl.com lookups. At

Re: uridnsbl only spamhaus in 3.0.4 ?

On 6/7/2005 5:39 PM +0200, Chris Santerre wrote: URIBL has not officially requested to be included yet. We are doing some behind the scenes beef ups. Our front end seems to be ever improving. :) I know, but that doesn't matter in this case. The ip listed in multi.surbl.org too, but SA seems

Re: uridnsbl only spamhaus in 3.0.4 ?

On Tue, Jun 07, 2005 at 06:11:18PM +0200, Niek wrote: On 6/7/2005 5:39 PM +0200, Chris Santerre wrote: URIBL has not officially requested to be included yet. We are doing some behind the scenes beef ups. Our front end seems to be ever improving. :) I know, but that doesn't matter in this

Re: uridnsbl only spamhaus in 3.0.4 ?

On 6/7/2005 6:13 PM +0200, Theo Van Dinter wrote: The debug output specified what happened. The domains were all in the skip list, and SURBL and such doesn't have IPs looked up. SBL does do IPs, so it was queried. debug: uri found: http://pics.ebaystatic.com/aw/pics/x.gif debug: uri found:

RE: uridnsbl only spamhaus in 3.0.4 ?

It wants to query the domain: 212.203.31.2 It does so here: debug: URIDNSBL: query for 212.203.31.2 took 1 seconds to look up (sbl.spamhaus.org.:2.31.203.212) debug: URIDNSBL: queries completed: 1 started: 0 debug: URIDNSBL: queries active: at Tue Jun 7 18:10:32 2005 So, why is

Re: uridnsbl only spamhaus in 3.0.4 ?

Dallas L. Engelken wrote: I'm running a more recent snapshot and URI's that are dotted-decimal are not being reversed and checked properly against uridnsbl lists. For example, a test on '202.99.223.139'. You mean they ARE being lookup up, right? Not are not? Daryl

Re: URIDNSBL Scores

OK, I uninstalled SA 3.0.0 and did a clean install of 3.0.3, downloaded new SARE rules and tried again. I am still not getting any URI results. Can any one explain what happens in the debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x2982e68) implements 'check_post_dnsbl' section

Re: URIDNSBL Scores

OK, I uninstalled SA 3.0.0 and did a clean install of 3.0.3, downloaded new SARE rules and tried again. I am still not getting any URI results. Can any one explain what happens in the debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x2982e68) implements 'check_post_dnsbl' section

Re: URIDNSBL Scores

OK, I uninstalled SA 3.0.0 and did a clean install of 3.0.3, downloaded new SARE rules and tried again. I am still not getting any URI results. Can any one explain what happens in the debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x2982e68) implements 'check_post_dnsbl' section

  1   2   >