Re: heads up for false uribl black hits

Benny Pedersen wrote on 21/05/21 4:59 am: only place i find it https://spameatingmonkey.com/lookup/libehat Spameatingmonkey lists it as "This domain was first registered within the last 30 days Listings automatically expire in less than 30 days" It was registered on April 23. Maybe

Re: heads up for false uribl black hits

John Hardin wrote on 21/05/21 2:28 am: Odd, the URIBL website lookup tool says libera (.chat) is not listed, and didn't yesterday when you first posted this. https://admin.uribl.com/ Lookup Results (obfuscated just in case) Domain Status libera_chat NOT Listed on URIBL

Re: heads up for false uribl black hits

listed on URIBL too: http://lookup.uribl.com/?domain=libera.chat Ot at least it is *now* , maybe it comes and goes for some reasons ...and now it's listed at https://admin.uribl.com/ as well. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.org

Re: heads up for false uribl black hits

On 20/05/21 18:59, Benny Pedersen wrote: Is that not working correctly? only place i find it https://spameatingmonkey.com/lookup/libera.chat Hi, by checking: http://multirbl.valli.org/lookup/libera.chat.html it looks like that is indeed listed on URIBL too: http://lookup.uribl.com

Re: heads up for false uribl black hits

On 2021-05-20 16:28, John Hardin wrote: On Thu, 20 May 2021, Noel Butler wrote: Odd, the URIBL website lookup tool says libera (.chat) is not listed, and didn't yesterday when you first posted this. Is that not working correctly? only place i find it https://spameatingmonkey.com/lookup

Re: heads up for false uribl black hits

Status Manage libe.cxxx Listed on URIBL black Odd, the URIBL website lookup tool says libera (.chat) is not listed, and didn't yesterday when you first posted this. https://admin.uribl.com/ Lookup Results (obfuscated just in case) DomainStatus libera_chat NOT Listed

Re: heads up for false uribl black hits

Bill Cole wrote on 20/05/21 1:58 pm: The new domain was NOT listed in any RHSBL at 13:55 UTC. The first of its four ip addresses, 185.199.108.153, is on sbl.spamhaus.org but not the domain name. That is the only match that shows up in the list of RBLs checked at ant-abuse.org Multi-RBL

Re: heads up for false uribl black hits

on URIBL black at 02:46 UTC someone has made a delist request about 8 hours ago though strange that a service that has a policy of not saying why they list is included in default SA (btw - I have no affiliation with either party - I'm just mentioning it here since its where I found my confirm

Re: heads up for false uribl black hits

On 2021-05-19 at 21:13:41 UTC-0400 (Thu, 20 May 2021 11:13:41 +1000) Noel Butler is rumored to have said: By now most of you are aware of the hostile takeover of freenode and the mass exodus that's currently underway (if not see kline.sh for more) [1] Interestingly it seems uribl.com has

Re: uribl result not triggering meta rule

On 02/04/2021 13:46, Wolfgang Breyha wrote: Hi! It seems that 3.4.5 changed the behavior of URIBL lookups in a quite bad way compared to 3.4.4. Just as a pointer: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7897 Greetings, Wolfgang

uribl result not triggering meta rule

Hi! It seems that 3.4.5 changed the behavior of URIBL lookups in a quite bad way compared to 3.4.4. I have I urirhs lookup defined like: ifplugin Mail::SpamAssassin::Plugin::URIDNSBL urirhssub URIBL_DENY uribl.local.A 8 bodyURIBL_DENY eval:check_uridnsbl

Re: using URIBL on other headers

On 9/26/2018 10:59 AM, Pedro David Marco wrote: > > On Sunday, September 23, 2018, 12:55:28 AM GMT+2, Kevin A. McGrail > wrote: > > >It's fractured.  There are various lookups in various states in > various plugins. > > >From, Reply-to, Received, nameservers, rdns, webmail server headers, > >etc.

Re: using URIBL on other headers

On Sunday, September 23, 2018, 12:55:28 AM GMT+2, Kevin A. McGrail wrote: >It's fractured.  There are various lookups in various states in various >plugins. >From, Reply-to, Received, nameservers, rdns, webmail server headers, >etc. are all enhancements I want to add for RBL lookups. 

Re: using URIBL on other headers

On 9/22/2018 5:55 PM, Michael Grant wrote: The URIBL plugin looks for URLs in the subject and message body. Is there some way to coax it to look in the other headers as well, for example the From: Reply-to: or the Received headers? Michael, This reminds me of that saying, "just becaus

Re: using URIBL on other headers

On Sun, 23 Sep 2018 20:37:48 +0100 Michael Grant wrote: > I tried to read through the plugin. I'm not a spamassassin plugin > developer, I didn't have much luck trying to figure out how to do it > myself. I know this plugin only does subject and body but I saw > nothing in the plugin itself

Re: using URIBL on other headers

On Sat, 22 Sep 2018 at 23:55, Kevin A. McGrail wrote: > On 9/22/2018 5:55 PM, Michael Grant wrote: > > The URIBL plugin looks for URLs in the subject and message body. > > > > Is there some way to coax it to look in the other headers as well, for > > example the From

Re: using URIBL on other headers

On Sat, 22 Sep 2018 22:55:49 +0100 Michael Grant wrote: > The URIBL plugin looks for URLs in the subject and message body. > > Is there some way to coax it to look in the other headers as well, for > example the From: Reply-to: or the Received headers? You can create individual rul

Re: using URIBL on other headers

On 9/22/2018 5:55 PM, Michael Grant wrote: > The URIBL plugin looks for URLs in the subject and message body. > > Is there some way to coax it to look in the other headers as well, for > example the From: Reply-to: or the Received headers? > > It's fractured.  There are various

using URIBL on other headers

The URIBL plugin looks for URLs in the subject and message body. Is there some way to coax it to look in the other headers as well, for example the From: Reply-to: or the Received headers?

Re: stackexchange.com in URIBL (false positive?)

, or the blacklist operator needs a review. -Yves A third option would be for you to use uridnsbl_skip_domain and don't bother anymore ;) As of right now URIBL does not report stackexchange.com as being listed. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar

Re: stackexchange.com in URIBL (false positive?)

On 29/07/2018 09:53, Yves Goergen wrote: No I can't because it's a locked system. I'd need an account for that. And I'm not going to register just for saving another admin's system. So either stackexchange admins repair their entry themselves, or the blacklist operator needs a review. -Yves

Re: stackexchange.com in URIBL (false positive?)

Von: Dave Wreski Gesendet: Sa, 2018-07-28 21:29 +0200   5.7 URIBL_BLACK    Contains an URL listed in the URIBL blacklist [URIs: stackexchange.com] I guess that's not supposed to be like that. I can't change anything at it, just for information

Re: stackexchange.com in URIBL (false positive?) *** Spam 5.7

(stackoverflow.com) with a high spam score. It has this line in its report:   5.7 URIBL_BLACK    Contains an URL listed in the URIBL blacklist [URIs: stackexchange.com] I guess that's not supposed to be like that. I can't change anything at it, just for information

Re: stackexchange.com in URIBL (false positive?)

, I've received a notification e-mail from stackexchange.com (stackoverflow.com) with a high spam score. It has this line in its report: 5.7 URIBL_BLACKContains an URL listed in the URIBL blacklist [URIs: stackexchange.com] I guess that's not supposed to be like that. The default

Re: stackexchange.com in URIBL (false positive?)

On Sat, 28 Jul 2018 21:20:49 +0200 Yves Goergen wrote: > Hello, > > I've received a notification e-mail from stackexchange.com > (stackoverflow.com) with a high spam score. It has this line in its > report: > >5.7 URIBL_BLACKContains an URL listed in the UR

Re: stackexchange.com in URIBL (false positive?)

  5.7 URIBL_BLACK    Contains an URL listed in the URIBL blacklist [URIs: stackexchange.com] I guess that's not supposed to be like that. I can't change anything at it, just for information for somebody in the position to fix that. It is indeed listed

stackexchange.com in URIBL (false positive?)

Hello, I've received a notification e-mail from stackexchange.com (stackoverflow.com) with a high spam score. It has this line in its report: 5.7 URIBL_BLACKContains an URL listed in the URIBL blacklist [URIs: stackexchange.com] I guess that's

Re: Fwd: Fwd: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.

On 2/14/2017 10:01 AM, Emin Akbulut wrote: -- Forwarded message -- From: *Bowie Bailey* <bowie_bai...@buc.com <mailto:bowie_bai...@buc.com>> Date: Tue, Feb 14, 2017 at 5:44 PM Subject: Re: Fwd: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query

Re: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.

Emin Akbulut skrev den 2017-02-14 16:03: It's Gmail. When I hit the reply button, it only sends the last poster, -in this reply, it's you and I manually added users@- gmail ignores List-* headers, leading to much more problems then users using gmail if you need more support on there broken

Re: Fwd: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.

Emin Akbulut skrev den 2017-02-14 15:27: I'm confused a bit. Should I use forwarders or not? no stop any forward dns I was trying to follow that guide: i do not care of windows problems here use spamasassin docs on how to use specific ip as dns server, but not global, only for

Re: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.

a.com <mailto:djo...@ena.com>> >> Date: Tue, Feb 14, 2017 at 5:33 PM >> Subject: Re: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL >> was blocked. >> To: "users@spamassassin.apache.org >> <mailto:users@spamassassin.apache.org

Re: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.

Emin Akbulut skrev den 2017-02-14 14:21: How can I set the DNS conditional forwarders properly? setup spamasassin to use 127.0.0.1 as dns server, not any remote ips i dont know anything on how windows works :=)

Fwd: Fwd: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.

> -- Forwarded message -- > From: Bowie Bailey <bowie_bai...@buc.com> > Date: Tue, Feb 14, 2017 at 5:44 PM > Subject: Re: Fwd: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL > was blocked. > To: users@spamassassin.apache.org > > That pa

Re: Fwd: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.

On 2/14/2017 9:27 AM, Emin Akbulut wrote: I'm confused a bit. Should I use forwarders or not? I was trying to follow that guide: - As your issue with UTIBL_BLOCKED is a well-known one I would like to point you the FAQ section of our homepage:

Fwd: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.

> -- Forwarded message -- > From: David Jones <djo...@ena.com> > Date: Tue, Feb 14, 2017 at 5:33 PM > Subject: Re: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was > blocked. > To: "users@spamassassin.apache.org" <users@spamassassi

Re: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.

>From: RW <rwmailli...@googlemail.com> >Sent: Tuesday, February 14, 2017 7:51 AM >To: users@spamassassin.apache.org >Subject: Re: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was >blocked.   >On Tue, 14 Feb 2017 16:21:04 +0300 >Emin Akbulut wrote:

Fwd: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.

I'm confused a bit. Should I use forwarders or not? I was trying to follow that guide: - As your issue with UTIBL_BLOCKED is a well-known one > > I would like to point you the FAQ section of our homepage: > > > >

Re: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.

On Tue, 14 Feb 2017 16:21:04 +0300 Emin Akbulut wrote: > Hi > > URIBL checks are blocked. I think bec. of so many queries. I'm > advised to set up conditional forwarder on Windows DNS Server. If you mean that you should *stop* forwarding this traffic than that is correct. You need

URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.

Hi URIBL checks are blocked. I think bec. of so many queries. I'm advised to set up conditional forwarder on Windows DNS Server. I've added uribl.com as DNS zone and 54.149.125.143 as IP. SA still tags the messages. How can I set the DNS conditional forwarders properly?

Re: How to create a URIBL

Alex wrote: > Hi, > > I've collected a bunch of URIs that I'd like to incorporate into my > rulebase. I know how to create a DNSBL, but I don't specifically know > how to create a URIBL. Can I use rbldnsd for this? Or would I have to > extract the IP or hostname from the

Re: How to create a URIBL

On 10/18/2016 9:09 PM, Alex wrote: How do you then enter ranges? For example, one of the rbldnsd zone examples I've seen have entries such as: 1.168.160.0-255 That does not look to be in reverse order, as the host octet is still last. while there may be a more complicated and unusual answer

Re: How to create a URIBL

to ip4tset and ip4set for sending-IP blacklists. Let me explain... but before I explain, let me say that I'm not arguing for any of this. These standards were put in place long before my time (and are followed by SURBL and URIBL, too). Or, at least I didn't set these standards. I MIGHT have bee

Re: How to create a URIBL

On 10/19/2016 09:51 AM, Matus UHLAR - fantomas wrote: On 18.10.16 20:03, Rob McEwen wrote: So your three examples: 109 .73 .134 .241 would like like this: .241 .134 .73 .109 NOTICE 2 things: (2) the fact that the IP is in reverse order. The great part about rbldnsd is that a lookup

Re: How to create a URIBL

On 18.10.16 20:03, Rob McEwen wrote: So your three examples: 109 .73 .134 .241 would like like this: .241 .134 .73 .109 NOTICE 2 things: (2) the fact that the IP is in reverse order. The great part about rbldnsd is that a lookup on either are you REALLY sure the IP has to be

Re: How to create a URIBL

Hi, > (2) the fact that the IP is in reverse order. How do you then enter ranges? For example, one of the rbldnsd zone examples I've seen have entries such as: 1.168.160.0-255 That does not look to be in reverse order, as the host octet is still last. > foo.example.com:127.0.0.2:Blocked

Re: How to create a URIBL

Alex, here are some suggestions: In your rbldnsd-formatted file, put a dot at the beginning, which serves as a wildcard. So your three examples: 109 .73 .134 .241 51steel1 .org amessofblues1 .com (I added spaces here to evade spam filtering, but those spaces shouldn't actually be there)

Re: How to create a URIBL

On 10/18/2016 6:21 PM, Alex wrote: Hi, I've collected a bunch of URIs that I'd like to incorporate into my rulebase. I know how to create a DNSBL, but I don't specifically know how to create a URIBL. Can I use rbldnsd for this? Or would I have to extract the IP or hostname from the URL

How to create a URIBL

Hi, I've collected a bunch of URIs that I'd like to incorporate into my rulebase. I know how to create a DNSBL, but I don't specifically know how to create a URIBL. Can I use rbldnsd for this? Or would I have to extract the IP or hostname from the URL, then also use a bunch of uri rules? If so

Re: URIBL randomly not triggered for the same message

On 2016-07-26 11:39, Reindl Harald wrote: sadly it don't work as expected https://bugzilla.redhat.com/show_bug.cgi?id=1360222 add forward-first: yes to forward zone without you are qquery stale data in unbound no i do not use bind9 now :=)

Re: URIBL randomly not triggered for the same message

Am 06.07.2016 um 17:40 schrieb Reindl Harald: Am 06.07.2016 um 17:35 schrieb John Hardin: On Wed, 6 Jul 2016, Paul Stead wrote: On 06/07/16 16:16, John Hardin wrote: Does that cache-min-ttl also affect NXDOMAIN? Is it possible to configure different TTL for NXDOMAIN (relatively low) and

Re: URIBL randomly not triggered for the same message

Am 06.07.2016 um 17:35 schrieb John Hardin: On Wed, 6 Jul 2016, Paul Stead wrote: On 06/07/16 16:16, John Hardin wrote: Does that cache-min-ttl also affect NXDOMAIN? Is it possible to configure different TTL for NXDOMAIN (relatively low) and positive results (relatively high)? For this

Re: URIBL randomly not triggered for the same message

On Wed, 6 Jul 2016, Paul Stead wrote: On 06/07/16 16:16, John Hardin wrote: Does that cache-min-ttl also affect NXDOMAIN? Is it possible to configure different TTL for NXDOMAIN (relatively low) and positive results (relatively high)? For this cache-max-negative-ttl exists :) :) It's

Re: URIBL randomly not triggered for the same message

On Wed, 6 Jul 2016, Reindl Harald wrote: Am 06.07.2016 um 14:36 schrieb RW: On Tue, 5 Jul 2016 14:01:17 +0200 Reindl Harald wrote: > since there is a local unbound-cache with > >cache-min-ttl: 300 thanks for the hint, but look at

Re: URIBL randomly not triggered for the same message

On 06/07/16 16:16, John Hardin wrote: Does that cache-min-ttl also affect NXDOMAIN? Is it possible to configure different TTL for NXDOMAIN (relatively low) and positive results (relatively high)? For this cache-max-negative-ttl exists :) Paul -- Paul Stead Systems Engineer Zen Internet

Re: URIBL randomly not triggered for the same message

Am 06.07.2016 um 14:36 schrieb RW: On Tue, 5 Jul 2016 14:01:17 +0200 Reindl Harald wrote: since there is a local unbound-cache with cache-min-ttl: 300 thanks for the hint, but look at https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7335#c8 reduce the value would make the problem

Re: URIBL randomly not triggered for the same message

On Tue, 5 Jul 2016 14:01:17 +0200 Reindl Harald wrote: > since there is a local unbound-cache with > > cache-min-ttl: 300 You might want to review that. From http://uribl.com July 8, 2015: Reduction in list time latency The spam trend of late has been to use short lived, high-volume

Re: URIBL randomly not triggered (and SPF too)

see also https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7335 BTW: the bugtracker has also a major bug - click on "My Bugs" leads to the URL below listing a ton of bugreports back to the year 2011 and pretends they are reported by me

Re: URIBL randomly not triggered (and SPF too)

Am 05.07.2016 um 14:01 schrieb Reindl Harald: i have here a message with URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist 50% of all tries against spamd it does NOT hit while the scantime for the whole message is arounnd 3 seconds - since there is a local unbound-cache

URIBL randomly not triggered for the same message

i have here a message with URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist 50% of all tries against spamd it does NOT hit while the scantime for the whole message is arounnd 3 seconds - since there is a local unbound-cache with cache-min-ttl: 300 cache-max-ttl: 10800

Re: local uribl is not called

Am 14.06.2016 um 14:33 schrieb RW: On Tue, 14 Jun 2016 12:40:34 +0200 Reindl Harald wrote: when "uridnsbl" is wrong and don#t work the first paragraph just needs to be removed It's not wrong, uridnsbl and urirhsbl are different types of lookup. The former targets spammer controlled web &

Re: local uribl is not called

On Tue, 14 Jun 2016 12:40:34 +0200 Reindl Harald wrote: > use > > urirhsbl BLAH uribl.thelounge.net. A > or > urirhssub BLAH uribl.thelounge.net. A 127.0.0.2 > > instead of > uridnsbl > > so no "as said the syntax seems to be correct" it is NOT

Re: local uribl is not called

Am 14.06.2016 um 12:34 schrieb Tom Hendrikx: On 14-06-16 11:47, Reindl Harald wrote: Am 13.06.2016 um 22:53 schrieb Reindl Harald: Am 13.06.2016 um 22:10 schrieb Axb: HA! take a look into list and first thing you find is the moaner needing help coz he so smart he looks at ANCIENT

Re: local uribl is not called

On 14-06-16 11:47, Reindl Harald wrote: > > Am 13.06.2016 um 22:53 schrieb Reindl Harald: >> Am 13.06.2016 um 22:10 schrieb Axb: >>> HA! take a look into list and first thing you find is the moaner needing >>> help coz he so smart he looks at ANCIENT /3.2.x/doc instead of >> >>>

Re: local uribl is not called

Am 13.06.2016 um 22:53 schrieb Reindl Harald: Am 13.06.2016 um 22:10 schrieb Axb: HA! take a look into list and first thing you find is the moaner needing help coz he so smart he looks at ANCIENT /3.2.x/doc instead of

Re: local uribl is not called

< sample.eml 2> out.txt * grep for the uribl don't show any call uridnsbl URIBL_LOCAL uribl.thelounge.net. A body URIBL_LOCAL eval:check_uridnsbl('URIBL_LOCAL') describe URIBL_LOCAL Contains an URL listed in the URIBL blacklist score URIBL_LOCAL 0.1 tflags URIBL_LOCA

Re: local uribl is not called

On 06/13/2016 09:12 PM, Reindl Harald wrote: Am 13.06.2016 um 20:49 schrieb David B Funk: On Mon, 13 Jun 2016, Reindl Harald wrote: * the syntax seems to be correct * domain listet and dig answers correctly on the sa-machine * spamassassin -D < sample.eml 2> out.txt * grep for the

Re: local uribl is not called

Am 13.06.2016 um 20:49 schrieb David B Funk: On Mon, 13 Jun 2016, Reindl Harald wrote: * the syntax seems to be correct * domain listet and dig answers correctly on the sa-machine * spamassassin -D < sample.eml 2> out.txt * grep for the uribl don't show any call uridnsbl URIBL

Re: local uribl is not called

On Mon, 13 Jun 2016, Reindl Harald wrote: * the syntax seems to be correct * domain listet and dig answers correctly on the sa-machine * spamassassin -D < sample.eml 2> out.txt * grep for the uribl don't show any call uridnsbl URIBL_LOCAL uribl.thelounge.net. A body URIBL

local uribl is not called

* the syntax seems to be correct * domain listet and dig answers correctly on the sa-machine * spamassassin -D < sample.eml 2> out.txt * grep for the uribl don't show any call uridnsbl URIBL_LOCAL uribl.thelounge.net. A body URIBL_LOCAL eval:check_uridnsbl('URIBL_LOCAL') de

URIBL dependency failures

dependency 'URIBL_SC_SURBL' This is somewhat of a public service announcement for those of you who may also be affected. It appears to me that the URIBL rules above that are failing have all been replaced with the one URIBL_ABUSE_SURBL rule. Regards, Alex

Re: URIBL/DNSBL from a database

Hi, >> Is there any reason to not use the bl.score.sendrescore.com with >> postscreen? I don't understand the distinction > > why? > > postscreen is supposed to be configured with sensible scoring to reject most > spam without false positives long before it reachs smtpd or even expesnive >

Re: URIBL/DNSBL from a database

Am 03.03.2016 um 02:44 schrieb Alex: Is there any reason to not use the bl.score.sendrescore.com with postscreen? I don't understand the distinction why? postscreen is supposed to be configured with sensible scoring to reject most spam without false positives long before it reachs smtpd or

Re: URIBL/DNSBL from a database

Hi, Some time ago, David Jones wrote: > In a related note, I have found that using the senderscore.org score combined > with postscreen's weighting is very effective in quickly catching new > spammers. > > postscreen_dnsbl_sites = > score.senderscore.com=127.0.4.[60..69]*2 >

Re: URIBL/DNSBL from a database

On 16/02/2016 01:08, Shawn Bakhtiar wrote: There are A LOT more people out there, far greater than just the Googles and Yahoos of the world, and to block IP addresses/subnets without an automated system using definable metric (that usually is enterprise specific), invariably IT will be

Re: URIBL/DNSBL from a database

I use to spend a lot of time blocking hosts and subnets, using IP tables, of malicious providers who would let any tom, dick, and Harry (no pun intended) to host spam hosts/relays on their servers. What I ended up doing is also blocking a lot SMB vendors from sending legitimate emails to users

Re: URIBL/DNSBL from a database

On 15/02/2016 09:02, Reindl Harald wrote: Am 14.02.2016 um 23:34 schrieb Noel Butler: On 14/02/2016 01:46, Alex wrote: rejecting outright at the SMTP level for IPs reaching my honeypots could be dangerous if not checked. how so? if your honey pots use specific non human used (ever)

Re: URIBL/DNSBL from a database

Am 14.02.2016 um 23:34 schrieb Noel Butler: On 14/02/2016 01:46, Alex wrote: rejecting outright at the SMTP level for IPs reaching my honeypots could be dangerous if not checked. how so? if your honey pots use specific non human used (ever) addresses, then there should never ever be a

Re: URIBL/DNSBL from a database

On 14/02/2016 01:46, Alex wrote: rejecting outright at the SMTP level for IPs reaching my honeypots could be dangerous if not checked. how so? if your honey pots use specific non human used (ever) addresses, then there should never ever be a genuine mail destined for it. I dont care

Re: URIBL/DNSBL from a database

On Sun, 14 Feb 2016, Allen Chen wrote: On 2/12/2016 8:48 AM, Axb wrote: On 02/12/2016 02:39 PM, Alex wrote: > For some time now I've been cycling URLs and IPs through a mariadb > database gathered from incoming mail on a honeypot I've created. > Surprising how many are received ahead of

Re: URIBL/DNSBL from a database

On 2/12/2016 8:48 AM, Axb wrote: On 02/12/2016 02:39 PM, Alex wrote: Hi, For some time now I've been cycling URLs and IPs through a mariadb database gathered from incoming mail on a honeypot I've created. Surprising how many are received ahead of spamhaus/barracuda. I'm looking for ideas on

Re: URIBL/DNSBL from a database

>> DNS is very effective to block at the MTA level. I setup my own private >> RBL on the DNS servers my SA boxes point to. Dump your IPs into a >> rbldnsd formatted zone file and setup your private RBL zone (doesn't >> have to be a real zone on the Internet) to forward to rbldnsd. Rbldnsd >>

Re: URIBL/DNSBL from a database

Hi, > DNS is very effective to block at the MTA level. I setup my own private > RBL on the DNS servers my SA boxes point to. Dump your IPs into a > rbldnsd formatted zone file and setup your private RBL zone (doesn't > have to be a real zone on the Internet) to forward to rbldnsd. Rbldnsd >

Re: URIBL/DNSBL from a database

Am 13.02.2016 um 16:46 schrieb Alex: DNS is very effective to block at the MTA level. I setup my own private RBL on the DNS servers my SA boxes point to. Dump your IPs into a rbldnsd formatted zone file and setup your private RBL zone (doesn't have to be a real zone on the Internet) to

Re: URIBL/DNSBL from a database

On Sat, 13 Feb 2016, Alex wrote: I've now got rbldnsd implemented. I've also known for a while it's faster/better than bind, but bind has always been in place. I have rbldnsd running on port 530, alongside bind on 53. How do I specify a urirhsbl in spamassassin to query the DNS server running

Re: URIBL/DNSBL from a database

On Fri, 2016-02-12 at 08:39 -0500, Alex wrote: > Is it possible for spamassassin to query a database directly? > Yes, with a plugin. I've been doing the opposite for some years now: I archive all my outgoing mail and most of my non-spam incoming mail in a Postgres database and use this as a

URIBL/DNSBL from a database

Hi, For some time now I've been cycling URLs and IPs through a mariadb database gathered from incoming mail on a honeypot I've created. Surprising how many are received ahead of spamhaus/barracuda. I'm looking for ideas on how to now make this information available to spamassassin on my

Re: URIBL/DNSBL from a database

> >From: Alex >For some time now I've been cycling URLs and IPs through a mariadb >database gathered from incoming mail on a honeypot I've created. >Surprising how many are received ahead of spamhaus/barracuda. Major RBLs like

Re: URIBL/DNSBL from a database

On 02/12/2016 02:39 PM, Alex wrote: Hi, For some time now I've been cycling URLs and IPs through a mariadb database gathered from incoming mail on a honeypot I've created. Surprising how many are received ahead of spamhaus/barracuda. I'm looking for ideas on how to now make this information

Re: URIBL/DNSBL from a database

On Feb 12, 2016, at 5:39 AM, Alex > wrote: Hi, For some time now I've been cycling URLs and IPs through a mariadb database gathered from incoming mail on a honeypot I've created. Surprising how many are received ahead of

Re: URIBL/DNSBL from a database

On 02/12/16 05:39, Alex wrote: Hi, For some time now I've been cycling URLs and IPs through a mariadb database gathered from incoming mail on a honeypot I've created. Surprising how many are received ahead of spamhaus/barracuda. I'm looking for ideas on how to now make this information

Re: URIBL/DNSBL from a database

On Fri, 2016-02-12 at 07:30 -0800, Marc Perkel wrote: > Yeah - unless you write your own SA module using DNS is the quick > easy solution. > If Alex already has a set of scripts that populate and maintain the database that he's happy with, then the quick and easy way may be to make a custom SA

Re: shortcircuit dnsbl/uribl

Am 02.06.2015 um 16:30 schrieb RW: On Tue, 02 Jun 2015 14:36:07 +0200 Reindl Harald wrote: given that USER_IN_SPF_WHITELIST score with -100 here there is no real point to fire up all the other tests, it's clear anyways that this message will pass As far as possible spamassassin does network

Re: shortcircuit dnsbl/uribl

On Wed, 03 Jun 2015 11:22:42 +0200 Reindl Harald wrote: Am 02.06.2015 um 16:30 schrieb RW: On Tue, 02 Jun 2015 14:36:07 +0200 Reindl Harald wrote: given that USER_IN_SPF_WHITELIST score with -100 here there is no real point to fire up all the other tests, it's clear anyways that

Re: shortcircuit dnsbl/uribl

On Tue, 02 Jun 2015 14:36:07 +0200 Reindl Harald wrote: given that USER_IN_SPF_WHITELIST score with -100 here there is no real point to fire up all the other tests, it's clear anyways that this message will pass As far as possible spamassassin does network test in parallel with each other

shortcircuit dnsbl/uribl

is there a way to skip DNSBL/URIBL if a message hits the rule below, i tried to define dnsbl-rules with priority CUST_DNSBL -450 but that don't change anything given that USER_IN_SPF_WHITELIST score with -100 here there is no real point to fire up all the other tests, it's clear anyways

URIBL plugins are broken

i face false positives where the links are just facebook.com with the http-prefix in front and NOT com between the http-prefix and the real facebook domain the domain with com in front is indeed on both URIBL but it just don#t exist in the messages at all - why does SA extract the domains

Re: URIBL plugins are broken

On 5/11/2015 9:46 AM, Reindl Harald wrote: stripped down and anonymized sample attached the real bad thing is that the part triggering the URIBL rules wrongly is the quote of the signature from the message replied to Am 11.05.2015 um 15:13 schrieb Reindl Harald: i face false positives where

Re: URIBL plugins are broken

On 5/11/2015 9:13 AM, Reindl Harald wrote: i face false positives where the links are just facebook.com with the http-prefix in front and NOT com between the http-prefix and the real facebook domain the domain with com in front is indeed on both URIBL but it just don#t exist in the messages

Re: URIBL plugins are broken

on both URIBL but it just don#t exist in the messages at all - why does SA extract the domains wrong from the mailsource when there is no comfacebook at all besides the SA report? URIBL_DBL_SPAM Contains a spam URL [URIs: com__facebook.com] URIBL_BLACK Contains an URL listed in the URIBL blacklist

The query to URIBL was blocked

Seeing this in most of the markups 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block I installed Bind9 as a caching name server and AFAICT it's

  1   2   3   4   5   >