Re: uribl result not triggering meta rule

On 02/04/2021 13:46, Wolfgang Breyha wrote: Hi! It seems that 3.4.5 changed the behavior of URIBL lookups in a quite bad way compared to 3.4.4. Just as a pointer: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7897 Greetings, Wolfgang

Re: URIBL randomly not triggered for the same message

On 2016-07-26 11:39, Reindl Harald wrote: sadly it don't work as expected https://bugzilla.redhat.com/show_bug.cgi?id=1360222 add forward-first: yes to forward zone without you are qquery stale data in unbound no i do not use bind9 now :=)

Re: URIBL randomly not triggered for the same message

Am 06.07.2016 um 17:40 schrieb Reindl Harald: Am 06.07.2016 um 17:35 schrieb John Hardin: On Wed, 6 Jul 2016, Paul Stead wrote: On 06/07/16 16:16, John Hardin wrote: Does that cache-min-ttl also affect NXDOMAIN? Is it possible to configure different TTL for NXDOMAIN (relatively low) and

Re: URIBL randomly not triggered for the same message

Am 06.07.2016 um 17:35 schrieb John Hardin: On Wed, 6 Jul 2016, Paul Stead wrote: On 06/07/16 16:16, John Hardin wrote: Does that cache-min-ttl also affect NXDOMAIN? Is it possible to configure different TTL for NXDOMAIN (relatively low) and positive results (relatively high)? For this

Re: URIBL randomly not triggered for the same message

On Wed, 6 Jul 2016, Paul Stead wrote: On 06/07/16 16:16, John Hardin wrote: Does that cache-min-ttl also affect NXDOMAIN? Is it possible to configure different TTL for NXDOMAIN (relatively low) and positive results (relatively high)? For this cache-max-negative-ttl exists :) :) It's

Re: URIBL randomly not triggered for the same message

On Wed, 6 Jul 2016, Reindl Harald wrote: Am 06.07.2016 um 14:36 schrieb RW: On Tue, 5 Jul 2016 14:01:17 +0200 Reindl Harald wrote: > since there is a local unbound-cache with > >cache-min-ttl: 300 thanks for the hint, but look at

Re: URIBL randomly not triggered for the same message

On 06/07/16 16:16, John Hardin wrote: Does that cache-min-ttl also affect NXDOMAIN? Is it possible to configure different TTL for NXDOMAIN (relatively low) and positive results (relatively high)? For this cache-max-negative-ttl exists :) Paul -- Paul Stead Systems Engineer Zen Internet

Re: URIBL randomly not triggered for the same message

Am 06.07.2016 um 14:36 schrieb RW: On Tue, 5 Jul 2016 14:01:17 +0200 Reindl Harald wrote: since there is a local unbound-cache with cache-min-ttl: 300 thanks for the hint, but look at https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7335#c8 reduce the value would make the problem

Re: URIBL randomly not triggered for the same message

On Tue, 5 Jul 2016 14:01:17 +0200 Reindl Harald wrote: > since there is a local unbound-cache with > > cache-min-ttl: 300 You might want to review that. From http://uribl.com July 8, 2015: Reduction in list time latency The spam trend of late has been to use short lived, high-volume

Re: URIBL randomly not triggered (and SPF too)

see also https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7335 BTW: the bugtracker has also a major bug - click on "My Bugs" leads to the URL below listing a ton of bugreports back to the year 2011 and pretends they are reported by me

Re: URIBL randomly not triggered (and SPF too)

Am 05.07.2016 um 14:01 schrieb Reindl Harald: i have here a message with URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist 50% of all tries against spamd it does NOT hit while the scantime for the whole message is arounnd 3 seconds - since there is a local unbound-cache

Re: URIBL/DNSBL from a database

Hi, >> Is there any reason to not use the bl.score.sendrescore.com with >> postscreen? I don't understand the distinction > > why? > > postscreen is supposed to be configured with sensible scoring to reject most > spam without false positives long before it reachs smtpd or even expesnive >

Re: URIBL/DNSBL from a database

Am 03.03.2016 um 02:44 schrieb Alex: Is there any reason to not use the bl.score.sendrescore.com with postscreen? I don't understand the distinction why? postscreen is supposed to be configured with sensible scoring to reject most spam without false positives long before it reachs smtpd or

Re: URIBL/DNSBL from a database

Hi, Some time ago, David Jones wrote: > In a related note, I have found that using the senderscore.org score combined > with postscreen's weighting is very effective in quickly catching new > spammers. > > postscreen_dnsbl_sites = > score.senderscore.com=127.0.4.[60..69]*2 >

Re: URIBL/DNSBL from a database

On 16/02/2016 01:08, Shawn Bakhtiar wrote: There are A LOT more people out there, far greater than just the Googles and Yahoos of the world, and to block IP addresses/subnets without an automated system using definable metric (that usually is enterprise specific), invariably IT will be

Re: URIBL/DNSBL from a database

I use to spend a lot of time blocking hosts and subnets, using IP tables, of malicious providers who would let any tom, dick, and Harry (no pun intended) to host spam hosts/relays on their servers. What I ended up doing is also blocking a lot SMB vendors from sending legitimate emails to users

Re: URIBL/DNSBL from a database

On 15/02/2016 09:02, Reindl Harald wrote: Am 14.02.2016 um 23:34 schrieb Noel Butler: On 14/02/2016 01:46, Alex wrote: rejecting outright at the SMTP level for IPs reaching my honeypots could be dangerous if not checked. how so? if your honey pots use specific non human used (ever)

Re: URIBL/DNSBL from a database

Am 14.02.2016 um 23:34 schrieb Noel Butler: On 14/02/2016 01:46, Alex wrote: rejecting outright at the SMTP level for IPs reaching my honeypots could be dangerous if not checked. how so? if your honey pots use specific non human used (ever) addresses, then there should never ever be a

Re: URIBL/DNSBL from a database

On 14/02/2016 01:46, Alex wrote: rejecting outright at the SMTP level for IPs reaching my honeypots could be dangerous if not checked. how so? if your honey pots use specific non human used (ever) addresses, then there should never ever be a genuine mail destined for it. I dont care

Re: URIBL/DNSBL from a database

On Sun, 14 Feb 2016, Allen Chen wrote: On 2/12/2016 8:48 AM, Axb wrote: On 02/12/2016 02:39 PM, Alex wrote: > For some time now I've been cycling URLs and IPs through a mariadb > database gathered from incoming mail on a honeypot I've created. > Surprising how many are received ahead of

Re: URIBL/DNSBL from a database

On 2/12/2016 8:48 AM, Axb wrote: On 02/12/2016 02:39 PM, Alex wrote: Hi, For some time now I've been cycling URLs and IPs through a mariadb database gathered from incoming mail on a honeypot I've created. Surprising how many are received ahead of spamhaus/barracuda. I'm looking for ideas on

Re: URIBL/DNSBL from a database

>> DNS is very effective to block at the MTA level. I setup my own private >> RBL on the DNS servers my SA boxes point to. Dump your IPs into a >> rbldnsd formatted zone file and setup your private RBL zone (doesn't >> have to be a real zone on the Internet) to forward to rbldnsd. Rbldnsd >>

Re: URIBL/DNSBL from a database

Hi, > DNS is very effective to block at the MTA level. I setup my own private > RBL on the DNS servers my SA boxes point to. Dump your IPs into a > rbldnsd formatted zone file and setup your private RBL zone (doesn't > have to be a real zone on the Internet) to forward to rbldnsd. Rbldnsd >

Re: URIBL/DNSBL from a database

Am 13.02.2016 um 16:46 schrieb Alex: DNS is very effective to block at the MTA level. I setup my own private RBL on the DNS servers my SA boxes point to. Dump your IPs into a rbldnsd formatted zone file and setup your private RBL zone (doesn't have to be a real zone on the Internet) to

Re: URIBL/DNSBL from a database

On Sat, 13 Feb 2016, Alex wrote: I've now got rbldnsd implemented. I've also known for a while it's faster/better than bind, but bind has always been in place. I have rbldnsd running on port 530, alongside bind on 53. How do I specify a urirhsbl in spamassassin to query the DNS server running

Re: URIBL/DNSBL from a database

On Fri, 2016-02-12 at 08:39 -0500, Alex wrote: > Is it possible for spamassassin to query a database directly? > Yes, with a plugin. I've been doing the opposite for some years now: I archive all my outgoing mail and most of my non-spam incoming mail in a Postgres database and use this as a

Re: URIBL/DNSBL from a database

> >From: Alex >For some time now I've been cycling URLs and IPs through a mariadb >database gathered from incoming mail on a honeypot I've created. >Surprising how many are received ahead of spamhaus/barracuda. Major RBLs like

Re: URIBL/DNSBL from a database

On 02/12/2016 02:39 PM, Alex wrote: Hi, For some time now I've been cycling URLs and IPs through a mariadb database gathered from incoming mail on a honeypot I've created. Surprising how many are received ahead of spamhaus/barracuda. I'm looking for ideas on how to now make this information

Re: URIBL/DNSBL from a database

On Feb 12, 2016, at 5:39 AM, Alex > wrote: Hi, For some time now I've been cycling URLs and IPs through a mariadb database gathered from incoming mail on a honeypot I've created. Surprising how many are received ahead of

Re: URIBL/DNSBL from a database

On 02/12/16 05:39, Alex wrote: Hi, For some time now I've been cycling URLs and IPs through a mariadb database gathered from incoming mail on a honeypot I've created. Surprising how many are received ahead of spamhaus/barracuda. I'm looking for ideas on how to now make this information

Re: URIBL/DNSBL from a database

On Fri, 2016-02-12 at 07:30 -0800, Marc Perkel wrote: > Yeah - unless you write your own SA module using DNS is the quick > easy solution. > If Alex already has a set of scripts that populate and maintain the database that he's happy with, then the quick and easy way may be to make a custom SA

Re: URIBL plugins are broken

On 5/11/2015 9:46 AM, Reindl Harald wrote: stripped down and anonymized sample attached the real bad thing is that the part triggering the URIBL rules wrongly is the quote of the signature from the message replied to Am 11.05.2015 um 15:13 schrieb Reindl Harald: i face false positives where

Re: URIBL plugins are broken

On 5/11/2015 9:13 AM, Reindl Harald wrote: i face false positives where the links are just facebook.com with the http-prefix in front and NOT com between the http-prefix and the real facebook domain the domain with com in front is indeed on both URIBL but it just don#t exist in the messages

Re: URIBL plugins are broken

Am 11.05.2015 um 15:43 schrieb Kevin A. McGrail: On 5/11/2015 9:13 AM, Reindl Harald wrote: i face false positives where the links are just facebook.com with the http-prefix in front and NOT com between the http-prefix and the real facebook domain the domain with com in front is indeed on

Re: uribl problem

Hi Karsten, On 12/1/13, Karsten Bräckelmann guent...@rudersport.de wrote: On Fri, 2013-11-29 at 13:30 +1000, Nick Edwards wrote: Hi, have a problem with our internal uribl urirhsblINT_URI uri.int.lan. A bodyINT_URI eval:check_uridnsbl('INT_URI') describeINT_URI

Re: uribl problem

On Mon, 2013-12-02 at 07:58 +1000, Nick Edwards wrote: On 12/1/13, Karsten Bräckelmann guent...@rudersport.de wrote: The general SA method of verifying which domains are queried for, is to have a look at the debug output. In your case, you can also check your local DNSBL's logs.

Re: uribl problem

Nick Edwards skrev den 2013-11-29 04:30: urirhsblINT_URI uri.int.lan. A bodyINT_URI eval:check_uridnsbl('INT_URI') describeINT_URI Contains a URI listed in internal URIBL tflags INT_URI net score INT_URI 3 rule is okay as designed this rule

Re: uribl problem

On Fri, 2013-11-29 at 13:30 +1000, Nick Edwards wrote: Hi, have a problem with our internal uribl urirhsblINT_URI uri.int.lan. A bodyINT_URI eval:check_uridnsbl('INT_URI') describeINT_URI Contains a URI listed in internal URIBL tflags INT_URI net score

Re: uribl test

For those who have asked, the RBL I am testing is included in the rules from KAM.cf at http://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf There will be some new tests coming as I'm working on more tests that require code changes. regards, KAM

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails

On 3/2/12 11:36 AM, Benny Pedersen wrote: just a note to whom it might concern :) phisting? OUCH. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 *| *SECNAP Network Security Corporation * Best Mobile Solutions Product of 2011 * Best Intrusion Prevention Product * Hot

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails

Ha. Nice -- Jeremy McSpadden On Mar 2, 2012, at 10:38 AM, Michael Scheidell michael.scheid...@secnap.com wrote: On 3/2/12 11:36 AM, Benny Pedersen wrote: just a note to whom it might concern :) phisting? OUCH. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 *|

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails

It was a last minute decision. Jeremy McSpadden jer...@fluxlabs.net wrote: Ha. Nice -- Jeremy McSpadden On Mar 2, 2012, at 10:38 AM, Michael Scheidell michael.scheid...@secnap.com wrote: On 3/2/12 11:36 AM, Benny Pedersen wrote: just a note to whom it might concern :) phisting? OUCH.

Re: uribl lastminute.com listed in uribl white and is now used for nordea phishiing mails

Den 2012-03-02 17:40, Jeremy McSpadden skrev: Ha. Nice be nice to an old mand -- Jeremy McSpadden On Mar 2, 2012, at 10:38 AM, Michael Scheidell michael.scheid...@secnap.com wrote: On 3/2/12 11:36 AM, Benny Pedersen wrote: just a note to whom it might concern :) phisting? OUCH. --

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails

On 03/02/2012 05:36 PM, Benny Pedersen wrote: just a note to whom it might concern :) why no pastebin a sample?

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails (SOLVED)

Den 2012-03-02 17:50, Axb skrev: On 03/02/2012 05:36 PM, Benny Pedersen wrote: just a note to whom it might concern :) why no pastebin a sample? february had 29 days this yaer ? its being resolved, sorry for the noice

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails (SOLVED)

Leap Year -- Jeremy McSpadden On Mar 2, 2012, at 11:11 AM, Benny Pedersen m...@junc.org wrote: Den 2012-03-02 17:50, Axb skrev: On 03/02/2012 05:36 PM, Benny Pedersen wrote: just a note to whom it might concern :) why no pastebin a sample? february had 29 days this yaer ? its being

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails (SOLVED)

Den 2012-03-02 18:15, Jeremy McSpadden skrev: Leap Year sure ? # # Copyright 2012 Nordea # body __COPYRIGHT_NORDEA /Copyright\ 201.\ Nordea/i meta PHISHMAIL_NORDEA (__COPYRIGHT_NORDEA !SPF_PASS) describe PHISHMAIL_NORDEA Meta: __COPYRIGHT_NORDEA !SPF_PASS score PHISHMAIL_NORDEA 3.0 if

Re: URIBL blocked

On 23/01/12 12:22, Tom Kinghorn wrote: Resolving the block might be as simple as using your own caching nameserver to avoid being lumped together with other users queries; setting up your own mirror of the DNS-blocklist; or paying to use the blocklist. The choice is up to the DNS-Blocklist

Re: URIBL blocked

I would look at getting a datafeed: http://www.uribl.com/datafeed.shtml [7] Out of interest, how much volume of email are you processing to experience this? Are you sharing your external IP with any other of your ISP customers? Does your ISP do anything strange with DNS queries? On

Re: URIBL lookup count

On Tue, 2011-10-18 at 12:51 +0100, Martin Gregorie wrote: I've just been thinking about URIBL lookups, etc and realising that I don't know how many of these an SA configuration does or how to estimate it. Is it correct to assume that every configured URIBL is sent a single lookup request

Re: URIBL lookup count

On Tue, 2011-10-18 at 19:22 +0200, Karsten Bräckelmann wrote: On Tue, 2011-10-18 at 12:51 +0100, Martin Gregorie wrote: I've just been thinking about URIBL lookups, etc and realising that I don't know how many of these an SA configuration does or how to estimate it. Is it correct to

Re: URIBL lookup count

On Tue, 2011-10-18 at 23:52 +0100, Martin Gregorie wrote: On Tue, 2011-10-18 at 19:22 +0200, Karsten Bräckelmann wrote: [...] there is one DNS lookup per URI and DNSBL -- e.g. SURBL (multiple lists) or URIBL (multiple listings). OK, so the answer is not straight forward: thanks for

Re: URIBL lookup count

On Wed, 2011-10-19 at 01:29 +0200, Karsten Bräckelmann wrote: On Tue, 2011-10-18 at 23:52 +0100, Martin Gregorie wrote: On Tue, 2011-10-18 at 19:22 +0200, Karsten Bräckelmann wrote: wonder if it would be useful for SA to log the number of BL lookups it does: as it need only involve of

Re: URIBL lookup count

On Wed, 2011-10-19 at 01:29 +0200, Karsten Bräckelmann wrote: Keep in mind, the actual number of queries isn't relevant unless you're at least in the general ball-park of 100,000 messages a day. Indeed: I'm not remotely near that. It was just an idea that I thought might be useful provided it

RE: uribl not working properly with .gg TLD

Ah I understand now why they are treated differently.. I've never delved into the details of that module. Blacklisting might be a good idea! Thanks Dave Giampaolo Tomassoni-2 wrote: What I am asking is why a reference to http://querty.ru.gg generates a URI lookup for ru.gg (ie missing

RE: uribl not working properly with .gg TLD

I'm running SpamAssassin version 3.3.0 and we received some spam recently which contained a link to a .ru.gg domain. While investigating whether it was listed in any of the URIBLs I discovered that if a message contains a link to http://qwerty.ru.gg;, spamassassin only looks up the domain

RE: uribl not working properly with .gg TLD

What I am asking is why a reference to http://querty.ru.gg generates a URI lookup for ru.gg (ie missing out the first component) whereas a reference to http://qwerty.ru.com generates a URI lookup for qwerty.ru.com. Dave Giampaolo Tomassoni-2 wrote: I'm running SpamAssassin version 3.3.0 and

RE: uribl not working properly with .gg TLD

What I am asking is why a reference to http://querty.ru.gg generates a URI lookup for ru.gg (ie missing out the first component) whereas a reference to http://qwerty.ru.com generates a URI lookup for qwerty.ru.com. Dave Because the ru.gg second level domain is not in the TWO_LEVEL_DOMAINS

Re: URIBL Notice

On Fri, 2010-03-12 at 07:48 -0800, Ray Dzek wrote: I just received the dreaded URIBL “You send us to many DNS queries” notice. This is fine. We have been growing and I am sure our queries have gone up. But when looking at their data feed service options the first thing I noticed was that

Re: URIBL Notice

On 12/03/10 15:48, Ray Dzek wrote: I just received the dreaded URIBL “You send us to many DNS queries” notice. This is fine. We have been growing and I am sure our queries have gone up. But when looking at their data feed service options the first thing I noticed was that there is no fee

Re: URIBL Notice

On 2010-03-12 16:48, Ray Dzek wrote: I just received the dreaded URIBL You send us to many DNS queries notice. This is fine. We have been growing and I am sure our queries have gone up. But when looking at their data feed service options the first thing I noticed was that there is no fee

Re: URIBL Notice

Yet Another Ninja wrote: These stats are for small trap box which only accepts mail from bots and rejects stuff listed by DNSWL and other public WLs. Since midnight CET- These are only URI BL tats - so you woun't see other dnsbls like Spamcop, etc. Alex, about those stats... (1) Do those

Re: URIBL Notice

On 2010-03-12 20:23, Rob McEwen wrote: Yet Another Ninja wrote: These stats are for small trap box which only accepts mail from bots and rejects stuff listed by DNSWL and other public WLs. Since midnight CET- These are only URI BL tats - so you woun't see other dnsbls like Spamcop, etc. Alex,

Re: URIBL Notice

Yet Another Ninja wrote: there are no users - its trap domains which have never had any real users - ever. no prefiltering except rejecting potential bounces and stuff leaking from whatever may be on DNSWL and a coupleof other WLs. Alex, Your stats are certainly valuable and

Re: URIBL Notice

On 2010-03-13 0:50, Rob McEwen wrote: Yet Another Ninja wrote: there are no users - its trap domains which have never had any real users - ever. no prefiltering except rejecting potential bounces and stuff leaking from whatever may be on DNSWL and a coupleof other WLs. Alex, Your

Re: URIBL Notice

On Fri, 2010-03-12 at 18:50 -0500, Rob McEwen wrote: Your stats are certainly valuable and illustrative... but not reflective of the stats one would see in a MOST real world mail streams where: (A) the spams were sent to actual users (which would be a distinctively different mix of spams

Re: URIBL Notice

On Mar 12, 2010, at 6:17 PM, Karsten Bräckelmann wrote: Just for comparison, below are some stats gathered quickly from 2 different and entirely unrelated systems. Real mail stream, real users only, no traps. Here are mine from yesterday while we are at it:

Re: URIBL Notice

On Sat, 2010-03-13 at 01:17 +0100, Karsten Bräckelmann wrote: RANKRULE NAME COUNT %OFMAIL %OFSPAM %OFHAM -- 8 URIBL_BLACK 57241.12 78.360.00

Re: URIBL Removal [OT]

On Sat, 2008-12-13 at 21:23 -0800, Marc Perkel wrote: I'm trying to get collaborate.com off of the URIBL list and I've submitted it for removal several times and nothing happens. Log in to your URIBL account, then see the track link, more verbosely named Track Your Submissions in the page

Re: URIBL Removal [OT]

On Sun, 2008-12-14 at 13:42 +0100, Karsten Bräckelmann wrote: On Sat, 2008-12-13 at 21:23 -0800, Marc Perkel wrote: I'm trying to get collaborate.com off of the URIBL list and I've submitted it for removal several times and nothing happens. Log in to your URIBL account, then see the track

Re: URIBL Removal [OT]

My fault - never mind. I was doing something wrong. Karsten Bräckelmann wrote: On Sat, 2008-12-13 at 21:23 -0800, Marc Perkel wrote: I'm trying to get collaborate.com off of the URIBL list and I've submitted it for removal several times and nothing happens. Log in to your URIBL

Re: Uribl for myself

Kris Deugau wrote: [EMAIL PROTECTED] wrote: Hello, i want to start my own local uribl. Spamassassin should read a raw-textfile for example /home/spamblack.txt where some url's are in wunschurlaub.biz euromillion.de and another.. If match one of these entries, the Mail should marked

Re: Uribl for myself

On 10/2/2008 10:18 PM, [EMAIL PROTECTED] wrote: Hello, i want to start my own local uribl. Spamassassin should read a raw-textfile for example /home/spamblack.txt where some url's are in wunschurlaub.biz euromillion.de and another.. If match one of these entries, the Mail should

Re: Uribl for myself

[EMAIL PROTECTED] wrote: Hello, i want to start my own local uribl. Spamassassin should read a raw-textfile for example /home/spamblack.txt where some url's are in wunschurlaub.biz euromillion.de and another.. If match one of these entries, the Mail should marked with X Points. How

RE: URIBL

Quoting Rocco Scappatura [EMAIL PROTECTED]: Maybe, now is the case to set up a copy of zone locally on my server.. I ve about 1300K messages rejected per day!! Yes, you should not query 1.3 million messages per day on the public nameservers. That would be considered abusive. Jeff C.

RE: URIBL

Quoting Rocco Scappatura [EMAIL PROTECTED]: Maybe, now is the case to set up a copy of zone locally on my server.. I ve about 1300K messages rejected per day!! Yes, you should not query 1.3 million messages per day on the public nameservers. That would be considered abusive. Je suis

RE: URIBL

I have to enable only the plugin with loadPlugin. ... and it's enabled by default, so you should be all set. :) Then I have to use the command 'urirhssub' of the plugin URIDNSBL to specify that I want to use SURBLs: ... the rules exist by default, so you should be all set. :)

RE: URIBL

Quoting Rocco Scappatura [EMAIL PROTECTED]: I have to enable only the plugin with loadPlugin. ... and it's enabled by default, so you should be all set. :) Then I have to use the command 'urirhssub' of the plugin URIDNSBL to specify that I want to use SURBLs: ... the rules exist by

RE: URIBL

Quoting Rocco Scappatura [EMAIL PROTECTED]: I have to enable only the plugin with loadPlugin. ... and it's enabled by default, so you should be all set. :) Then I have to use the command 'urirhssub' of the plugin URIDNSBL to specify that I want to use SURBLs: ... the rules exist

Re: URIBL

I remember there was a period of time when dozens of URI delist requests were submitted all together without any detail. Could that have been the case with your reports? Theo Van Dinter wrote: FWIW, I used to report FP domains to URIBL daily until I was told to stop because there were too

RE: URIBL

From: Theo Van Dinter [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 20, 2008 8:08 PM To: users@spamassassin.apache.org Subject: Re: URIBL On Wed, Feb 20, 2008 at 06:52:14PM +, Nigel Frankcom wrote: Anyway I heard talking about URIBL, which as I have understod is a quite

RE: URIBL

Anyway I heard talking about URIBL, which as I have understod is a quite different service (it blacklists 'domains' rather 'IPs'). But is it maybe a dangerous practice to fight spam? Anyway, does anyone suggest me to use URIBL? Are you looking for a PRE QUEUE blacklist? Or a way to

Re: URIBL

HI, Rocco 2008/2/21, Rocco Scappatura [EMAIL PROTECTED]: Anyway I heard talking about URIBL, which as I have understod is a quite different service (it blacklists 'domains' rather 'IPs'). But is it maybe a dangerous practice to fight spam? Anyway, does anyone suggest me to use

RE: URIBL

Quoting Rocco Scappatura [EMAIL PROTECTED]: I have looked at the SURBL site. If I have well understood I have to enable only the plugin with loadPlugin. Then I have to use the command 'urirhssub' of the plugin URIDNSBL to specify that I want to use SURBLs: urirhssub URIBL_JP_SURBL

RE: URIBL

HI, Rocco Hi Luis, I don't know what you mean for 'PRE QUEUE blacklist'.. Anyway I would like to help SpamAssassin in scoring emails.. He means a blacklist which runs IN the MTA, not at SA level, when the MTA has accepted the message. It rejects spammers as they connect, mostly

Re: URIBL

On Thu, Feb 21, 2008 at 09:57:17AM +0100, Rocco Scappatura wrote: I have looked at the SURBL site. If I have well understood I have to enable only the plugin with loadPlugin. ... and it's enabled by default, so you should be all set. :) Then I have to use the command 'urirhssub' of the plugin

RE: URIBL

Quoting Rocco Scappatura [EMAIL PROTECTED]: I have looked at the SURBL site. If I have well understood I have to enable only the plugin with loadPlugin. Then I have to use the command 'urirhssub' of the plugin URIDNSBL to specify that I want to use SURBLs: urirhssub

Re: URIBL

On Wed, 20 Feb 2008 16:40:33 +0100, Rocco Scappatura [EMAIL PROTECTED] wrote: During last days I have noticed an increasing of 'rejected' messages. I'm currently using 'zen.spamhaus.org' and 'list.dsbl.org' as reputation servers. At the same time, the number of false negative is growth. I

Re: URIBL

On Wed, Feb 20, 2008 at 06:52:14PM +, Nigel Frankcom wrote: Anyway I heard talking about URIBL, which as I have understod is a quite different service (it blacklists 'domains' rather 'IPs'). But is it maybe a dangerous practice to fight spam? Anyway, does anyone suggest me to use URIBL?

RE: URIBL

71.920 77.1604 1.23310.984 0.710.00 URIBL_BLACK You've always surprised me with your Ham rates Theo. I'm guessing these are prbly good sites that fell into the affiliate spam category and got listed. Anyway to pull out the top hitters of Ham and let us know. I'd like to find out

Re: URIBL

On Wed, Feb 20, 2008 at 02:41:09PM -0500, Chris Santerre wrote: 71.920 77.1604 1.23310.984 0.710.00 URIBL_BLACK Anyway to pull out the top hitters of Ham and let us know. I'd like to find out if we overlooked something. I'd like to correct this if it is an issue. FWIW, I

Re: URIBL

From: Rocco Scappatura [EMAIL PROTECTED] Date: Wed, 20 Feb 2008 16:40:33 +0100 To: users@spamassassin.apache.org Conversation: URIBL Subject: URIBL Anyway I heard talking about URIBL, which as I have understod is a quite different service (it blacklists 'domains' rather 'IPs'). But is

Re: URIBL

On Wed, Feb 20, 2008 at 07:03:58PM -0500, Dave Koontz wrote: I remember there was a period of time when dozens of URI delist requests were submitted all together without any detail. Could that have been the case with your reports? I'm not sure if it was specifically what you're thinking

RE: URIBL

For what it's worth I'm seeing an escalation here in the UK and on US and AUS servers so it's not isolated. Admittedly it's not a large proportion but it is a rise. How do you have inferred this? rocsca

Re: URIBL

Jason Bertoch wrote: Lately I've been trying to report links in spam to uribl.com, obviously hoping to increase the hit rate for messages coming my way. However, I've found several occasions where that URL was already listed but the rule didn't trigger. Upon further review, I'm not

RE: URIBL

On Wednesday, May 30, 2007 10:05 AM Matt Kettler wrote: Do you have Net::DNS installed and working? try spamassassin -D sample-spam.txt Does the debug output indicate that DNS is available and working? Yes, Net::DNS is installed and debug output says it's working. Other DNS-based

RE: URIBL

On Wednesday, May 30, 2007 10:16 AM John Wilcock wrote: Jason Bertoch wrote: Yes, Net::DNS is installed and debug output says it's working. Other DNS-based tests, such as SPF, are functioning correctly as well. Is Mail::SpamAssassin::Plugin::URIDNSBL enabled in your init.pre file? ISTR

Re: URIBL

On Wed, May 30, 2007 at 10:52:09AM -0400, Jason Bertoch wrote: multi.surbl.org. The debug output below seems to confirm that SA is not going to query multi.surbl.org. Of course not... [25188] dbg: uridnsbl: domains to query: There are no domains to query for, so it doesn't. -- Randomly

RE: URIBL

Dangit...wish replies were sent back to the list. Resending for everyone else to see... On Wednesday, May 30, 2007 11:02 AM Theo Van Dinter wrote: On Wed, May 30, 2007 at 10:52:09AM -0400, Jason Bertoch wrote: multi.surbl.org. The debug output below seems to confirm that SA is not going to

Re: URIBL

On Wed, 2007-05-30 at 11:02 -0400, Theo Van Dinter wrote: On Wed, May 30, 2007 at 10:52:09AM -0400, Jason Bertoch wrote: multi.surbl.org. The debug output below seems to confirm that SA is not going to query multi.surbl.org. Of course not... [25188] dbg: uridnsbl: domains to query:

  1   2   >