On 02/04/2021 13:46, Wolfgang Breyha wrote:
Hi!
It seems that 3.4.5 changed the behavior of URIBL lookups in a quite bad
way compared to 3.4.4.
Just as a pointer:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7897
Greetings,
Wolfgang
On 2016-07-26 11:39, Reindl Harald wrote:
sadly it don't work as expected
https://bugzilla.redhat.com/show_bug.cgi?id=1360222
add forward-first: yes to forward zone
without you are qquery stale data in unbound
no i do not use bind9 now :=)
Am 06.07.2016 um 17:40 schrieb Reindl Harald:
Am 06.07.2016 um 17:35 schrieb John Hardin:
On Wed, 6 Jul 2016, Paul Stead wrote:
On 06/07/16 16:16, John Hardin wrote:
Does that cache-min-ttl also affect NXDOMAIN? Is it possible to
configure different TTL for NXDOMAIN (relatively low) and
Am 06.07.2016 um 17:35 schrieb John Hardin:
On Wed, 6 Jul 2016, Paul Stead wrote:
On 06/07/16 16:16, John Hardin wrote:
Does that cache-min-ttl also affect NXDOMAIN? Is it possible to
configure different TTL for NXDOMAIN (relatively low) and positive
results (relatively high)?
For this
On Wed, 6 Jul 2016, Paul Stead wrote:
On 06/07/16 16:16, John Hardin wrote:
Does that cache-min-ttl also affect NXDOMAIN? Is it possible to
configure different TTL for NXDOMAIN (relatively low) and positive
results (relatively high)?
For this cache-max-negative-ttl exists :)
:) It's
On Wed, 6 Jul 2016, Reindl Harald wrote:
Am 06.07.2016 um 14:36 schrieb RW:
On Tue, 5 Jul 2016 14:01:17 +0200
Reindl Harald wrote:
> since there is a local unbound-cache with
>
>cache-min-ttl: 300
thanks for the hint, but look at
On 06/07/16 16:16, John Hardin wrote:
Does that cache-min-ttl also affect NXDOMAIN? Is it possible to
configure different TTL for NXDOMAIN (relatively low) and positive
results (relatively high)?
For this cache-max-negative-ttl exists :)
Paul
--
Paul Stead
Systems Engineer
Zen Internet
Am 06.07.2016 um 14:36 schrieb RW:
On Tue, 5 Jul 2016 14:01:17 +0200
Reindl Harald wrote:
since there is a local unbound-cache with
cache-min-ttl: 300
thanks for the hint, but look at
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7335#c8
reduce the value would make the problem
On Tue, 5 Jul 2016 14:01:17 +0200
Reindl Harald wrote:
> since there is a local unbound-cache with
>
> cache-min-ttl: 300
You might want to review that. From http://uribl.com
July 8, 2015: Reduction in list time latency
The spam trend of late has been to use short lived, high-volume
see also https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7335
BTW: the bugtracker has also a major bug - click on "My Bugs" leads to
the URL below listing a ton of bugreports back to the year 2011 and
pretends they are reported by me
Am 05.07.2016 um 14:01 schrieb Reindl Harald:
i have here a message with URIBL_ABUSE_SURBL Contains an URL listed in
the ABUSE SURBL blocklist
50% of all tries against spamd it does NOT hit while the scantime for
the whole message is arounnd 3 seconds - since there is a local
unbound-cache
Hi,
>> Is there any reason to not use the bl.score.sendrescore.com with
>> postscreen? I don't understand the distinction
>
> why?
>
> postscreen is supposed to be configured with sensible scoring to reject most
> spam without false positives long before it reachs smtpd or even expesnive
>
Am 03.03.2016 um 02:44 schrieb Alex:
Is there any reason to not use the bl.score.sendrescore.com with
postscreen? I don't understand the distinction
why?
postscreen is supposed to be configured with sensible scoring to reject
most spam without false positives long before it reachs smtpd or
Hi,
Some time ago, David Jones wrote:
> In a related note, I have found that using the senderscore.org score combined
> with postscreen's weighting is very effective in quickly catching new
> spammers.
>
> postscreen_dnsbl_sites =
> score.senderscore.com=127.0.4.[60..69]*2
>
On 16/02/2016 01:08, Shawn Bakhtiar wrote:
There are A LOT more people out there, far greater than just the
Googles and Yahoos of the world, and to block IP addresses/subnets
without an automated system using definable metric (that usually is
enterprise specific), invariably IT will be
I use to spend a lot of time blocking hosts and subnets, using IP tables, of
malicious providers who would let any tom, dick, and Harry (no pun intended) to
host spam hosts/relays on their servers. What I ended up doing is also blocking
a lot SMB vendors from sending legitimate emails to users
On 15/02/2016 09:02, Reindl Harald wrote:
Am 14.02.2016 um 23:34 schrieb Noel Butler:
On 14/02/2016 01:46, Alex wrote:
rejecting outright at the SMTP level for IPs reaching my honeypots
could be dangerous if not checked.
how so? if your honey pots use specific non human used (ever)
Am 14.02.2016 um 23:34 schrieb Noel Butler:
On 14/02/2016 01:46, Alex wrote:
rejecting outright at the SMTP level for IPs reaching my honeypots
could be dangerous if not checked.
how so? if your honey pots use specific non human used (ever) addresses,
then there should never ever be a
On 14/02/2016 01:46, Alex wrote:
rejecting outright at the SMTP level for IPs reaching my honeypots
could be dangerous if not checked.
how so? if your honey pots use specific non human used (ever) addresses,
then there should never ever be a genuine mail destined for it.
I dont care
On Sun, 14 Feb 2016, Allen Chen wrote:
On 2/12/2016 8:48 AM, Axb wrote:
On 02/12/2016 02:39 PM, Alex wrote:
> For some time now I've been cycling URLs and IPs through a mariadb
> database gathered from incoming mail on a honeypot I've created.
> Surprising how many are received ahead of
On 2/12/2016 8:48 AM, Axb wrote:
On 02/12/2016 02:39 PM, Alex wrote:
Hi,
For some time now I've been cycling URLs and IPs through a mariadb
database gathered from incoming mail on a honeypot I've created.
Surprising how many are received ahead of spamhaus/barracuda.
I'm looking for ideas on
>> DNS is very effective to block at the MTA level. I setup my own private
>> RBL on the DNS servers my SA boxes point to. Dump your IPs into a
>> rbldnsd formatted zone file and setup your private RBL zone (doesn't
>> have to be a real zone on the Internet) to forward to rbldnsd. Rbldnsd
>>
Hi,
> DNS is very effective to block at the MTA level. I setup my own private
> RBL on the DNS servers my SA boxes point to. Dump your IPs into a
> rbldnsd formatted zone file and setup your private RBL zone (doesn't
> have to be a real zone on the Internet) to forward to rbldnsd. Rbldnsd
>
Am 13.02.2016 um 16:46 schrieb Alex:
DNS is very effective to block at the MTA level. I setup my own private
RBL on the DNS servers my SA boxes point to. Dump your IPs into a
rbldnsd formatted zone file and setup your private RBL zone (doesn't
have to be a real zone on the Internet) to
On Sat, 13 Feb 2016, Alex wrote:
I've now got rbldnsd implemented. I've also known for a while it's
faster/better than bind, but bind has always been in place.
I have rbldnsd running on port 530, alongside bind on 53. How do I
specify a urirhsbl in spamassassin to query the DNS server running
On Fri, 2016-02-12 at 08:39 -0500, Alex wrote:
> Is it possible for spamassassin to query a database directly?
>
Yes, with a plugin.
I've been doing the opposite for some years now: I archive all my
outgoing mail and most of my non-spam incoming mail in a Postgres
database and use this as a
>
>From: Alex
>For some time now I've been cycling URLs and IPs through a mariadb
>database gathered from incoming mail on a honeypot I've created.
>Surprising how many are received ahead of spamhaus/barracuda.
Major RBLs like
On 02/12/2016 02:39 PM, Alex wrote:
Hi,
For some time now I've been cycling URLs and IPs through a mariadb
database gathered from incoming mail on a honeypot I've created.
Surprising how many are received ahead of spamhaus/barracuda.
I'm looking for ideas on how to now make this information
On Feb 12, 2016, at 5:39 AM, Alex
> wrote:
Hi,
For some time now I've been cycling URLs and IPs through a mariadb
database gathered from incoming mail on a honeypot I've created.
Surprising how many are received ahead of
On 02/12/16 05:39, Alex wrote:
Hi,
For some time now I've been cycling URLs and IPs through a mariadb
database gathered from incoming mail on a honeypot I've created.
Surprising how many are received ahead of spamhaus/barracuda.
I'm looking for ideas on how to now make this information
On Fri, 2016-02-12 at 07:30 -0800, Marc Perkel wrote:
> Yeah - unless you write your own SA module using DNS is the quick
> easy solution.
>
If Alex already has a set of scripts that populate and maintain the
database that he's happy with, then the quick and easy way may be to
make a custom SA
On 5/11/2015 9:46 AM, Reindl Harald wrote:
stripped down and anonymized sample attached
the real bad thing is that the part triggering the URIBL rules wrongly
is the quote of the signature from the message replied to
Am 11.05.2015 um 15:13 schrieb Reindl Harald:
i face false positives where
On 5/11/2015 9:13 AM, Reindl Harald wrote:
i face false positives where the links are just facebook.com with
the http-prefix in front and NOT com between the http-prefix and the
real facebook domain
the domain with com in front is indeed on both URIBL but it just
don#t exist in the messages
Am 11.05.2015 um 15:43 schrieb Kevin A. McGrail:
On 5/11/2015 9:13 AM, Reindl Harald wrote:
i face false positives where the links are just facebook.com with
the http-prefix in front and NOT com between the http-prefix and the
real facebook domain
the domain with com in front is indeed on
Hi Karsten,
On 12/1/13, Karsten Bräckelmann guent...@rudersport.de wrote:
On Fri, 2013-11-29 at 13:30 +1000, Nick Edwards wrote:
Hi, have a problem with our internal uribl
urirhsblINT_URI uri.int.lan. A
bodyINT_URI eval:check_uridnsbl('INT_URI')
describeINT_URI
On Mon, 2013-12-02 at 07:58 +1000, Nick Edwards wrote:
On 12/1/13, Karsten Bräckelmann guent...@rudersport.de wrote:
The general SA method of verifying which domains are queried for, is to
have a look at the debug output. In your case, you can also check your
local DNSBL's logs.
Nick Edwards skrev den 2013-11-29 04:30:
urirhsblINT_URI uri.int.lan. A
bodyINT_URI eval:check_uridnsbl('INT_URI')
describeINT_URI Contains a URI listed in internal URIBL
tflags INT_URI net
score INT_URI 3
rule is okay as designed
this rule
On Fri, 2013-11-29 at 13:30 +1000, Nick Edwards wrote:
Hi, have a problem with our internal uribl
urirhsblINT_URI uri.int.lan. A
bodyINT_URI eval:check_uridnsbl('INT_URI')
describeINT_URI Contains a URI listed in internal URIBL
tflags INT_URI net
score
For those who have asked, the RBL I am testing is included in the rules
from KAM.cf at http://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf
There will be some new tests coming as I'm working on more tests that
require code changes.
regards,
KAM
On 3/2/12 11:36 AM, Benny Pedersen wrote:
just a note to whom it might concern :)
phisting?
OUCH.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot
Ha. Nice
--
Jeremy McSpadden
On Mar 2, 2012, at 10:38 AM, Michael Scheidell michael.scheid...@secnap.com
wrote:
On 3/2/12 11:36 AM, Benny Pedersen wrote:
just a note to whom it might concern :)
phisting?
OUCH.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
*|
It was a last minute decision.
Jeremy McSpadden jer...@fluxlabs.net wrote:
Ha. Nice
--
Jeremy McSpadden
On Mar 2, 2012, at 10:38 AM, Michael Scheidell
michael.scheid...@secnap.com wrote:
On 3/2/12 11:36 AM, Benny Pedersen wrote:
just a note to whom it might concern :)
phisting?
OUCH.
Den 2012-03-02 17:40, Jeremy McSpadden skrev:
Ha. Nice
be nice to an old mand
--
Jeremy McSpadden
On Mar 2, 2012, at 10:38 AM, Michael Scheidell
michael.scheid...@secnap.com wrote:
On 3/2/12 11:36 AM, Benny Pedersen wrote:
just a note to whom it might concern :)
phisting?
OUCH.
--
On 03/02/2012 05:36 PM, Benny Pedersen wrote:
just a note to whom it might concern :)
why no pastebin a sample?
Den 2012-03-02 17:50, Axb skrev:
On 03/02/2012 05:36 PM, Benny Pedersen wrote:
just a note to whom it might concern :)
why no pastebin a sample?
february had 29 days this yaer ?
its being resolved, sorry for the noice
Leap Year
--
Jeremy McSpadden
On Mar 2, 2012, at 11:11 AM, Benny Pedersen m...@junc.org wrote:
Den 2012-03-02 17:50, Axb skrev:
On 03/02/2012 05:36 PM, Benny Pedersen wrote:
just a note to whom it might concern :)
why no pastebin a sample?
february had 29 days this yaer ?
its being
Den 2012-03-02 18:15, Jeremy McSpadden skrev:
Leap Year
sure ?
#
# Copyright 2012 Nordea
#
body __COPYRIGHT_NORDEA /Copyright\ 201.\ Nordea/i
meta PHISHMAIL_NORDEA (__COPYRIGHT_NORDEA !SPF_PASS)
describe PHISHMAIL_NORDEA Meta: __COPYRIGHT_NORDEA !SPF_PASS
score PHISHMAIL_NORDEA 3.0
if
On 23/01/12 12:22, Tom Kinghorn wrote:
Resolving the block might be as simple as using your own caching
nameserver to avoid being lumped together with other users queries;
setting up your own mirror of the DNS-blocklist; or paying to use the
blocklist. The choice is up to the DNS-Blocklist
I would look at getting a datafeed:
http://www.uribl.com/datafeed.shtml [7]
Out of interest, how much
volume of email are you processing to experience this?
Are you sharing
your external IP with any other of your ISP customers? Does your ISP do
anything strange with DNS queries?
On
On Tue, 2011-10-18 at 12:51 +0100, Martin Gregorie wrote:
I've just been thinking about URIBL lookups, etc and realising that I
don't know how many of these an SA configuration does or how to estimate
it.
Is it correct to assume that every configured URIBL is sent a single
lookup request
On Tue, 2011-10-18 at 19:22 +0200, Karsten Bräckelmann wrote:
On Tue, 2011-10-18 at 12:51 +0100, Martin Gregorie wrote:
I've just been thinking about URIBL lookups, etc and realising that I
don't know how many of these an SA configuration does or how to estimate
it.
Is it correct to
On Tue, 2011-10-18 at 23:52 +0100, Martin Gregorie wrote:
On Tue, 2011-10-18 at 19:22 +0200, Karsten Bräckelmann wrote:
[...] there is one DNS lookup per URI and
DNSBL -- e.g. SURBL (multiple lists) or URIBL (multiple listings).
OK, so the answer is not straight forward: thanks for
On Wed, 2011-10-19 at 01:29 +0200, Karsten Bräckelmann wrote:
On Tue, 2011-10-18 at 23:52 +0100, Martin Gregorie wrote:
On Tue, 2011-10-18 at 19:22 +0200, Karsten Bräckelmann wrote:
wonder if it would be useful for SA to log the number of BL lookups it
does: as it need only involve of
On Wed, 2011-10-19 at 01:29 +0200, Karsten Bräckelmann wrote:
Keep in mind, the actual number of queries isn't relevant unless you're
at least in the general ball-park of 100,000 messages a day.
Indeed: I'm not remotely near that. It was just an idea that I thought
might be useful provided it
Ah I understand now why they are treated differently.. I've never delved into
the details of that module.
Blacklisting might be a good idea!
Thanks
Dave
Giampaolo Tomassoni-2 wrote:
What I am asking is why a reference to http://querty.ru.gg generates a
URI
lookup for ru.gg (ie missing
I'm running SpamAssassin version 3.3.0 and we received some spam
recently
which contained a link to a .ru.gg domain. While investigating whether
it
was listed in any of the URIBLs I discovered that if a message contains
a
link to http://qwerty.ru.gg;, spamassassin only looks up the domain
What I am asking is why a reference to http://querty.ru.gg generates a URI
lookup for ru.gg (ie missing out the first component) whereas a reference to
http://qwerty.ru.com generates a URI lookup for qwerty.ru.com.
Dave
Giampaolo Tomassoni-2 wrote:
I'm running SpamAssassin version 3.3.0 and
What I am asking is why a reference to http://querty.ru.gg generates a
URI
lookup for ru.gg (ie missing out the first component) whereas a
reference to
http://qwerty.ru.com generates a URI lookup for qwerty.ru.com.
Dave
Because the ru.gg second level domain is not in the TWO_LEVEL_DOMAINS
On Fri, 2010-03-12 at 07:48 -0800, Ray Dzek wrote:
I just received the dreaded URIBL “You send us to many DNS queries”
notice. This is fine. We have been growing and I am sure our queries
have gone up. But when looking at their data feed service options the
first thing I noticed was that
On 12/03/10 15:48, Ray Dzek wrote:
I just received the dreaded URIBL “You send us to many DNS queries”
notice. This is fine. We have been growing and I am sure our queries
have gone up. But when looking at their data feed service options the
first thing I noticed was that there is no fee
On 2010-03-12 16:48, Ray Dzek wrote:
I just received the dreaded URIBL You send us to many DNS queries
notice. This is fine. We have been growing and I am sure our
queries have gone up. But when looking at their data feed service
options the first thing I noticed was that there is no fee
Yet Another Ninja wrote:
These stats are for small trap box which only accepts mail from bots
and rejects stuff listed by DNSWL and other public WLs. Since midnight
CET-
These are only URI BL tats - so you woun't see other dnsbls like
Spamcop, etc.
Alex,
about those stats...
(1) Do those
On 2010-03-12 20:23, Rob McEwen wrote:
Yet Another Ninja wrote:
These stats are for small trap box which only accepts mail from bots
and rejects stuff listed by DNSWL and other public WLs. Since midnight
CET-
These are only URI BL tats - so you woun't see other dnsbls like
Spamcop, etc.
Alex,
Yet Another Ninja wrote:
there are no users - its trap domains which have never had any real
users - ever.
no prefiltering except rejecting potential bounces and stuff leaking
from whatever may be on DNSWL and a coupleof other WLs.
Alex,
Your stats are certainly valuable and
On 2010-03-13 0:50, Rob McEwen wrote:
Yet Another Ninja wrote:
there are no users - its trap domains which have never had any real
users - ever.
no prefiltering except rejecting potential bounces and stuff leaking
from whatever may be on DNSWL and a coupleof other WLs.
Alex,
Your
On Fri, 2010-03-12 at 18:50 -0500, Rob McEwen wrote:
Your stats are certainly valuable and illustrative... but not reflective
of the stats one would see in a MOST real world mail streams where:
(A) the spams were sent to actual users (which would be a distinctively
different mix of spams
On Mar 12, 2010, at 6:17 PM, Karsten Bräckelmann wrote:
Just for comparison, below are some stats gathered quickly from 2
different and entirely unrelated systems. Real mail stream, real users
only, no traps.
Here are mine from yesterday while we are at it:
On Sat, 2010-03-13 at 01:17 +0100, Karsten Bräckelmann wrote:
RANKRULE NAME COUNT %OFMAIL %OFSPAM %OFHAM
--
8 URIBL_BLACK 57241.12 78.360.00
On Sat, 2008-12-13 at 21:23 -0800, Marc Perkel wrote:
I'm trying to get collaborate.com off of the URIBL list and I've
submitted it for removal several times and nothing happens.
Log in to your URIBL account, then see the track link, more verbosely
named Track Your Submissions in the page
On Sun, 2008-12-14 at 13:42 +0100, Karsten Bräckelmann wrote:
On Sat, 2008-12-13 at 21:23 -0800, Marc Perkel wrote:
I'm trying to get collaborate.com off of the URIBL list and I've
submitted it for removal several times and nothing happens.
Log in to your URIBL account, then see the track
My fault - never mind. I was doing something wrong.
Karsten Bräckelmann wrote:
On Sat, 2008-12-13 at 21:23 -0800, Marc Perkel wrote:
I'm trying to get collaborate.com off of the URIBL list and I've
submitted it for removal several times and nothing happens.
Log in to your URIBL
Kris Deugau wrote:
[EMAIL PROTECTED] wrote:
Hello,
i want to start my own local uribl.
Spamassassin should read a raw-textfile for example
/home/spamblack.txt where some url's are in
wunschurlaub.biz
euromillion.de
and another..
If match one of these entries, the Mail should marked
On 10/2/2008 10:18 PM, [EMAIL PROTECTED] wrote:
Hello,
i want to start my own local uribl.
Spamassassin should read a raw-textfile for example /home/spamblack.txt
where some url's are in
wunschurlaub.biz
euromillion.de
and another..
If match one of these entries, the Mail should
[EMAIL PROTECTED] wrote:
Hello,
i want to start my own local uribl.
Spamassassin should read a raw-textfile for example /home/spamblack.txt
where some url's are in
wunschurlaub.biz
euromillion.de
and another..
If match one of these entries, the Mail should marked with X Points.
How
Quoting Rocco Scappatura [EMAIL PROTECTED]:
Maybe, now is the case to set up a copy of zone locally on my server.. I
ve about 1300K messages rejected per day!!
Yes, you should not query 1.3 million messages per day on the public
nameservers. That would be considered abusive.
Jeff C.
Quoting Rocco Scappatura [EMAIL PROTECTED]:
Maybe, now is the case to set up a copy of zone locally on my server.. I
ve about 1300K messages rejected per day!!
Yes, you should not query 1.3 million messages per day on the public
nameservers. That would be considered abusive.
Je suis
I have to
enable only the plugin with loadPlugin.
... and it's enabled by default, so you should be all set. :)
Then I have to use the command 'urirhssub' of the plugin
URIDNSBL to
specify that I want to use SURBLs:
... the rules exist by default, so you should be all set. :)
Quoting Rocco Scappatura [EMAIL PROTECTED]:
I have to
enable only the plugin with loadPlugin.
... and it's enabled by default, so you should be all set. :)
Then I have to use the command 'urirhssub' of the plugin
URIDNSBL to
specify that I want to use SURBLs:
... the rules exist by
Quoting Rocco Scappatura [EMAIL PROTECTED]:
I have to
enable only the plugin with loadPlugin.
... and it's enabled by default, so you should be all set. :)
Then I have to use the command 'urirhssub' of the plugin
URIDNSBL to
specify that I want to use SURBLs:
... the rules exist
I remember there was a period of time when dozens of URI delist
requests were submitted all together without any detail. Could that
have been the case with your reports?
Theo Van Dinter wrote:
FWIW, I used to report FP domains to URIBL daily until I was told to
stop because there were too
From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 20, 2008 8:08 PM
To: users@spamassassin.apache.org
Subject: Re: URIBL
On Wed, Feb 20, 2008 at 06:52:14PM +, Nigel Frankcom wrote:
Anyway I heard talking about URIBL, which as I have understod is a
quite
Anyway I heard talking about URIBL, which as I have understod is a
quite different service (it blacklists 'domains' rather
'IPs'). But is
it maybe a dangerous practice to fight spam? Anyway, does anyone
suggest me to use URIBL?
Are you looking for a PRE QUEUE blacklist? Or a way to
HI, Rocco
2008/2/21, Rocco Scappatura [EMAIL PROTECTED]:
Anyway I heard talking about URIBL, which as I have understod is a
quite different service (it blacklists 'domains' rather
'IPs'). But is
it maybe a dangerous practice to fight spam? Anyway, does anyone
suggest me to use
Quoting Rocco Scappatura [EMAIL PROTECTED]:
I have looked at the SURBL site. If I have well understood I have to
enable only the plugin with loadPlugin.
Then I have to use the command 'urirhssub' of the plugin URIDNSBL to
specify that I want to use SURBLs:
urirhssub URIBL_JP_SURBL
HI, Rocco
Hi Luis,
I don't know what you mean for 'PRE QUEUE blacklist'..
Anyway I would
like to help SpamAssassin in scoring emails..
He means a blacklist which runs IN the MTA, not at SA level,
when the MTA has accepted the message. It rejects spammers as
they connect, mostly
On Thu, Feb 21, 2008 at 09:57:17AM +0100, Rocco Scappatura wrote:
I have looked at the SURBL site. If I have well understood I have to
enable only the plugin with loadPlugin.
... and it's enabled by default, so you should be all set. :)
Then I have to use the command 'urirhssub' of the plugin
Quoting Rocco Scappatura [EMAIL PROTECTED]:
I have looked at the SURBL site. If I have well understood
I have to
enable only the plugin with loadPlugin.
Then I have to use the command 'urirhssub' of the plugin
URIDNSBL to
specify that I want to use SURBLs:
urirhssub
On Wed, 20 Feb 2008 16:40:33 +0100, Rocco Scappatura
[EMAIL PROTECTED] wrote:
During last days I have noticed an increasing of 'rejected' messages.
I'm currently using 'zen.spamhaus.org' and 'list.dsbl.org' as reputation
servers.
At the same time, the number of false negative is growth.
I
On Wed, Feb 20, 2008 at 06:52:14PM +, Nigel Frankcom wrote:
Anyway I heard talking about URIBL, which as I have understod is a quite
different service (it blacklists 'domains' rather 'IPs'). But is it
maybe a dangerous practice to fight spam? Anyway, does anyone suggest me
to use URIBL?
71.920 77.1604 1.23310.984 0.710.00 URIBL_BLACK
You've always surprised me with your Ham rates Theo. I'm guessing these are
prbly good sites that fell into the affiliate spam category and got
listed. Anyway to pull out the top hitters of Ham and let us know. I'd like
to find out
On Wed, Feb 20, 2008 at 02:41:09PM -0500, Chris Santerre wrote:
71.920 77.1604 1.23310.984 0.710.00 URIBL_BLACK
Anyway to pull out the top hitters of Ham and let us know. I'd like
to find out if we overlooked something.
I'd like to correct this if it is an issue.
FWIW, I
From: Rocco Scappatura [EMAIL PROTECTED]
Date: Wed, 20 Feb 2008 16:40:33 +0100
To: users@spamassassin.apache.org
Conversation: URIBL
Subject: URIBL
Anyway I heard talking about URIBL, which as I have understod is a quite
different service (it blacklists 'domains' rather 'IPs'). But is
On Wed, Feb 20, 2008 at 07:03:58PM -0500, Dave Koontz wrote:
I remember there was a period of time when dozens of URI delist
requests were submitted all together without any detail. Could that
have been the case with your reports?
I'm not sure if it was specifically what you're thinking
For what it's worth I'm seeing an escalation here in the UK
and on US and AUS servers so it's not isolated. Admittedly
it's not a large proportion but it is a rise.
How do you have inferred this?
rocsca
Jason Bertoch wrote:
Lately I've been trying to report links in spam to uribl.com, obviously
hoping to increase the hit rate for messages coming my way. However, I've
found
several occasions where that URL was already listed but the rule didn't
trigger.
Upon further review, I'm not
On Wednesday, May 30, 2007 10:05 AM Matt Kettler wrote:
Do you have Net::DNS installed and working?
try spamassassin -D sample-spam.txt
Does the debug output indicate that DNS is available and working?
Yes, Net::DNS is installed and debug output says it's working. Other DNS-based
On Wednesday, May 30, 2007 10:16 AM John Wilcock wrote:
Jason Bertoch wrote:
Yes, Net::DNS is installed and debug output says it's working.
Other DNS-based tests, such as SPF, are functioning correctly as
well.
Is Mail::SpamAssassin::Plugin::URIDNSBL enabled in your init.pre file?
ISTR
On Wed, May 30, 2007 at 10:52:09AM -0400, Jason Bertoch wrote:
multi.surbl.org. The debug output below seems to confirm that SA is not going
to query multi.surbl.org.
Of course not...
[25188] dbg: uridnsbl: domains to query:
There are no domains to query for, so it doesn't.
--
Randomly
Dangit...wish replies were sent back to the list. Resending for everyone else
to see...
On Wednesday, May 30, 2007 11:02 AM Theo Van Dinter wrote:
On Wed, May 30, 2007 at 10:52:09AM -0400, Jason Bertoch wrote:
multi.surbl.org. The debug output below seems to confirm that SA is
not going to
On Wed, 2007-05-30 at 11:02 -0400, Theo Van Dinter wrote:
On Wed, May 30, 2007 at 10:52:09AM -0400, Jason Bertoch wrote:
multi.surbl.org. The debug output below seems to confirm that SA is not
going
to query multi.surbl.org.
Of course not...
[25188] dbg: uridnsbl: domains to query:
1 - 100 of 146 matches
Mail list logo