> From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 20, 2008 8:08 PM
> To: users@spamassassin.apache.org
> Subject: Re: URIBL
>
> On Wed, Feb 20, 2008 at 06:52:14PM +0000, Nigel Frankcom wrote:
> > >Anyway I heard talking about URIBL, which as I have understod is a
> > >quite different service (it blacklists 'domains' rather
> 'IPs'). But
> > >is it maybe a dangerous practice to fight spam? Anyway,
> does anyone
> > >suggest me to use URIBL?
>
> URI black lists have been around for several years now, and
> are generally very helpful at detecting spam. URIBL is one
> of the standard such black lists that are in use in SA, but
> there are others: SURBL (the oldest and most well known
> IMO) as well as Razor (also does message hashing but largely
> uses domain detection these days). (I may be forgetting
> someone else, sorry, these are just the ones that come to mind.)
>
> Here are my results for the past 60 days for the different groups:
>
> (you want the most spam% with the lowest ham%, aka: the
> higher the S/O the
> better)
>
> OVERALL SPAM% HAM% S/O RANK SCORE NAME
> 0 769001 57013 0.931 0.00 0.00 (all messages)
> 0.00000 93.0978 6.9022 0.931 0.00 0.00 (all messages as %)
>
> 65.312 70.1541 0.0053 1.000 1.00 0.00 URIBL_JP_SURBL
> 54.979 59.0545 0.0018 1.000 0.99 0.00 URIBL_SC_SURBL
> 33.513 35.9976 0.0018 1.000 0.98 0.00 URIBL_AB_SURBL
> 58.407 62.7323 0.0667 0.999 0.94 0.00 URIBL_OB_SURBL
> 43.120 46.3111 0.0737 0.998 0.93 0.00 URIBL_WS_SURBL
> 1.385 1.4874 0.0035 0.998 0.87 0.00 URIBL_PH_SURBL
>
> 0.758 0.8091 0.0702 0.920 0.78 0.00 URIBL_RED
> 71.920 77.1604 1.2331 0.984 0.71 0.00 URIBL_BLACK
> 1.545 1.4891 2.3047 0.393 0.52 0.00 URIBL_GREY
>
> 69.598 74.7537 0.0614 0.999 0.95 0.00
> RAZOR2_CF_RANGE_E8_51_100
>
>
> So URIBL is a bit more problematic than the others by itself,
> due to the high ham hit rate, but given SA's method of using
> multiple data sources to determine ham/spam, the false
> positive issue is minimized.
>
I have looked at the SURBL site. If I have well understood I have to
enable only the plugin with loadPlugin.
Then I have to use the command 'urirhssub' of the plugin URIDNSBL to
specify that I want to use SURBLs:
urirhssub URIBL_JP_SURBL multi.surbl.org. A 64
body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
describe URIBL_JP_SURBL Has URI in JP at
http://www.surbl.org/lists.html
tflags URIBL_JP_SURBL net
score URIBL_JP_SURBL 3.0
Indeed, I have not understood a number of things:
1. Why I have to use 'URIBL_JP_SURBL' as 'NAME_OF_RULE'? Is it an
arbitrary name or it exists a number of 'NAME_OF_RULE'?
2. Does the body command have to specify
'eval:check_uridnsbl('NAME_OF_RULE')' where 'NAME_OF_RULE' is the name
of the rule specified as parameter of the command 'urirhssub'?
3. tflags?
4. score?
5. Is there any simpler URIDNSBL plugin setting? Maybe a default one?
rocsca
