> From: Theo Van Dinter [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 20, 2008 8:08 PM > To: users@spamassassin.apache.org > Subject: Re: URIBL > > On Wed, Feb 20, 2008 at 06:52:14PM +0000, Nigel Frankcom wrote: > > >Anyway I heard talking about URIBL, which as I have understod is a > > >quite different service (it blacklists 'domains' rather > 'IPs'). But > > >is it maybe a dangerous practice to fight spam? Anyway, > does anyone > > >suggest me to use URIBL? > > URI black lists have been around for several years now, and > are generally very helpful at detecting spam. URIBL is one > of the standard such black lists that are in use in SA, but > there are others: SURBL (the oldest and most well known > IMO) as well as Razor (also does message hashing but largely > uses domain detection these days). (I may be forgetting > someone else, sorry, these are just the ones that come to mind.) > > Here are my results for the past 60 days for the different groups: > > (you want the most spam% with the lowest ham%, aka: the > higher the S/O the > better) > > OVERALL SPAM% HAM% S/O RANK SCORE NAME > 0 769001 57013 0.931 0.00 0.00 (all messages) > 0.00000 93.0978 6.9022 0.931 0.00 0.00 (all messages as %) > > 65.312 70.1541 0.0053 1.000 1.00 0.00 URIBL_JP_SURBL > 54.979 59.0545 0.0018 1.000 0.99 0.00 URIBL_SC_SURBL > 33.513 35.9976 0.0018 1.000 0.98 0.00 URIBL_AB_SURBL > 58.407 62.7323 0.0667 0.999 0.94 0.00 URIBL_OB_SURBL > 43.120 46.3111 0.0737 0.998 0.93 0.00 URIBL_WS_SURBL > 1.385 1.4874 0.0035 0.998 0.87 0.00 URIBL_PH_SURBL > > 0.758 0.8091 0.0702 0.920 0.78 0.00 URIBL_RED > 71.920 77.1604 1.2331 0.984 0.71 0.00 URIBL_BLACK > 1.545 1.4891 2.3047 0.393 0.52 0.00 URIBL_GREY > > 69.598 74.7537 0.0614 0.999 0.95 0.00 > RAZOR2_CF_RANGE_E8_51_100 > > > So URIBL is a bit more problematic than the others by itself, > due to the high ham hit rate, but given SA's method of using > multiple data sources to determine ham/spam, the false > positive issue is minimized. >
I have looked at the SURBL site. If I have well understood I have to enable only the plugin with loadPlugin. Then I have to use the command 'urirhssub' of the plugin URIDNSBL to specify that I want to use SURBLs: urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html tflags URIBL_JP_SURBL net score URIBL_JP_SURBL 3.0 Indeed, I have not understood a number of things: 1. Why I have to use 'URIBL_JP_SURBL' as 'NAME_OF_RULE'? Is it an arbitrary name or it exists a number of 'NAME_OF_RULE'? 2. Does the body command have to specify 'eval:check_uridnsbl('NAME_OF_RULE')' where 'NAME_OF_RULE' is the name of the rule specified as parameter of the command 'urirhssub'? 3. tflags? 4. score? 5. Is there any simpler URIDNSBL plugin setting? Maybe a default one? rocsca