On Sun, 2008-07-20 at 22:21 +0200, Yves Goergen wrote:
> Correct. My fault. I've looked through the e-mails that I have received
> today and that contain my quoted signature. All of them I could find
> from today have this issue. All messages from today that contain the
> link show the same 3 matches. The URL would be in all 3 lists.
Run such a message through 'spamassassin' again, to see what it reports
*now*. Do you still see these strange, multiple URIBL hits?
spamassassin < message > out
If you don't, it may have been an erroneous listing that has been fixed
already. After all, that domain currently is *not* listed in URIBL. Or
it might have been a temporary DNS issue.
If you still do see these multiple hits however, you will have to
investigate further why it is hitting.
Also, check other email (including spam!) for multiple URIBL hits in the
existing report headers. Does / did it happen for that one domain only?
> I can remember that I have run 'sa-update' sometime the last days, not
> sure when it was exactly. I just ran it again but now it didn't find an
> update.
>
> I need to think about disabling these rules until the cause has been found.
If you find that domain to be the only instance showing such weird
results, (temporarily) working around it would be easy. Something like
this -- beware, NOT tested.
uri __UNCLASSIFIED_DE /unclassified.de/
meta WORKAROUND URIBL_BLACK && URIBL_RED && URIBL_GRAY && __UNCLASSIFIED_DE
score WORKAROUND -5.0
Also, even if you do see these *occasionally* for other domains, too,
but there also are good (single) URIBL_* hits, something like the above
without the uri rule constraint might help as a quick fix, too. Without
losing all URIBL hits. I believe these lists generally should be
mutually exclusive.
guenther
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
