Does anyone know:
Webbi`s kleiner Datentoaster
or why they are trying to zone transfer surbl.org from the
following addresses?
83.129.251.245
83.129.247.209
83.129.221.175
83.129.211.136
There is some evidence they maybe crackers. Does anyone know
anything about them?
These appear to be dynamic tiscali.de DSL addresses.
Jeff C.
So what was the outcome?
That's right, I'm back! For 2 days anyway. I'm much happier and poorer from
my vacation! But I did manage to pickup a BFG 6800 OC video card while I was
away ;) WOOOT!!! Fragfest!
(Yes I did OC the OC a bit more!)
--Chris
(I firmly believe if Disney shaped dog poo into the Mickey shape, My wife
would want to buy it!)
>-----Original Message-----
>From: Jeff Chan [mailto:jeffc@surbl.org]
>Sent: Thursday, October 28, 2004 8:07 PM
>To: SURBL Discussion list
…
[View More]>Subject: Re: [SURBL-Discuss] LT02.NET
>
>
>On Thursday, October 28, 2004, 1:41:43 PM, Fred Fred wrote:
>> Can someone tell me why LT02.NET is whitelisted? (don't
>tell me cause it's
>> in ham) I would like an example if possible.
>
>> They use open relays to send their spam, the have 8 nanas
>hits, the domain
>> is fairly new like 2004-08-06
>
>> Hand checked, it does not look like a legit site. (main
>page is just a
>> remove form.)
>
>> I played around and found that if you visit:
>> http://t.lt02.net/c.asp?
>> it will redirect you to www.listrak.com which is also
>whitelisted (listrak
>> has 31 nanas hits).
>
>> Their mx record is an open relay, I think this is a very
>questionable domain
>> to whitelist.
>
>> http://ordb.org/lookup/?host=66.109.239.150
>
>First, we're not an open relay database. Our concern is spam URI
>domains.
>
>Second, lt02.net was whitelisted by Steve Champeon, whose
>anti-spam abilities I trust. Steve, would you care to comment
>on this one?
>
>> steve of hesketh.com
>> Has whitelisted: lt02.net
>>
>> Found on SURBL lists: WS OB
>>
>> Justification is:
>>
>> 'Found in possibly legit PRNewswire mailing.'
>>
>> Ticket is:
>>
>> Timestamp: Tue Sep 14 17:50:25 UTC 2004
>
>Regarding listrak.com, I whitelisted it, probably because it
>appeared in newsletters from legitimate companies.
>
>I'm interested in seeing examples of spam and ham mentioning
>these domains.
>
>Jeff C.
>--
>"If it appears in hams, then don't list it."
>
>_______________________________________________
>Discuss mailing list
>Discuss(a)lists.surbl.org
>http://lists.surbl.org/mailman/listinfo/discuss
>
[View Less]
On Sunday, November 7, 2004, 8:54:28 AM, Tastings Journal wrote:
> I run www.TastingsJournal.com and saw your letter on the internet. Our
> messages do go out to a large base of people that have been members @
> PartySlave.com or PartyPolice.com
> I send out just HTML text only messages and then direct people to the site.
> Even though they have subscribed I still put an unsubscribe link in each
> mail. I am not sure if this message means since I am not that familiar
> …
[View More]with FP's or SURBL (black lists?)
> Etc etc. If I am listed, I would like to know what measures I can take with
> you to have the stigma taken off the Domain.
> Thanks
> James
James,
Please add confirmations to your subscriptions. Otherwise anyone
can subscribe john(a)johnkerry.com, for example.
Looks like this domain is on the Outblaze list.
Outblaze,
Please consider removing this domain. It has no NANAS, is not on
RBLs, appears to have legitimate uses.
Jeff C.
--
"If it appears in hams, then don't list it."
[View Less]
Hi All,
Does anyone know if there is an open-source client written in c to
perform URL searches in message bodies, and then lookups against a SURBL ?
(This is not for use with SA)
Cheers,
Andrew
Just ran across this today. Doug's content filter for Merak, Exchange
and Communigate Pro now supports SURBL too.
http://www.2150.com/regexfilter/
Bret
----------
Send your spam to: bretmiller(a)wcg.org <mailto:bretmiller@wcg.org>
Thanks for keeping the internet spam-free!
Pre-Face: We run the public nameserver d3.surbl.org and it is located in
Virginia as is our company. I wonder whether things like surbl (I can
definitely see Razor) could be extrapolated to increase the venue of this
type of law? At the very worst, I think this is a definite "spammer
beware".
Anyway, after staying up till the wee hours after the election, I missed
this news article about 2 spammers being convicted of 3 felony's each in
Virginia this week. One sentenced to 9 years in …
[View More]jail, one got $7500 fine.
However, one particularly interesting note. This case only accounted for
SPAM sent for less than a month and 3 days of email over 10K each day were
the reason for the 3 felony convictions.
Important to note, these were extraditions from North Carolina where they
SPAMmed users at AOL. It looks like using or sending to Virginia-based
servers will be enough for felony convictions.
Regards,
KAM
Some sparse info here:
http://www.washingtonpost.com/wp-dyn/articles/A23622-2004Nov3.html
More sentencing info here:
http://www.computerweekly.com/articles/article.asp?liArticleID=134815&liArt…
[View Less]
I am having problems getting all of my SURBL rules to work.
My rules are below. All my rules work except two of them (I think):
URIBL_PH_SURBL and URIBL_AH_DNSBL
I have check through my archived spam, and can find no hits on those
rules. If I run spamassassin --lint, I get no syntax errors. Are my
rules not working, or do those rules almost never hit?
urirhsbl URIBL_SC_SURBL sc.surbl.org. A
header URIBL_SC_SURBL eval:check_uridnsbl('URIBL_SC_SURBL')
describe URIBL_SC_SURBL …
[View More]Contains a URL
tflags URIBL_SC_SURBL net
score URIBL_SC_SURBL 4.0
urirhsbl URIBL_WS_SURBL ws.surbl.org. A
header URIBL_WS_SURBL eval:check_uridnsbl('URIBL_WS_SURBL')
describe URIBL_WS_SURBL Contains a URL
tflags URIBL_WS_SURBL net
score URIBL_WS_SURBL 2.0
urirhsbl URIBL_OB_SURBL ob.surbl.org. A
header URIBL_OB_SURBL eval:check_uridnsbl('URIBL_OB_SURBL')
describe URIBL_OB_SURBL Contains a URL
tflags URIBL_OB_SURBL net
score URIBL_OB_SURBL 4.0
urirhsbl URIBL_AB_SURBL ab.surbl.org. A
header URIBL_AB_SURBL eval:check_uridnsbl('URIBL_AB_SURBL')
describe URIBL_AB_SURBL Contains a URL
tflags URIBL_AB_SURBL net
score URIBL_AB_SURBL 5.0
urirhssub URIBL_PH_SURBL multi.surbl.org. A 8
header URIBL_PH_SURBL eval:check_uridnsbl('URIBL_PH_SURBL')
describe URIBL_PH_SURBL Contains a URL
tflags URIBL_PH_SURBL net
score URIBL_PH_SURBL 5.0
urirhssub URIBL_JP_SURBL multi.surbl.org. A 64
header URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
describe URIBL_JP_SURBL Contains a URL
score URIBL_JP_SURBL 4.0
uridnsbl URIBL_AH_DNSBL dnsbl.ahbl.org. TXT
body URIBL_AH_DNSBL eval:check_uridnsbl('URIBL_AH_DNSBL')
describe URIBL_AH_DNSBL Contains a URL listed in the AH DNSBL
tflags URIBL_AH_DNSBL net
score URIBL_AH_DNSBL 0.5
[View Less]
Folks, with some of the nice functionality that the SA devs built into the
URIDNSBL plug-in (see
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin…),
you can do cool things like:
=====
# URIDNSBL (queries URIs against standard DNSBLs)
uridnsbl URIBL_AH_DNSBL dnsbl.ahbl.org. TXT
body URIBL_AH_DNSBL eval:check_uridnsbl('URIBL_AH_DNSBL')
describe URIBL_AH_DNSBL Contains a URL listed in the AH DNSBL blocklist
tflags URIBL_AH_DNSBL net
score URIBL_AH_DNSBL …
[View More]0.5
uridnsbl URIBL_NJA_DNSBL combined.njabl.org. TXT
body URIBL_NJA_DNSBL eval:check_uridnsbl('URIBL_NJA_DNSBL')
describe URIBL_NJA_DNSBL Contains a URL listed in the NJA DNSBL blocklist
tflags URIBL_NJA_DNSBL net
score URIBL_NJA_DNSBL 0.5
uridnsbl URIBL_SBL_XBL sbl-xbl.spamhaus.org. TXT
body URIBL_SBL_XBL eval:check_uridnsbl('URIBL_SBL_XBL')
describe URIBL_SBL_XBL Contains a URL listed in the SBL-XBL DNSBL blocklist
tflags URIBL_SBL_XBL net
score URIBL_SBL_XBL 0.5
uridnsbl URIBL_SORBS_DNSBL dnsbl.sorbs.net. TXT
body URIBL_SORBS_DNSBL eval:check_uridnsbl('URIBL_SORBS_DNSBL')
describe URIBL_SORBS_DNSBL Contains a URL listed in the SORBS DNSBL
blocklist
tflags URIBL_SORBS_DNSBL net
score URIBL_SORBS_DNSBL 0.5
# URIRHSBL (queries URIs against standard RHSBLs)
urirhsbl URIBL_AH_RHSBL rhsbl.ahbl.org. A
body URIBL_AH_RHSBL eval:check_uridnsbl('URIBL_AH_RHSBL')
describe URIBL_AH_RHSBL Contains a URL listed in the AH RHSBL blocklist
tflags URIBL_AH_RHSBL net
score URIBL_AH_RHSBL 0.5
urirhsbl URIBL_MP_RHSBL block.rhs.mailpolice.com. A
body URIBL_MP_RHSBL eval:check_uridnsbl('URIBL_MP_RHSBL')
describe URIBL_MP_RHSBL Contains a URL listed in the MP RHSBL blocklist
tflags URIBL_MP_RHSBL net
score URIBL_MP_RHSBL 0.5
urirhsbl URIBL_SS_RHSBL blackhole.securitysage.com. A
body URIBL_SS_RHSBL eval:check_uridnsbl('URIBL_SS_RHSBL')
describe URIBL_SS_RHSBL Contains a URL listed in the SS RHSBL blocklist
tflags URIBL_SS_RHSBL net
score URIBL_SS_RHSBL 0.5
=====
I have been running these additional URI tests for about two weeks and have
gotten very good results. If you decide to try out these tests, you may
want to run them with minimal scores until you see how they are going to
perform for you in your particular environment.
Bill
[View Less]
On Tuesday, November 2, 2004, 1:10:15 PM, Alden Levy wrote:
>> Last week, I upgraded my server to FC1 (from RH 7.3). Sendmail, Ensim,
and
>> perl also got upgraded (to 8.12.x, 4.02, 5.8.1, respectively.
>> Before the upgrade, everything worked well with SA 3.0.0 and MaliScanner
>> 4.34. Now, SURBL doesn't work unless I do some really strange things.
I've
>> reinstalled SA, MS, and ClamAV, but no joy. I've since upgraded to SA
3.0.1,
>> MS 4.35.9 and Mail::…
[View More]ClamAV 0.13. I already had ClamAV 0.80 installed.
>> spamassassin -D --lint works fine, and when I test spamassassin with a
SURBL
>> URL, it gives the expected output. I don't get hits with MailScanner
running
>> unless I put the contents of 25_uribl.cf into my spam.assassin.prefs.conf
>> (which has a link from local.cf).
>> And my mail logs look fine, i.e., no errors, no MS restarts, etc.
>Did you remember to change your URIBL rules from header to body?
Yep. I did this (I, too, had hoped that this would fix my problem). Any
other thoughts?
Thanks.
> http://www.surbl.org/
> Important Note Regarding SpamAssassin 3.0.1 and later: When
> adding URIDNSBL rules, including SURBL or SBL ones using
> urirhsbl, urirhssub or uridnsbl, be sure to set the rule type
> to body. For example:
>
> urirhssub URIBL_JP_SURBL multi.surbl.org. A 64
> body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
> describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html
> tflags URIBL_JP_SURBL net
>
> score URIBL_JP_SURBL 4.0
>
> This is a change from SpamAssassin 3.0.0, where body above was
> previously header. Here is the changelog reference:
>
> r54022 | felicity | 2004-10-07 22:21:30 +0000 (Thu, 07 Oct 2004) | 1 line
>
> bug 3734: uridnsbl rules work on body data, not header data, so change
> the rule type from header to body
>Jeff C.
[View Less]
Last week, I upgraded my server to FC1 (from RH 7.3). Sendmail, Ensim, and
perl also got upgraded (to 8.12.x, 4.02, 5.8.1, respectively.
Before the upgrade, everything worked well with SA 3.0.0 and MaliScanner
4.34. Now, SURBL doesn't work unless I do some really strange things. I've
reinstalled SA, MS, and ClamAV, but no joy. I've since upgraded to SA 3.0.1,
MS 4.35.9 and Mail::ClamAV 0.13. I already had ClamAV 0.80 installed.
spamassassin -D --lint works fine, and when I test …
[View More]spamassassin with a SURBL
URL, it gives the expected output. I don't get hits with MailScanner running
unless I put the contents of 25_uribl.cf into my spam.assassin.prefs.conf
(which has a link from local.cf).
And my mail logs look fine, i.e., no errors, no MS restarts, etc.
Any help would be appreciated.
Thanks,
Alden
Alden Levy
Engine No. 9, Inc.
130 W. 57th Street, Suite 12E
New York, NY 10019
(212) 981-1122
(212) 725-7202 fax
[View Less]