Discuss November 2004

discuss@lists.surbl.org

44 participants
81 discussions

Webbi`s kleiner Datentoaster?
by Jeff Chan 09 Nov '04

09 Nov '04

Does anyone know: Webbi`s kleiner Datentoaster or why they are trying to zone transfer surbl.org from the following addresses? 83.129.251.245 83.129.247.209 83.129.221.175 83.129.211.136 There is some evidence they maybe crackers. Does anyone know anything about them? These appear to be dynamic tiscali.de DSL addresses. Jeff C.

2 2

RE: [SURBL-Discuss] LT02.NET
by Chris Santerre 09 Nov '04

09 Nov '04

So what was the outcome? That's right, I'm back! For 2 days anyway. I'm much happier and poorer from my vacation! But I did manage to pickup a BFG 6800 OC video card while I was away ;) WOOOT!!! Fragfest! (Yes I did OC the OC a bit more!) --Chris (I firmly believe if Disney shaped dog poo into the Mickey shape, My wife would want to buy it!) >-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Thursday, October 28, 2004 8:07 PM >To: SURBL Discussion list >Subject: Re: [SURBL-Discuss] LT02.NET > > >On Thursday, October 28, 2004, 1:41:43 PM, Fred Fred wrote: >> Can someone tell me why LT02.NET is whitelisted? (don't >tell me cause it's >> in ham) I would like an example if possible. > >> They use open relays to send their spam, the have 8 nanas >hits, the domain >> is fairly new like 2004-08-06 > >> Hand checked, it does not look like a legit site. (main >page is just a >> remove form.) > >> I played around and found that if you visit: >> http://t.lt02.net/c.asp? >> it will redirect you to www.listrak.com which is also >whitelisted (listrak >> has 31 nanas hits). > >> Their mx record is an open relay, I think this is a very >questionable domain >> to whitelist. > >> http://ordb.org/lookup/?host=66.109.239.150 > >First, we're not an open relay database. Our concern is spam URI >domains. > >Second, lt02.net was whitelisted by Steve Champeon, whose >anti-spam abilities I trust. Steve, would you care to comment >on this one? > >> steve of hesketh.com >> Has whitelisted: lt02.net >> >> Found on SURBL lists: WS OB >> >> Justification is: >> >> 'Found in possibly legit PRNewswire mailing.' >> >> Ticket is: >> >> Timestamp: Tue Sep 14 17:50:25 UTC 2004 > >Regarding listrak.com, I whitelisted it, probably because it >appeared in newsletters from legitimate companies. > >I'm interested in seeing examples of spam and ham mentioning >these domains. > >Jeff C. >-- >"If it appears in hams, then don't list it." > >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss >

2 1

Re: [SURBL-Discuss] Possible fps
by Jeff Chan 08 Nov '04

08 Nov '04

On Sunday, November 7, 2004, 8:54:28 AM, Tastings Journal wrote: > I run www.TastingsJournal.com and saw your letter on the internet. Our > messages do go out to a large base of people that have been members @ > PartySlave.com or PartyPolice.com > I send out just HTML text only messages and then direct people to the site. > Even though they have subscribed I still put an unsubscribe link in each > mail. I am not sure if this message means since I am not that familiar > with FP's or SURBL (black lists?) > Etc etc. If I am listed, I would like to know what measures I can take with > you to have the stigma taken off the Domain. > Thanks > James James, Please add confirmations to your subscriptions. Otherwise anyone can subscribe john(a)johnkerry.com, for example. Looks like this domain is on the Outblaze list. Outblaze, Please consider removing this domain. It has no NANAS, is not on RBLs, appears to have legitimate uses. Jeff C. -- "If it appears in hams, then don't list it."

1 0

C version of SURBL client?
by Andrew 07 Nov '04

07 Nov '04

Hi All, Does anyone know if there is an open-source client written in c to perform URL searches in message bodies, and then lookups against a SURBL ? (This is not for use with SA) Cheers, Andrew

4 7

Another program that uses SURBL
by Bret Miller 06 Nov '04

06 Nov '04

Just ran across this today. Doug's content filter for Merak, Exchange and Communigate Pro now supports SURBL too. http://www.2150.com/regexfilter/ Bret ---------- Send your spam to: bretmiller(a)wcg.org <mailto:bretmiller@wcg.org> Thanks for keeping the internet spam-free!

2 1

Virginia Law is used for first time for felony SPAM convictions
by Kevin A. McGrail 05 Nov '04

05 Nov '04

Pre-Face: We run the public nameserver d3.surbl.org and it is located in Virginia as is our company. I wonder whether things like surbl (I can definitely see Razor) could be extrapolated to increase the venue of this type of law? At the very worst, I think this is a definite "spammer beware". Anyway, after staying up till the wee hours after the election, I missed this news article about 2 spammers being convicted of 3 felony's each in Virginia this week. One sentenced to 9 years in jail, one got $7500 fine. However, one particularly interesting note. This case only accounted for SPAM sent for less than a month and 3 days of email over 10K each day were the reason for the 3 felony convictions. Important to note, these were extraditions from North Carolina where they SPAMmed users at AOL. It looks like using or sending to Virginia-based servers will be enough for felony convictions. Regards, KAM Some sparse info here: http://www.washingtonpost.com/wp-dyn/articles/A23622-2004Nov3.html More sentencing info here: http://www.computerweekly.com/articles/article.asp?liArticleID=134815&liArt…

1 0

Syntax issues
by Joe Zitnik 04 Nov '04

04 Nov '04

I am having problems getting all of my SURBL rules to work. My rules are below. All my rules work except two of them (I think): URIBL_PH_SURBL and URIBL_AH_DNSBL I have check through my archived spam, and can find no hits on those rules. If I run spamassassin --lint, I get no syntax errors. Are my rules not working, or do those rules almost never hit? urirhsbl URIBL_SC_SURBL sc.surbl.org. A header URIBL_SC_SURBL eval:check_uridnsbl('URIBL_SC_SURBL') describe URIBL_SC_SURBL Contains a URL tflags URIBL_SC_SURBL net score URIBL_SC_SURBL 4.0 urirhsbl URIBL_WS_SURBL ws.surbl.org. A header URIBL_WS_SURBL eval:check_uridnsbl('URIBL_WS_SURBL') describe URIBL_WS_SURBL Contains a URL tflags URIBL_WS_SURBL net score URIBL_WS_SURBL 2.0 urirhsbl URIBL_OB_SURBL ob.surbl.org. A header URIBL_OB_SURBL eval:check_uridnsbl('URIBL_OB_SURBL') describe URIBL_OB_SURBL Contains a URL tflags URIBL_OB_SURBL net score URIBL_OB_SURBL 4.0 urirhsbl URIBL_AB_SURBL ab.surbl.org. A header URIBL_AB_SURBL eval:check_uridnsbl('URIBL_AB_SURBL') describe URIBL_AB_SURBL Contains a URL tflags URIBL_AB_SURBL net score URIBL_AB_SURBL 5.0 urirhssub URIBL_PH_SURBL multi.surbl.org. A 8 header URIBL_PH_SURBL eval:check_uridnsbl('URIBL_PH_SURBL') describe URIBL_PH_SURBL Contains a URL tflags URIBL_PH_SURBL net score URIBL_PH_SURBL 5.0 urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 header URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') describe URIBL_JP_SURBL Contains a URL score URIBL_JP_SURBL 4.0 uridnsbl URIBL_AH_DNSBL dnsbl.ahbl.org. TXT body URIBL_AH_DNSBL eval:check_uridnsbl('URIBL_AH_DNSBL') describe URIBL_AH_DNSBL Contains a URL listed in the AH DNSBL tflags URIBL_AH_DNSBL net score URIBL_AH_DNSBL 0.5

2 2

Nice URIDNSBL functionality
by Bill Landry 04 Nov '04

04 Nov '04

Folks, with some of the nice functionality that the SA devs built into the URIDNSBL plug-in (see http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin…), you can do cool things like: ===== # URIDNSBL (queries URIs against standard DNSBLs) uridnsbl URIBL_AH_DNSBL dnsbl.ahbl.org. TXT body URIBL_AH_DNSBL eval:check_uridnsbl('URIBL_AH_DNSBL') describe URIBL_AH_DNSBL Contains a URL listed in the AH DNSBL blocklist tflags URIBL_AH_DNSBL net score URIBL_AH_DNSBL 0.5 uridnsbl URIBL_NJA_DNSBL combined.njabl.org. TXT body URIBL_NJA_DNSBL eval:check_uridnsbl('URIBL_NJA_DNSBL') describe URIBL_NJA_DNSBL Contains a URL listed in the NJA DNSBL blocklist tflags URIBL_NJA_DNSBL net score URIBL_NJA_DNSBL 0.5 uridnsbl URIBL_SBL_XBL sbl-xbl.spamhaus.org. TXT body URIBL_SBL_XBL eval:check_uridnsbl('URIBL_SBL_XBL') describe URIBL_SBL_XBL Contains a URL listed in the SBL-XBL DNSBL blocklist tflags URIBL_SBL_XBL net score URIBL_SBL_XBL 0.5 uridnsbl URIBL_SORBS_DNSBL dnsbl.sorbs.net. TXT body URIBL_SORBS_DNSBL eval:check_uridnsbl('URIBL_SORBS_DNSBL') describe URIBL_SORBS_DNSBL Contains a URL listed in the SORBS DNSBL blocklist tflags URIBL_SORBS_DNSBL net score URIBL_SORBS_DNSBL 0.5 # URIRHSBL (queries URIs against standard RHSBLs) urirhsbl URIBL_AH_RHSBL rhsbl.ahbl.org. A body URIBL_AH_RHSBL eval:check_uridnsbl('URIBL_AH_RHSBL') describe URIBL_AH_RHSBL Contains a URL listed in the AH RHSBL blocklist tflags URIBL_AH_RHSBL net score URIBL_AH_RHSBL 0.5 urirhsbl URIBL_MP_RHSBL block.rhs.mailpolice.com. A body URIBL_MP_RHSBL eval:check_uridnsbl('URIBL_MP_RHSBL') describe URIBL_MP_RHSBL Contains a URL listed in the MP RHSBL blocklist tflags URIBL_MP_RHSBL net score URIBL_MP_RHSBL 0.5 urirhsbl URIBL_SS_RHSBL blackhole.securitysage.com. A body URIBL_SS_RHSBL eval:check_uridnsbl('URIBL_SS_RHSBL') describe URIBL_SS_RHSBL Contains a URL listed in the SS RHSBL blocklist tflags URIBL_SS_RHSBL net score URIBL_SS_RHSBL 0.5 ===== I have been running these additional URI tests for about two weeks and have gotten very good results. If you decide to try out these tests, you may want to run them with minimal scores until you see how they are going to perform for you in your particular environment. Bill

6 12

Re: SURBL not working properly in SA 3.0.x (and MailScanner)
by alden＠engineno9inc.com 03 Nov '04

03 Nov '04

On Tuesday, November 2, 2004, 1:10:15 PM, Alden Levy wrote: >> Last week, I upgraded my server to FC1 (from RH 7.3). Sendmail, Ensim, and >> perl also got upgraded (to 8.12.x, 4.02, 5.8.1, respectively. >> Before the upgrade, everything worked well with SA 3.0.0 and MaliScanner >> 4.34. Now, SURBL doesn't work unless I do some really strange things. I've >> reinstalled SA, MS, and ClamAV, but no joy. I've since upgraded to SA 3.0.1, >> MS 4.35.9 and Mail::ClamAV 0.13. I already had ClamAV 0.80 installed. >> spamassassin -D --lint works fine, and when I test spamassassin with a SURBL >> URL, it gives the expected output. I don't get hits with MailScanner running >> unless I put the contents of 25_uribl.cf into my spam.assassin.prefs.conf >> (which has a link from local.cf). >> And my mail logs look fine, i.e., no errors, no MS restarts, etc. >Did you remember to change your URIBL rules from header to body? Yep. I did this (I, too, had hoped that this would fix my problem). Any other thoughts? Thanks. > http://www.surbl.org/ > Important Note Regarding SpamAssassin 3.0.1 and later: When > adding URIDNSBL rules, including SURBL or SBL ones using > urirhsbl, urirhssub or uridnsbl, be sure to set the rule type > to body. For example: > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html > tflags URIBL_JP_SURBL net > > score URIBL_JP_SURBL 4.0 > > This is a change from SpamAssassin 3.0.0, where body above was > previously header. Here is the changelog reference: > > r54022 | felicity | 2004-10-07 22:21:30 +0000 (Thu, 07 Oct 2004) | 1 line > > bug 3734: uridnsbl rules work on body data, not header data, so change > the rule type from header to body >Jeff C.

3 2

SURBL not working properly in SA 3.0.x (and MailScanner)
by Alden Levy 03 Nov '04

03 Nov '04

Last week, I upgraded my server to FC1 (from RH 7.3). Sendmail, Ensim, and perl also got upgraded (to 8.12.x, 4.02, 5.8.1, respectively. Before the upgrade, everything worked well with SA 3.0.0 and MaliScanner 4.34. Now, SURBL doesn't work unless I do some really strange things. I've reinstalled SA, MS, and ClamAV, but no joy. I've since upgraded to SA 3.0.1, MS 4.35.9 and Mail::ClamAV 0.13. I already had ClamAV 0.80 installed. spamassassin -D --lint works fine, and when I test spamassassin with a SURBL URL, it gives the expected output. I don't get hits with MailScanner running unless I put the contents of 25_uribl.cf into my spam.assassin.prefs.conf (which has a link from local.cf). And my mail logs look fine, i.e., no errors, no MS restarts, etc. Any help would be appreciated. Thanks, Alden Alden Levy Engine No. 9, Inc. 130 W. 57th Street, Suite 12E New York, NY 10019 (212) 981-1122 (212) 725-7202 fax

2 1

← Newer
1
2
3
4
5
6
7
8
9
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss November 2004