Discuss August 2004

discuss@lists.surbl.org

56 participants
207 discussions

Donation button added
by Jeff Chan 18 Aug '04

18 Aug '04

Raymond had suggested it while ago, but I've added a donation button to the SURBL site. Hope that's ok with everyone. (Of course it's all voluntary.) The account is my personal one since SURBL doesn't really have a business entity. We would use any donations to pay for bandwidth, hosting or other expenses that come up, perhaps including setting up an additional data server at a new location elsewhere in the world for some extra redundancy. Jeff C.

1 0

cdbaby.com fp whitelisted
by Jeff Chan 18 Aug '04

18 Aug '04

cdbaby.com was on ws. I've whitelisted it along with a couple others:

1 0

surbl.org website down?
by Martin 17 Aug '04

17 Aug '04

Is it jst me or is the surbl.org website down? / Martin

3 11

Re: [SURBL-Discuss] surbl.org website down?
by daveb＠esat.net 17 Aug '04

17 Aug '04

Martin wrote: > >Jeff Chan wrote: > >> Comes up fine for me, but it could be intermittent DNS timeouts >> due to BIND being slow reloading. I'm changing my server over >> to rbldnsd and encouraging other of the public SURBL name >> servers to do likewise, but some are not converted over yet. >> I believe running rbldnsd will help a lot. > >Jeff, > >Alright, but it seems like i can't find the host at all: > >traceroute www.surbl.org >traceroute: unknown host www.surbl.org > >Anyone else from sweden experiencing the same problem? I think it's to do with which nameserver you get back. I noticed when I switched mine to rbldnsd that other day that I was unable to resolve www.surbl.org from it anymore... dave@pagh:~$ dig version.bind chaos txt @ns16.surbl.org +short "rbldnsd" dave@pagh:~$ dig a www.surbl.org @ns16.surbl.org +short dave@pagh:~$ dig version.bind chaos txt @ns14.surbl.org +short "rbldnsd 0.992 (7 Mar 2004)" dave@pagh:~$ dig a www.surbl.org @ns14.surbl.org +short dave@pagh:~$ dig version.bind chaos txt @ns13.surbl.org +short "8.3.7-REL" dave@pagh:~$ dig a www.surbl.org @ns13.surbl.org +short 66.170.2.60 As you can see, ns16 & ns14 won't give you an A record back, but ns13 will. This also affects what my nameservers will cache .... daveb@bilbo:~$ dig a www.surbl.org @ns4.ns.esat.net +short daveb@bilbo:~$ dig a www.surbl.org @ns5.ns.esat.net +short 66.170.2.60 daveb@bilbo:~$ traceroute www.surbl.org traceroute: unknown host www.surbl.org Both servers are identical, yet one can resolve it, and one can't. I'm not sure what the solution should be, but it will only get worse as more clients migrate rbldnsd IMHO. Dave

3 14

RE: [SURBL-Discuss] Need help with setup...
by Kristian Davies 17 Aug '04

17 Aug '04

>>I also re-installed. >>but it seems that spam is still not getting tagged with URI.... :-( >Does it catch a test message containing: > http://surbl-org-permanent-test-point-MUNGED.com/ >or: > http://127.0.0.2-MUNGED/ >without the "-MUNGED"s. So if you send yourself a message with >any of those unmunged testpoints as URIs, the messages should >match any SURBLs you have installed. > http://www.surbl.org/faq.html#test-uris >Jeff C. Cheer for your pointers Jeff, Alas it didnt work :-(( -Kristian --------------------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ---------------------------------------------------------------------------

1 0

webpronews.com fp in ws
by Jeff Chan 17 Aug '04

17 Aug '04

webpronews.com is an fp in ws. I've whitelisted it in SURBLs but please remove it from ws, and trace back the source. webpronews.com is in the bonded sender program and another domain belonging to ientry.com. I've separately asked ientry.com for a list of their domains to whitelist beyond: ientry.com ientry.net ientrymail.com webpronews.com Jeff C.

1 0

RE: [SURBL-Discuss] RE: (1) Another Possible FP, and (2) header p arsing issues
by Chris Santerre 17 Aug '04

17 Aug '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Saturday, August 14, 2004 2:24 AM >To: SURBL Discussion list >Subject: Re: [SURBL-Discuss] RE: (1) Another Possible FP, and >(2) header >p arsing issues > > >On Friday, August 13, 2004, 10:33:22 PM, Bill Landry wrote: >> From: Rik van Riel > >>> Once I have a working script to extract URLs from a spamtrap >>> feed, I'll make it available as free software. Possibly even >>> bundled with Spamikaze ;) > >> Here is a script I run against my spamtrap mailboxes to >output a list of >> domain names: > >> egrep -i "http|www" main.mbx | cut -d ":" -f2 | cut -b 3- | >cut -d "/" -f1 | >> sed "s/=2E/\./g" | grep "\..*\." | egrep -v " >|>|=|@|\..*\..*\." | cut -d >> "." -f2-3 | tr -d "<" | usort | uniq > >> Depending on your mailbox format, it may work for you as well. > >Which will work on some plaintext URIs, but SpamAssassin and >others have code to "render" messages from MIME, multipart >messages, etc. that are not plaintext, in addition to a bunch of >other deobfuscation code. Since spammers sometimes try to make >their messages harder for programs to read, the programs tend to >become more complex and capable. > >Jeff C. While I'm all for automation, but please be extremely careful. Take it from someone who knows, harvesting domains from scripts will lead to headaches. Like Jeff said, there is other encoding to deal with. URL poison. links that don't have http or www in them. ("Paste this into your browser......", btw SARE is working on that now.) I'm thinking the best way would be to take the actual SURBL code, and use it to rip out domains. But the SA code to unencode the email would be needed as well. Putting this in the email pipe would be best. If spam if not found in SURBL run SURBL extract + append to file :) --Chris

3 3

RE: [SURBL-Discuss] Need help with setup...
by Kristian Davies 16 Aug '04

16 Aug '04

Just wondering, i put amavisd in debug mode and it listed this... debug: running uri tests; score so far=0.16 debug: uri tests: Done uriRE Is this SpamURI ?? Cheers, Kristian >Yeah cheers, i'd actually read that already... >Anyway.. i just did a find on Conf.pm which came up with 3 diretories under >/usr/lib/perl5 and i made sure that the 3 .pm files that come with SpamURI >were the same and the ones in the perl directories, now --lint works fine. >However the 3 directories it found all have lots of pm's in them not just >these 3 that come with spamURI. >I also re-installed. >but it seems that spam is still not getting tagged with URI.... :-( >>Here is what Eric Kolve wrote recently about a similar >>error: > It looks like you have two Conf.pm files floating around. > > Do a locate for 'Conf.pm', you probably have one from a previous > perl install or SpamCopURI is going into the wrong place. > > You are looking for a directory that only has Conf.pm, PerMsgStatus.pm > and SpamCopURI.pm. Remove all those files and try re-installing. > > --eric >>Hope this helps, >>Jeff C. --------------------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ---------------------------------------------------------------------------

2 1

RE: [SURBL-Discuss] fp: straight dope dot com
by Chris Santerre 16 Aug '04

16 Aug '04

>-----Original Message----- >From: Steven Champeon [mailto:schampeo@hesketh.com] >Sent: Friday, August 13, 2004 4:53 PM >To: SURBL Discussion list >Subject: Re: [SURBL-Discuss] fp: straight dope dot com > > >on Fri, Aug 13, 2004 at 04:03:08PM -0400, William Stearns wrote: >> I added this one after a) they "subscribed" another >mailing list >> to which I was a member and b) were not able to tell me how >this happened. >> I have no problem with whitelisting them if they have >legitimate >> subscribers, of course. > >Yep. One of the class of irresponsible list managers, but not SURBL >fodder. > >> My apologies to Steve and all the other straightdope users. > >Eh, no worries. > slightly OT: I've had a lot of submissions from people saying "They won't unsubscribe me!" I don't list based soely on that. However it is an issue. Almost the same as being subscribed without knowledge of it. --Chris

2 1

RE: [SURBL-Discuss] sounddogs.com FP on WS.
by Chris Santerre 16 Aug '04

16 Aug '04

We've all improved our methods. We kick Butt! :) I will try to get to this tomorrow. I'm swamped with all sorts of things coming out of the woodwork! Look there's another problem! Problems everywhere! AAAhhhhahahahahahahahahaha!!!!! --Chris (Hiding under his desk, sucking his thumb, and holding his blankie!) >-----Original Message----- >From: Steven Champeon [mailto:schampeo@hesketh.com] >Sent: Monday, August 16, 2004 1:24 PM >To: SURBL Discussion list >Subject: Re: [SURBL-Discuss] sounddogs.com FP on WS. > > >on Mon, Aug 16, 2004 at 07:15:53PM +0200, Raymond Dijkxhoorn wrote: >> Hi! >> >> > > I've changed the review process of Steve's domains since >then. So far all >> > > have been from back in June. If I get a second I'll go >thru them again, but >> > > there was a TON! Steve's a busy little bug ;) >> >> > Chris, as I mentioned offlist, the list I sent you back in >June was all >> > of my historical blocks, including HELO arguments from possible joe >> > jobs, etc. I'll send you my 'badhelos' file offlist, and you can go >> > through and see how many of those were >> > >> > 1) in my list sent in June >> > 2) also listed in some other domain bl >> > 3) probable FPs >> >> If would be nice to diff those out... will cut down FP rate >a lot i think >> if that list is somehow large :) > >Yes, Raymond, that's why I sent the complete list to Chris, so >he can do >just that. And as he said, out of ~7300 domains, we've had 4 FPs in >three months. So, "a lot" is a matter of some debate. Most of the FPs I >see are unrelated to the badhelos. > >-- >hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com Buy "Cascading Style Sheets: Separating Content from Presentation, 2/e" today! http://www.amazon.com/exec/obidos/ASIN/159059231X/heskecominc-20/ref=nosim/ _______________________________________________ Discuss mailing list Discuss(a)lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss

1 0

← Newer
1
...
7
8
9
10
11
12
13
...
21
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss August 2004