Discuss August 2004

discuss@lists.surbl.org

56 participants
207 discussions

RE: [SURBL-Discuss] Re: another round on the SpamAssassin logos?
by Chris Santerre 12 Aug '04

12 Aug '04

Um....I know we are going to do this logo contest for SARE....so.....SURBL? >-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Thursday, August 12, 2004 6:01 AM >To: SURBL Discuss >Subject: [SURBL-Discuss] Re: another round on the SpamAssassin logos? > > >FWIW I think the arrow one is by far the best. Professional, >pretty, meaningful, etc... I like the one with only the >orange message being hit the best. > >Jeff C. > >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss >

2 1

RE: Another Possible FP and header parsing issues
by Rob McEwen 12 Aug '04

12 Aug '04

I have a two-part question: (1) header parsing issues... I was reading a web site discussing an implementation of SURBL on the IceWarp web server (using a third party add-on). One person complained that there are too many false positives when submitting IPs and domains found in the header of the e-mail. They felt like ONLY the body of the message should be examined. I see good arguments both ways. For example, parsing the header can catch spam which was originally sent to one place, but then forwarded to another. On the other hand, actual affiliate URLs would only normally occur in the body of the message. Any thoughts or suggestions? (2) Another Possible FP... This person was asked to give an example of a message which shouldn't have been blocked and which would have gone through if the header wasn't parsed. They provided an example which had the following line in the header: Message-ID: <000b01c47f1a$e02f73e0$0200a8c0(a)MUNGED-callatg.com> The offending domain was MUNGED-callatg.com Therefore, I must ask, could MUNGED-callatg.com be a FP? The reason I suspect so is because they mentioned that this company is a division of GE. Please check on this.

1 0

Re: another round on the SpamAssassin logos?
by Jeff Chan 12 Aug '04

12 Aug '04

FWIW I think the arrow one is by far the best. Professional, pretty, meaningful, etc... I like the one with only the orange message being hit the best. Jeff C.

1 0

Whitelisting allthesites.org
by Jeff Chan 12 Aug '04

12 Aug '04

I'm whitelisting allthesites.org which appears in WS and may be a false positive. Would the WS folks please check it and also remove if appropriate. It looks to be a domain that has appeared in a few spam headers, meaning it's an occasional spam sending domain. Thanks, Jeff C.

1 0

Re: lakegrp.com
by Jeff Chan 11 Aug '04

11 Aug '04

On Wednesday, August 11, 2004, 2:36:57 PM, Jim McEntee wrote: > URIBL: multi.surbl.org: listed [Blocked, lakegrp.com on lists [ws], See: > <http://www.surbl.org/lists.html> http://www.surbl.org/lists.html] > Hello, > I am the administrator of lakegrp.com, this is a legitimate domain. > Thanks. Thanks I've whitlisted: lakegrp.com lakegroupmedia.com Any others? WS admins please take this out of WS and check how it got in. It's a 1994 registered domain.... Jeff C. -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

1 0

freehosting.net FP on WS
by Patrik Nilsson 11 Aug '04

11 Aug '04

freehosting.net is listed in WS. freehosting.net has been around since 1998. Subdomains are available to customers. Most of these customers and subdomains are not spammers. Checking NANAS reports vs. other postings on Google Groups indicate that having freehosting.net listed will generate a lot of false positives and catch almost no spam. Patrik

2 1

enya1.cjb.net
by Chris Santerre 11 Aug '04

11 Aug '04

cjb.net is a redirecting service. However they 'appear' to not tolerate spammers. On thing I DON'T like is that when you go to this site, it tries to install "free access" plugin! (Thanx again FireFox!) ANyone got anymore on these guys? Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin

2 1

{Spam?} Re: Lowering TTLs
by Rob McEwen 11 Aug '04

11 Aug '04

Jeff said: >OK I'm going to go ahead and reduce the TTLs on the zones >to one hour. That's for all zones other than sc.surbl.org >which has a 10 minute TTL. It includes multi also. >Let's watch name server traffic and see if it changes much >as a result. Of course it's a little difficult to measure >this now since SpamAssassin 3.0 is also rolling out with SURBL >support. But if DNS traffic goes up too much we can back >this off. >I'd still like to experiment with shorter and longer TTLs >at some point to try to optimize them further. >Jeff C. I goofed by replying to this, thus hijacking his sub-thread with another topic. Hopefully, Im repairing the damage here :) I would add that another interesting question is: how many out there are using everything but multi in order to get catch more of the newer stuff faster? If so, it seems to me that the combined extra lookups done on multiple surbl lists would be a larger strain on resources when compared to doing a single lookup on the multi list where the multi list has a shorter TTL time. Follow? (I admit, I recently abandoned the multi list in favor of using ALL other lists for this very reason. I will now switch to two lists: multi & sc) Rob McEwen

2 1

RE: [SURBL-Discuss] RE: Pesky Pron Spam
by Chris Santerre 11 Aug '04

11 Aug '04

>-----Original Message----- >From: Rob McEwen [mailto:webmaster@powerviewsystems.com] >Sent: Wednesday, August 11, 2004 9:02 AM >To: 'SURBL Discussion list' >Subject: [SURBL-Discuss] RE: Pesky Pron Spam >Importance: High > > >I keep getting this "pesky" pron spam which gets past my all >my filters (my >regex-based linguestic filter, my spamhaus.org RBL filter, and my SURBL >filter). > >I think that these are getting blocked the next day, but this >particular >spammer is very aggressive and keeps sending new stuff so I >keep getting the >new stuff before it gets a chance to get blocked. > >I have noticed some patterns in the e-mails. For example, they all have >three images stacked vertically. Therefore, I think that I >should be able to >catch these with the right formulation of rules within my >linguistic filter. > >You can find the raw contents of my most recent two of these >as follows: > >http://www.pvsys.com/pn01.txt > >http://www.pvsys.com/pn02.txt > >Does anyone have any suggestions? Note that I am not using >SpamAssassin. I >am using another program. However, if SpamAssassin already >handles this, >could someone point me to the rules that SpamAssassin uses so >that I can use >these as a guide? Any other suggestions? > >Thanks! > >Rob McEwen > > Look at these things they have in common. Need to look at rawbody code. alt=3d =2e(org|gif|htm) #split into 3 name=3dgenerator ==.HTM bgColor=3d face=3d src=3d border=3d title=3d face=3d <STYLE></STYLE> Needs to be one big meta rule HTH --Chris

4 4

Re: [SURBL-Zones] Lowering TTLs
by Jeff Chan 11 Aug '04

11 Aug '04

On Monday, August 9, 2004, 3:37:56 PM, Jeff Chan wrote: > I thinking about dropping the TTL on the lists that had 6 and 8 > hour TTLs down to 1 hour in order to get new entries active > sooner. We have not tested this to see what effect it would have > on traffic; an experiment we would still like to try with a > range of different TTLs. > Does anyone have any objections to this? It would still be > longer than the default 35 minute TTL that rbldnsd uses. OK I'm going to go ahead and reduce the TTLs on the zones to one hour. That's for all zones other than sc.surbl.org which has a 10 minute TTL. It includes multi also. Let's watch name server traffic and see if it changes much as a result. Of course it's a little difficult to measure this now since SpamAssassin 3.0 is also rolling out with SURBL support. But if DNS traffic goes up too much we can back this off. I'd still like to experiment with shorter and longer TTLs at some point to try to optimize them further. Jeff C. -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

4 8

← Newer
1
...
11
12
13
14
15
16
17
...
21
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss August 2004