Discuss

discuss@lists.surbl.org

1 participants
1864 discussions

Re: [SURBL-Discuss] Possible fps
by Jeff Chan 08 Nov '04

08 Nov '04

On Sunday, November 7, 2004, 8:54:28 AM, Tastings Journal wrote: > I run www.TastingsJournal.com and saw your letter on the internet. Our > messages do go out to a large base of people that have been members @ > PartySlave.com or PartyPolice.com > I send out just HTML text only messages and then direct people to the site. > Even though they have subscribed I still put an unsubscribe link in each > mail. I am not sure if this message means since I am not that familiar > with FP's or SURBL (black lists?) > Etc etc. If I am listed, I would like to know what measures I can take with > you to have the stigma taken off the Domain. > Thanks > James James, Please add confirmations to your subscriptions. Otherwise anyone can subscribe john(a)johnkerry.com, for example. Looks like this domain is on the Outblaze list. Outblaze, Please consider removing this domain. It has no NANAS, is not on RBLs, appears to have legitimate uses. Jeff C. -- "If it appears in hams, then don't list it."

1 0

C version of SURBL client?
by Andrew 07 Nov '04

07 Nov '04

Hi All, Does anyone know if there is an open-source client written in c to perform URL searches in message bodies, and then lookups against a SURBL ? (This is not for use with SA) Cheers, Andrew

4 7

Another program that uses SURBL
by Bret Miller 06 Nov '04

06 Nov '04

Just ran across this today. Doug's content filter for Merak, Exchange and Communigate Pro now supports SURBL too. http://www.2150.com/regexfilter/ Bret ---------- Send your spam to: bretmiller(a)wcg.org <mailto:bretmiller@wcg.org> Thanks for keeping the internet spam-free!

2 1

Virginia Law is used for first time for felony SPAM convictions
by Kevin A. McGrail 05 Nov '04

05 Nov '04

Pre-Face: We run the public nameserver d3.surbl.org and it is located in Virginia as is our company. I wonder whether things like surbl (I can definitely see Razor) could be extrapolated to increase the venue of this type of law? At the very worst, I think this is a definite "spammer beware". Anyway, after staying up till the wee hours after the election, I missed this news article about 2 spammers being convicted of 3 felony's each in Virginia this week. One sentenced to 9 years in jail, one got $7500 fine. However, one particularly interesting note. This case only accounted for SPAM sent for less than a month and 3 days of email over 10K each day were the reason for the 3 felony convictions. Important to note, these were extraditions from North Carolina where they SPAMmed users at AOL. It looks like using or sending to Virginia-based servers will be enough for felony convictions. Regards, KAM Some sparse info here: http://www.washingtonpost.com/wp-dyn/articles/A23622-2004Nov3.html More sentencing info here: http://www.computerweekly.com/articles/article.asp?liArticleID=134815&liArt…

1 0

Syntax issues
by Joe Zitnik 04 Nov '04

04 Nov '04

I am having problems getting all of my SURBL rules to work. My rules are below. All my rules work except two of them (I think): URIBL_PH_SURBL and URIBL_AH_DNSBL I have check through my archived spam, and can find no hits on those rules. If I run spamassassin --lint, I get no syntax errors. Are my rules not working, or do those rules almost never hit? urirhsbl URIBL_SC_SURBL sc.surbl.org. A header URIBL_SC_SURBL eval:check_uridnsbl('URIBL_SC_SURBL') describe URIBL_SC_SURBL Contains a URL tflags URIBL_SC_SURBL net score URIBL_SC_SURBL 4.0 urirhsbl URIBL_WS_SURBL ws.surbl.org. A header URIBL_WS_SURBL eval:check_uridnsbl('URIBL_WS_SURBL') describe URIBL_WS_SURBL Contains a URL tflags URIBL_WS_SURBL net score URIBL_WS_SURBL 2.0 urirhsbl URIBL_OB_SURBL ob.surbl.org. A header URIBL_OB_SURBL eval:check_uridnsbl('URIBL_OB_SURBL') describe URIBL_OB_SURBL Contains a URL tflags URIBL_OB_SURBL net score URIBL_OB_SURBL 4.0 urirhsbl URIBL_AB_SURBL ab.surbl.org. A header URIBL_AB_SURBL eval:check_uridnsbl('URIBL_AB_SURBL') describe URIBL_AB_SURBL Contains a URL tflags URIBL_AB_SURBL net score URIBL_AB_SURBL 5.0 urirhssub URIBL_PH_SURBL multi.surbl.org. A 8 header URIBL_PH_SURBL eval:check_uridnsbl('URIBL_PH_SURBL') describe URIBL_PH_SURBL Contains a URL tflags URIBL_PH_SURBL net score URIBL_PH_SURBL 5.0 urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 header URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') describe URIBL_JP_SURBL Contains a URL score URIBL_JP_SURBL 4.0 uridnsbl URIBL_AH_DNSBL dnsbl.ahbl.org. TXT body URIBL_AH_DNSBL eval:check_uridnsbl('URIBL_AH_DNSBL') describe URIBL_AH_DNSBL Contains a URL listed in the AH DNSBL tflags URIBL_AH_DNSBL net score URIBL_AH_DNSBL 0.5

2 2

Nice URIDNSBL functionality
by Bill Landry 04 Nov '04

04 Nov '04

Folks, with some of the nice functionality that the SA devs built into the URIDNSBL plug-in (see http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin…), you can do cool things like: ===== # URIDNSBL (queries URIs against standard DNSBLs) uridnsbl URIBL_AH_DNSBL dnsbl.ahbl.org. TXT body URIBL_AH_DNSBL eval:check_uridnsbl('URIBL_AH_DNSBL') describe URIBL_AH_DNSBL Contains a URL listed in the AH DNSBL blocklist tflags URIBL_AH_DNSBL net score URIBL_AH_DNSBL 0.5 uridnsbl URIBL_NJA_DNSBL combined.njabl.org. TXT body URIBL_NJA_DNSBL eval:check_uridnsbl('URIBL_NJA_DNSBL') describe URIBL_NJA_DNSBL Contains a URL listed in the NJA DNSBL blocklist tflags URIBL_NJA_DNSBL net score URIBL_NJA_DNSBL 0.5 uridnsbl URIBL_SBL_XBL sbl-xbl.spamhaus.org. TXT body URIBL_SBL_XBL eval:check_uridnsbl('URIBL_SBL_XBL') describe URIBL_SBL_XBL Contains a URL listed in the SBL-XBL DNSBL blocklist tflags URIBL_SBL_XBL net score URIBL_SBL_XBL 0.5 uridnsbl URIBL_SORBS_DNSBL dnsbl.sorbs.net. TXT body URIBL_SORBS_DNSBL eval:check_uridnsbl('URIBL_SORBS_DNSBL') describe URIBL_SORBS_DNSBL Contains a URL listed in the SORBS DNSBL blocklist tflags URIBL_SORBS_DNSBL net score URIBL_SORBS_DNSBL 0.5 # URIRHSBL (queries URIs against standard RHSBLs) urirhsbl URIBL_AH_RHSBL rhsbl.ahbl.org. A body URIBL_AH_RHSBL eval:check_uridnsbl('URIBL_AH_RHSBL') describe URIBL_AH_RHSBL Contains a URL listed in the AH RHSBL blocklist tflags URIBL_AH_RHSBL net score URIBL_AH_RHSBL 0.5 urirhsbl URIBL_MP_RHSBL block.rhs.mailpolice.com. A body URIBL_MP_RHSBL eval:check_uridnsbl('URIBL_MP_RHSBL') describe URIBL_MP_RHSBL Contains a URL listed in the MP RHSBL blocklist tflags URIBL_MP_RHSBL net score URIBL_MP_RHSBL 0.5 urirhsbl URIBL_SS_RHSBL blackhole.securitysage.com. A body URIBL_SS_RHSBL eval:check_uridnsbl('URIBL_SS_RHSBL') describe URIBL_SS_RHSBL Contains a URL listed in the SS RHSBL blocklist tflags URIBL_SS_RHSBL net score URIBL_SS_RHSBL 0.5 ===== I have been running these additional URI tests for about two weeks and have gotten very good results. If you decide to try out these tests, you may want to run them with minimal scores until you see how they are going to perform for you in your particular environment. Bill

6 12

Re: SURBL not working properly in SA 3.0.x (and MailScanner)
by alden＠engineno9inc.com 03 Nov '04

03 Nov '04

On Tuesday, November 2, 2004, 1:10:15 PM, Alden Levy wrote: >> Last week, I upgraded my server to FC1 (from RH 7.3). Sendmail, Ensim, and >> perl also got upgraded (to 8.12.x, 4.02, 5.8.1, respectively. >> Before the upgrade, everything worked well with SA 3.0.0 and MaliScanner >> 4.34. Now, SURBL doesn't work unless I do some really strange things. I've >> reinstalled SA, MS, and ClamAV, but no joy. I've since upgraded to SA 3.0.1, >> MS 4.35.9 and Mail::ClamAV 0.13. I already had ClamAV 0.80 installed. >> spamassassin -D --lint works fine, and when I test spamassassin with a SURBL >> URL, it gives the expected output. I don't get hits with MailScanner running >> unless I put the contents of 25_uribl.cf into my spam.assassin.prefs.conf >> (which has a link from local.cf). >> And my mail logs look fine, i.e., no errors, no MS restarts, etc. >Did you remember to change your URIBL rules from header to body? Yep. I did this (I, too, had hoped that this would fix my problem). Any other thoughts? Thanks. > http://www.surbl.org/ > Important Note Regarding SpamAssassin 3.0.1 and later: When > adding URIDNSBL rules, including SURBL or SBL ones using > urirhsbl, urirhssub or uridnsbl, be sure to set the rule type > to body. For example: > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html > tflags URIBL_JP_SURBL net > > score URIBL_JP_SURBL 4.0 > > This is a change from SpamAssassin 3.0.0, where body above was > previously header. Here is the changelog reference: > > r54022 | felicity | 2004-10-07 22:21:30 +0000 (Thu, 07 Oct 2004) | 1 line > > bug 3734: uridnsbl rules work on body data, not header data, so change > the rule type from header to body >Jeff C.

3 2

SURBL not working properly in SA 3.0.x (and MailScanner)
by Alden Levy 03 Nov '04

03 Nov '04

Last week, I upgraded my server to FC1 (from RH 7.3). Sendmail, Ensim, and perl also got upgraded (to 8.12.x, 4.02, 5.8.1, respectively. Before the upgrade, everything worked well with SA 3.0.0 and MaliScanner 4.34. Now, SURBL doesn't work unless I do some really strange things. I've reinstalled SA, MS, and ClamAV, but no joy. I've since upgraded to SA 3.0.1, MS 4.35.9 and Mail::ClamAV 0.13. I already had ClamAV 0.80 installed. spamassassin -D --lint works fine, and when I test spamassassin with a SURBL URL, it gives the expected output. I don't get hits with MailScanner running unless I put the contents of 25_uribl.cf into my spam.assassin.prefs.conf (which has a link from local.cf). And my mail logs look fine, i.e., no errors, no MS restarts, etc. Any help would be appreciated. Thanks, Alden Alden Levy Engine No. 9, Inc. 130 W. 57th Street, Suite 12E New York, NY 10019 (212) 981-1122 (212) 725-7202 fax

2 1

applying surbl
by George Georgalis 01 Nov '04

01 Nov '04

Q Q Q H A P P Y Q H A L L O W E E N Q Q Q ! I'm having trouble getting surbl to work... SpamAssassin Server version 3.0.0 running on Perl 5.6.1 I have /usr/share/perl5/Mail/SpamAssassin/Plugin/URIDNSBL.pm and I can see from the spamd startup logs I'm loding it twice in cf files: loadplugin Mail::SpamAssassin::Plugin::URIDNSBL and I have score URIBL_AB_SURBL 2.007 score URIBL_OB_SURBL 1.996 score URIBL_PH_SURBL 0.839 score URIBL_SBL 0.629 score URIBL_SC_SURBL 3.897 score URIBL_WS_SURBL 0.539 and I bumped up uridnsbl_timeout 8 but "it's not working" even when I cat spam with http://test.surbl.org/ to spamc -R, none of the surbl tests work. I was suprised to discover it doesn't check the body for foe, only the header, eg urirhssub URIBL_SC_SURBL multi.surbl.org. A 2 header URIBL_SC_SURBL eval:check_uridnsbl('URIBL_SC_SURBL') describe URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist tflags URIBL_SC_SURBL net but, it's not matching anything. What am I doing wrong? // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:george@galis.org

3 4

Lists anounced on SA-dev and users
by Jeff Chan 31 Oct '04

31 Oct '04

FWIW I've announced these lists on spamassassin-dev and spamassassin-users. Hopefully we will get some additional interested folks to join in. Jeff C. __ Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

2 1

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss