Discuss

discuss@lists.surbl.org

1862 discussions

RE: [SURBL-Discuss] Remove overlapping rules due to SURBL?
by Chris Santerre 30 Jun '04

30 Jun '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Wednesday, June 30, 2004 4:40 AM >To: 'SURBL Discussion list' >Subject: Re: [SURBL-Discuss] Remove overlapping rules due to SURBL? > > >On Wednesday, June 30, 2004, 12:46:50 AM, Martin Lyberg wrote: >> This is the lists i use at the moment: > >> # sc.surbl.org - SpamCop message-body URI domains >> # ws.surbl.org - sa-blacklist domains as a SURBL >> # be.surbl.org - BigEvil and MidEvil domains >> # ob.surbl.org - OutBlaze spamvertised sites >> # ab.surbl.org - AbuseButler spamvertised sites > >> I wonder if any of my following rulesets is overlapping the >SURBL-lists and >> should be removed? > >> I have the following rulesets: > >> 70_sare_adult.cf >> 70_sare_random.cf >> 70_sare_specific.cf >> 72_sare_bml_post25x.cf >> antidrug.cf >> backhair.cf >> bigevil.cf >> chickenpox.cf >> evilnumbers.cf >> tripwire.cf >> weeds.cf > >Hi Martin, >On behalf of everyone contributing to the SURBL poject, thanks >for your kind words. Glad you're finding SURBLs useful. > >Chris or one of the SARE guys will know a lot more about >the specific SARE rules, but I know that the domains in >bigevil.cf are in be.surbl.org, so you may be able to >get rid of bigevil.cf. For that matter the records in >be.surbl.org are now in ws.surbl.org, so you can get rid >of be.surbl.org also. > >Chris & Co are probably creating a heavily wildcarded ruleset >that you may want to use in future in addition to SURBLs. > >1. Get rid of bigevil.cf, it's mostly in be.surbl.org >2. Get rid of be.surbl.org, it's in ws.surbl.org > Just a followup. Yup everything Jeff covered is spot on! However I see your not running any of the 70_SARE_HTML rulesets. You should look into those. They don't overlap either. And they are very good. -_Chris

1 0

RE: [SURBL-Discuss] Fwd: Re: blacklist brings system to halt
by Chris Santerre 30 Jun '04

30 Jun '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Wednesday, June 30, 2004 2:06 AM >To: SURBL Discuss >Subject: [SURBL-Discuss] Fwd: Re: blacklist brings system to halt > > >Here's some additional info on some of the recent >sa-blacklist/ws.surbl.org/6dos goings on, copied from a >message I sent to the SpamAssassin-users list: > *snip* > >I think I can help explain why sa-blacklist went from 1.5 MB >to 5.5 MB in size suddenly. Chris Santerre added a fairly large >set of records from 6dos (6 degrees of spam) around that time in >order to get the records into ws.surbl.org and sa-blacklist. >Chris, Bill and I then discussed this and decided to take them >back out of sa-blacklist and therefore ws.surbl.org, and put >the 6dos entries into its own SURBL instead. Yeah....ummm.....I made a little boo boo :) This is what happens with 3 weeks off of hockey and only 3 hours sleep the night before. I have been LART'd and it won't happen again. "Bad little monkey! Bad!" --Chris

1 0

RE: [SURBL-Discuss] Remove overlapping rules due to SURBL?
by Martin Lyberg 30 Jun '04

30 Jun '04

: From: Jeff Chan [mailto:jeffc@surbl.org] : Hi Martin, : On behalf of everyone contributing to the SURBL poject, : thanks for your kind words. Glad you're finding SURBLs useful. Hi! We can't thank you guys enough. What should we do without SA and these services? :) : 1. Get rid of bigevil.cf, it's mostly in be.surbl.org 2. Get : rid of be.surbl.org, it's in ws.surbl.org Bigevil.cf and be.surbl.org removed. Thanks for your help! / Martin

1 0

[SARE] Bigevil IMPORTANT update/test.
by Chris Santerre 30 Jun '04

30 Jun '04

Ok guys, sorry there have been little updates to BE for a while. I have been working closely with SURBL project. We have got to the point where BE is now generated from ws.surbl.org which is what I have been contributing domains to instead of BE. Awaiting for this day. :) So we now have BE auto generated from WS.surbl.org...however this is a LOT more data! HUGE increase. There are now 2369 rules! TOP reports SIZE going from 22 megs to now 36 megs for spamd, however RSS only went from 21 megs to 22 megs. I have no idea how this will effect systems under heavy load. Those systems should definitely stay with SURBL as this is just a local regex copy of it. But for those systems that can't/won't use SURBL and want a local copy of this larger bigevil here is the link: (~600k) www.rulesemporium.com/rules/bigevil2.cf PLEASE report any findings to this list. It lints fine and I'm running it today. Part of me is wondering if this is even worthwhile when SA 3.0 will support SURBL direct. So these tests may be just to see the effect of such a ruleset on SA right now. We may just do away with it and have everyone use SURBL. The only updates I've been doing to the regular BE is removing a few FPs. I will not officially make this new large file the regular Bigevil for at least a week. Again, please give feedback. Thanks! Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin

3 2

Remove overlapping rules due to SURBL?
by Martin Lyberg 30 Jun '04

30 Jun '04

Hi! I'm been using the SURBL-lists for some month now, and i'm very satisfied with the results. This is the lists i use at the moment: # sc.surbl.org - SpamCop message-body URI domains # ws.surbl.org - sa-blacklist domains as a SURBL # be.surbl.org - BigEvil and MidEvil domains # ob.surbl.org - OutBlaze spamvertised sites # ab.surbl.org - AbuseButler spamvertised sites I wonder if any of my following rulesets is overlapping the SURBL-lists and should be removed? I have the following rulesets: 70_sare_adult.cf 70_sare_random.cf 70_sare_specific.cf 72_sare_bml_post25x.cf antidrug.cf backhair.cf bigevil.cf chickenpox.cf evilnumbers.cf tripwire.cf weeds.cf Thanks alot for this great service, and keep up the good work guys! / Martin

2 1

RE: [SURBL-Discuss] Pleaae beta test ds.surbl.org - 6dos data
by Chris Santerre 30 Jun '04

30 Jun '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Monday, June 28, 2004 10:41 PM >To: SURBL Discuss >Subject: [SURBL-Discuss] Pleaae beta test ds.surbl.org - 6dos data > > >Please beta test ds.surbl.org which is the 6dos data turned into >a SURBL. In particular, please check the false positive rate and >let us know what you find. > >Please do not use ds.surbl.org for production mail servers as it >is hosted only on my name server. > >(Chris, the list has about 120,000 entries. Were there some .c >files which we should exclude?) "So, drop: Misc.c Registrars.c Mainsleaze.c and that oughta put a pretty big dent in complaints." - A friend. ;) --Chris

2 2

sa-blacklist/spamgate limping at the moment
by William Stearns 29 Jun '04

29 Jun '04

Good day, all, The physical host that hosts www.stearns.org, spamgate, and around 25 other virtual machines has experienced some massive drive problems over the last 36 exhausing hours. I have the systems mostly up, but there's a lot of cleanup work that needs to be done. I don't expect to be able to restore the automatic update functionality until this weekend. To the best of my knowledge, ws.surbl.org (hosted on another physical system) is working just fine. It'll keep providing the latest list until I can get the automatic updates working again. Cheers, - Bill --------------------------------------------------------------------------- "Absence is to love what wind is to fire. It extinguishes the small, it enkindles the great." (Courtesy of Arnaud Installe <ainstalle(a)filepool.com>) -------------------------------------------------------------------------- William Stearns (wstearns(a)pobox.com). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --------------------------------------------------------------------------

1 0

RE: [SURBL-Discuss] Whitelist entry needed
by Chris Santerre 29 Jun '04

29 Jun '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Tuesday, June 29, 2004 10:24 AM >To: SURBL Discussion list (E-mail) >Subject: Re: [SURBL-Discuss] Whitelist entry needed > > >On Tuesday, June 29, 2004, 7:18:15 AM, Chris Santerre wrote: >> I can't get to Stearns site just yet to fix this. (server is >up, but not >> back to where we can change things yet.) We need to >whitelist search.com > >I've whitelisted it in SURBLs. > Many thanks. --chris

1 0

RE: [SURBL-Discuss] Pleaae beta test ds.surbl.org - 6dos data
by Chris Santerre 29 Jun '04

29 Jun '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Tuesday, June 29, 2004 10:23 AM >To: Chris Santerre >Cc: 'Jeff Chan'; 'SURBL Discussion list' >Subject: Re: [SURBL-Discuss] Pleaae beta test ds.surbl.org - 6dos data > > >On Tuesday, June 29, 2004, 7:12:38 AM, Chris Santerre wrote: > >>>From: Jeff Chan [mailto:jeffc@surbl.org] > >>>As a data point, 6dos hit 300 whitelist entries out of 120,000 >>>records, which is about a ten times greater whitelist hit *rate* >>>than ob.surbl.org. >>> > >> 0.25% fp rate, so it has an S/O rating of 99.75 :) > >No, that's not an FP rate since my whitelist does not include >every possible FP. In fact, it's rather limited. More like >the 1000 most common web domains plus many more obscure >geographic tlds that will probably never be used in spams. LOL, you missed the joke there! ;) > >The whitelist hits might give a hint at relative FP rates between >lists, but only actual testing against real messages will give >meaningful FP rates. Believe me, I know! > >> Actually that is great info. Can we get the whitelist hits? >This might be a >> great way to tweak the 6dos list. I'm also very interested >in who hit the >> whitelist. I'd like to see the xref in 6dos to see who these >people are >> dealing with. I think RSK would be interested as well. > >I've saved a copy of the 6dos hits against my whitelist at: > > http://spamcheck.freeapp.net/6dos.domains.whitelist-hits > Sweeeeet! >The entire whitelist, including many geographic domains is at: > > http://spamcheck.freeapp.net/whitelist-domains.sort > >> Even if we have to clean up 1-2% of these listed, look how >many evil domains >> we get. But I fully understand your philosophy on this Jeff. >Some of these >> evil domains may not have spammed.....yet. ;) > >I don't mind pre-emptively listing every domain of every known >spam operation. What we don't want are FPs on legitimate domains. > 10-4 good buddy. --Chris

1 0

Whitelist entry needed
by Chris Santerre 29 Jun '04

29 Jun '04

I can't get to Stearns site just yet to fix this. (server is up, but not back to where we can change things yet.) We need to whitelist search.com Anyway you can fix that Jeff? Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin

2 1

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss