I have been running multi test since the release of SpamCopURI-0.20, however, in spite of the fact that I have seen several phishing e-mail from US Bank and E-Bay, and others, I have never gotten a hit on ph.surbl.org.
Here are my test entries: ========== uri SC_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/2') describe SC_URI_RBL URI's domain appears in SC database at sc.surbl.org tflags SC_URI_RBL net score SC_URI_RBL 17.0
uri WS_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/4') describe WS_URI_RBL URI's domain appears in WS database at ws.surbl.org tflags WS_URI_RBL net score WS_URI_RBL 17.0
uri PH_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/8') describe PH_URI_RBL URI's domain appears in PH database at ph.surbl.org tflags PH_URI_RBL net score PH_URI_RBL 27.0
uri OB_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/16') describe OB_URI_RBL URI's domain appears in OB database at ob.surbl.org tflags OB_URI_RBL net score OB_URI_RBL 17.0
uri AB_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/32') describe AB_URI_RBL URI's domain appears in AB database at ab.surbl.org tflags AB_URI_RBL net score AB_URI_RBL 17.0
uri DS_URI_RBL eval:check_spamcop_uri_rbl('ds.surbl.org','127.0.0.2') describe DS_URI_RBL URI's domain appears in DS database at ds.surbl.org tflags DS_URI_RBL net score DS_URI_RBL 12.0 ==========
I get lots of hits on all of the other test. Can someone post a munged URI that should hit on the PH list so I can test with it.
Thanks,
Bill
On Thursday, August 5, 2004, 4:01:08 PM, Bill Landry wrote:
I have been running multi test since the release of SpamCopURI-0.20, however, in spite of the fact that I have seen several phishing e-mail from US Bank and E-Bay, and others, I have never gotten a hit on ph.surbl.org.
uri PH_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/8') describe PH_URI_RBL URI's domain appears in PH database at ph.surbl.org tflags PH_URI_RBL net score PH_URI_RBL 27.0
Hi Bill, Unlike the other separate lists, there are no fixed testpoints in the ph data. However here are some of the entries currently on the list:
ebay-co.org ebay-secure.dr.ag ebay-secure.info ebay-secureupdate.com ebayco.org
usbanksecure.info usbankverify.com
If you mail those to yourself in URL form, you should get some hits on ph.
A couple extra comments:
1. Please don't use ds.surbl.org; it's probably going away, was for testing only, and has too many false positives.
2. Please use SpamCopURI 0.22 since it has some fixes and supports the new preferred 128.0.0.0+8 syntax, which everyone should now use.
Cheers,
Jeff C.
----- Original Message ----- From: "Jeff Chan" jeffc@surbl.org
Hi Bill, Unlike the other separate lists, there are no fixed testpoints in the ph data. However here are some of the entries currently on the list:
ebay-co.org ebay-secure.dr.ag ebay-secure.info ebay-secureupdate.com ebayco.org
usbanksecure.info usbankverify.com
If you mail those to yourself in URL form, you should get some hits on ph.
Thanks, I was able to confirm with these URIs that the PH list is working.
A couple extra comments:
- Please don't use ds.surbl.org; it's probably going away,
was for testing only, and has too many false positives.
No data refresh in sight for this list?
- Please use SpamCopURI 0.22 since it has some fixes
and supports the new preferred 128.0.0.0+8 syntax, which everyone should now use.
I will be upgrading both of our production gateways this evening to SA 2.64 and SpamCopURI 0.22.
Thanks for the test URIs!
Bill
On Thursday, August 5, 2004, 5:30:08 PM, Bill Landry wrote:
From: "Jeff Chan" jeffc@surbl.org
- Please don't use ds.surbl.org; it's probably going away,
was for testing only, and has too many false positives.
No data refresh in sight for this list?
Actually I can do one at any time, and may do so, but a more fundamental issue is that the data is really not ready for production use yet, as most of the people involved with the source data agree.
That said, at some point they may be able to get a version that only includes the known professional spammers, or one that only includes the most often reported records. Either of those could probably be usable, but I have not heard of a time frame for them.
Jeff C.
On Thu, 5 Aug 2004 16:01:08 -0700, Bill Landry billl@pointshare.com wrote:
I have been running multi test since the release of SpamCopURI-0.20, however, in spite of the fact that I have seen several phishing e-mail from US Bank and E-Bay, and others, I have never gotten a hit on ph.surbl.org.
Hi Bill,
One of the problems with Phishing is that the blocking is very much reactive and the message flows tend to be much smaller than spamming runs. The other complication is that phishers seem to use trojaned PC's or hacked servers to host content, so the content is almost always different.
We add to the list as soon as our spamtraps see one, however end user submissions are also very much encouraged - if you get anything which slips through, please forward it to postmaster at corp.mailsecurity.net.au
I get lots of hits on all of the other test. Can someone post a munged URI that should hit on the PH list so I can test with it.
The PH list is still quite small and our data feeds are still growing, please feel free to become one of them!!
----- Original Message ----- From: "David Hooton" david.hooton@gmail.com
Hi Bill,
One of the problems with Phishing is that the blocking is very much reactive and the message flows tend to be much smaller than spamming runs. The other complication is that phishers seem to use trojaned PC's or hacked servers to host content, so the content is almost always different.
We add to the list as soon as our spamtraps see one, however end user submissions are also very much encouraged - if you get anything which slips through, please forward it to postmaster at corp.mailsecurity.net.au
I get lots of hits on all of the other test. Can someone post a munged
URI
that should hit on the PH list so I can test with it.
The PH list is still quite small and our data feeds are still growing, please feel free to become one of them!!
Thanks David, I will absolutely do that. Too bad I didn't check this list sooner, I already reported a couple of them to the Sniffer folks earlier today and then deleted them (yes, from my sent items, as well).
Bill
Can "multi" be implemented with Spamassassin 2.63 ? If so what are the entries as believe these below are for 3.0 ? Thanks Warren
I have been running multi test since the release of SpamCopURI-0.20, however, in spite of the fact that I have seen several phishing e-mail
from
US Bank and E-Bay, and others, I have never gotten a hit on ph.surbl.org.
Here are my test entries:
uri SC_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/2') describe SC_URI_RBL URI's domain appears in SC database at
sc.surbl.org
tflags SC_URI_RBL net score SC_URI_RBL 17.0
uri WS_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/4') describe WS_URI_RBL URI's domain appears in WS database at
ws.surbl.org
tflags WS_URI_RBL net score WS_URI_RBL 17.0
uri PH_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/8') describe PH_URI_RBL URI's domain appears in PH database at
ph.surbl.org
tflags PH_URI_RBL net score PH_URI_RBL 27.0
uri OB_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/16') describe OB_URI_RBL URI's domain appears in OB database at
ob.surbl.org
tflags OB_URI_RBL net score OB_URI_RBL 17.0
uri AB_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/32') describe AB_URI_RBL URI's domain appears in AB database at
ab.surbl.org
tflags AB_URI_RBL net score AB_URI_RBL 17.0
uri DS_URI_RBL eval:check_spamcop_uri_rbl('ds.surbl.org','127.0.0.2') describe DS_URI_RBL URI's domain appears in DS database at
ds.surbl.org
tflags DS_URI_RBL net score DS_URI_RBL 12.0 ==========
I get lots of hits on all of the other test. Can someone post a munged
URI
that should hit on the PH list so I can test with it.
Thanks,
Bill
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
On Saturday, August 7, 2004, 8:17:57 PM, Warren Robinson wrote:
Can "multi" be implemented with Spamassassin 2.63 ?
Yes. Use SpamCopURI 0.22. It comes with a sample config file with:
uri SPAMCOP_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+2') describe SPAMCOP_URI_RBL URI's domain appears in spamcop database at sc.surbl.org tflags SPAMCOP_URI_RBL net
uri WS_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+4') describe WS_URI_RBL URI's domain appears in ws database at ws.surbl.org tflags WS_URI_RBL net
uri PH_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+8') describe PH_URI_RBL URI's domain appears in ws database at ph.surbl.org tflags PH_URI_RBL net
uri OB_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+16') describe OB_URI_RBL URI's domain appears in ws database at ob.surbl.org tflags OB_URI_RBL net
score SPAMCOP_URI_RBL 3.0 score WS_URI_RBL 2.1 score OB_URI_RBL 2.1 score PH_URI_RBL 1.5
Jeff C.
Many thanks Jeff,
----- Original Message ----- From: "Jeff Chan" jeffc@surbl.org To: "SURBL Discussion list" discuss@lists.surbl.org Sent: Sunday, August 08, 2004 6:41 PM Subject: Re: [SURBL-Discuss] PH list question
On Saturday, August 7, 2004, 8:17:57 PM, Warren Robinson wrote:
Can "multi" be implemented with Spamassassin 2.63 ?
Yes. Use SpamCopURI 0.22. It comes with a sample config file with:
uri SPAMCOP_URI_RBL
eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+2')
describe SPAMCOP_URI_RBL URI's domain appears in spamcop database at
sc.surbl.org
tflags SPAMCOP_URI_RBL net
uri WS_URI_RBL
eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+4')
describe WS_URI_RBL URI's domain appears in ws database at
ws.surbl.org
tflags WS_URI_RBL net
uri PH_URI_RBL
eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+8')
describe PH_URI_RBL URI's domain appears in ws database at
ph.surbl.org
tflags PH_URI_RBL net
uri OB_URI_RBL
eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+16')
describe OB_URI_RBL URI's domain appears in ws database at
ob.surbl.org
tflags OB_URI_RBL net
score SPAMCOP_URI_RBL 3.0 score WS_URI_RBL 2.1 score OB_URI_RBL 2.1 score PH_URI_RBL 1.5
Jeff C.
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
-
Bill Landry -
David Hooton -
Jeff Chan -
Warren Robinson