[SURBL-Discuss] Surbl Headers?

Bill Landry billl at pointshare.com
Mon Oct 25 17:45:34 CEST 2004


----- Original Message ----- 
From: "Thomas Kinghorn" <thomask at mtnns.net>

> >where  OB_URI_RBL  is the default name of a SURBL rule.  Will
> >that work for you?  If not you may be able to use exim or some
> >other mail processing utility to look for headers like that and
> >add other headers more to your liking.
>
> I am looking along the lines at, for example,
> X-SURBL-TAG: URL:http://www.blahblah.tld found in XX.surbl.org.

Depending whether you are using spamc/spamd or some other utility to spawn
spamassassin, you can get the report added to the headers.  In local.cf, you
can add "report_safe  0".  This from
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.txt:
=====
    report_safe { 0 | 1 | 2 } (default: 1)
        if this option is set to 1, if an incoming message is tagged as
        spam, instead of modifying the original message, SpamAssassin will
        create a new report message and attach the original message as a
        message/rfc822 MIME part (ensuring the original message is
        completely preserved, not easily opened, and easier to recover).

        If this option is set to 2, then original messages will be attached
        with a content type of text/plain instead of message/rfc822. This
        setting may be required for safety reasons on certain broken mail
        clients that automatically load attachments without any action by
        the user. This setting may also make it somewhat more difficult to
        extract or view the original message.

        If this option is set to 0, incoming spam is only modified by adding
        some "X-Spam-" headers and no changes will be made to the body. In
        addition, a header named X-Spam-Report will be added to spam. You
        can use the remove_header option to remove that header after setting
        report_safe to 0.

        See report_safe_copy_headers if you want to copy headers from the
        original mail into tagged messages.
=====

Which should give you report headers like:
=====
 pts rule name              description
---- ---------------------- ------------------------------------------------
--
 6.6 FH_HAS_X_UIDL          FH_HAS_X_UIDL
 0.0 HTML_90_100            BODY: Message is 90% to 100% HTML
 1.0 MIME_HTML_MOSTLY       BODY: Multipart message mostly text/html MIME
 0.0 HTML_MESSAGE           BODY: HTML included in message
 3.0 HTML_IMAGE_ONLY_08     BODY: HTML: images with 400-800 bytes of words
 0.1 MPART_ALT_DIFF         BODY: HTML and text parts are different
 1.9 BAYES_99               BODY: Bayesian spam probability is 99 to 100%
                            [score: 1.0000]
 2.0 DNS_FROM_SECURITYSAGE  RBL: From: sender listed in SECURITYSAGE
 3.0 RCVD_IN_SBL            RBL: Received via a relay in Spamhaus SBL
                            [66.115.52.118 listed in sbl-xbl.spamhaus.org]
 3.0 URIBL_SBL_XBL          Contains a URL listed in the SBL-XBL blocklist
                            [URIs: saturnmailer.com]
 4.0 URIBL_JP_SURBL         Contains a URL listed in the JP SURBL blocklist
                            [URIs: saturnmailer.com]
 1.0 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL blocklist
                            [URIs: saturnmailer.com]
 3.0 URIBL_OB_SURBL         Contains an URL listed in the OB SURBL blocklist
                            [URIs: saturnmailer.com]
 0.5 URIBL_SS_RHSBL         Contains a URL listed in the SS URIBL blocklist
                            [URIs: saturnmailer.com]
-3.6 AWL                    AWL: From: address is in the auto white-list
=====

If you are using amavisd-new to spawn spamassassin, you will need to enable
this in the amavisd.conf file rather than local.cf.  The requirements may be
different for MailScanner, procmail or milters.

Bill



More information about the Discuss mailing list