On 01/04/2018 02:12 PM, Pedro David Marco wrote:
Out of curiosity... how is SUBRL in terms of false positives?? is it a
worthy IOC DDBB??
Thanks.
---
PedroD
My mail filtering volume is high enough that I would have to pay for a
feed subscription. I tried out a trial feed about a year a
I contacted someone there on your behalf as an FYI.
Udeme
Postmaster at Wish
On Thu, Nov 30, 2017 at 9:37 AM Joseph Brennan wrote:
>
> Domain upsmychoicedeals (dot) com is listed at SURBL, but it is included
> in all real legitimate mail from UPS about package delivery dates. I will
> make a lo
On 5/5/2013 12:29 PM, Richard Doyle wrote:
SURBL has reorganized its lists and provided a new spamassassin
configuration to support those changes:
http://lists.surbl.org/pipermail/announce/2013-May/000209.html
I'm using sa-update (version 3.003001) and noticed that 25_uribl.cf
already contains t
Hi!
I am not able to lookup surbl
Infact the domain surbl.org does not seem to exist at all.
[root@pop2 bin]# dig surbl.org +short
[root@pop2 bin]#
I am sorry if this is old news .. I have no idea since when SURBL went down ?
[raymond@noc ~]$ dig ns surbl.org
; <<>> DiG 9.6.2-P2-RedHat-9.6.
> > On 12.11.08 21:56, Peter Nitschke wrote:
> > > Read the entire sentence.
> > >
> > > "Please note that free public DNS queries for organizations smaller
> > > than 1,000 users or processing fewer than 250,000 messages per
> > > day is unchanged. "
>
> > > If you satisfy either requirement (
On 12/11/2008 at 12:45 PM Jeff Chan wrote:
>On Wednesday, November 12, 2008, 3:15:26 AM, Henrik K wrote:
>> On Tue, Nov 11, 2008 at 04:33:50PM -0800, Jeff Chan wrote:
>>>
>>> Hi Micah,
>>> Thanks very much for the feedback. Does anyone know how many
>>> non-profits have more than 1,000 users (i.
Kenneth Porter schrieb:
>> At dnswl.org, we consider any source (being losely defined as a /24 doing
>> more than 100'000 queries / 24 hours as a "large" user, and ask them to
>> switch to rsync access (however this is not strongly enforced at present,
>> and does not involve money).
>
> Does it
On Wednesday, November 12, 2008 1:28 PM +0100 Matthias Leisi
<[EMAIL PROTECTED]> wrote:
Number of users or number of messages is a good approximation of the
number of actual DNS queries, and sufficiently simple to determine.
At dnswl.org, we consider any source (being losely defined as a /24 d
On Wednesday, November 12, 2008, 3:15:26 AM, Henrik K wrote:
> On Tue, Nov 11, 2008 at 04:33:50PM -0800, Jeff Chan wrote:
>>
>> Hi Micah,
>> Thanks very much for the feedback. Does anyone know how many
>> non-profits have more than 1,000 users (i.e., users with
>> mailboxes)? The non-profit pric
On Wednesday, November 12, 2008, 10:55:52 AM, Larry Rosenbaum wrote:
> Where is the price list? I haven't been able to find it.
Hi Larry,
The pricing calculator is the first step of the data feed form:
http://www.surbl.org/datafeed/
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.su
Where is the price list? I haven't been able to find it.
> -Original Message-
> From: Joseph Brennan [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, November 12, 2008 12:25 PM
> To: users@spamassassin.apache.org
> Subject: Re: SURBL Usage Policy change
>
>
>
Jeff Chan <[EMAIL PROTECTED]> wrote:
Does anyone know how many non-profits have more than 1,000 users
(i.e., users with mailboxes)?
Most universities and colleges have many more than that. An
undergrad-only school that admits only about 200 a year would
pass that number, counting faculty a
On Wed, 2008-11-12 at 13:00 +0100, Matus UHLAR - fantomas wrote:
> On 12.11.08 21:56, Peter Nitschke wrote:
> > Read the entire sentence.
> >
> > "Please note that free public DNS queries for organizations smaller
> > than 1,000 users or processing fewer than 250,000 messages per
> > day is unchan
At 16:58 11-11-2008, Dave Koontz wrote:
Given this change in SURBL in policy and pricing, I would strongly
suggest removing their rules from the SA rule base. Otherwise, you will
likely get lots of complaints from users of systems that have embedded
SA installs, or others who do not monitor this
> I don't understand what users have to do in this context. It's the queries
> that affect DNS servers.
It's obviously true that the number of queries is the cause for
introducing any limitation/pricing scheme. But it's pretty hard for a
receiving site to actually know how many DNS queries they'r
On 12.11.08 13:00, Matus UHLAR - fantomas wrote:
> In another mail to surbl list it was mentioned that any organization who has
> more than >1000 users or processes >25 messages per day, the feed must
> be set up and charge paid.
>
> That meant you need to have <=1000 users AND process <=2500
On 12.11.08 21:56, Peter Nitschke wrote:
> Read the entire sentence.
>
> "Please note that free public DNS queries for organizations smaller
> than 1,000 users or processing fewer than 250,000 messages per
> day is unchanged. "
>
> So you could have 1,000,000 users but less than 250,000 messages
On Wed, Nov 12, 2008 at 09:56:46PM +1030, Peter Nitschke wrote:
>
> Read the entire sentence.
>
> "Please note that free public DNS queries for organizations smaller
> than 1,000 users or processing fewer than 250,000 messages per
> day is unchanged. "
>
> So you could have 1,000,000 users but
On 12/11/2008 at 1:15 PM Henrik K wrote:
>On Tue, Nov 11, 2008 at 04:33:50PM -0800, Jeff Chan wrote:
>>
>> Hi Micah,
>> Thanks very much for the feedback. Does anyone know how many
>> non-profits have more than 1,000 users (i.e., users with
>> mailboxes)? The non-profit pricing is below ISPs an
On Tue, Nov 11, 2008 at 04:33:50PM -0800, Jeff Chan wrote:
>
> Hi Micah,
> Thanks very much for the feedback. Does anyone know how many
> non-profits have more than 1,000 users (i.e., users with
> mailboxes)? The non-profit pricing is below ISPs and half that
> of regular end users.
Sometimes t
On Wednesday, November 12, 2008, 2:33:53 AM, Peter Nitschke wrote:
> On 11/11/2008 at 7:58 PM Dave Koontz wrote:
>>There are many non-profits out there that will hit your limits... I
>>don't think anyone knows how many there are. 1,000 users is fairly
>>trivial, and most non profits won't even b
On 11/11/2008 at 7:58 PM Dave Koontz wrote:
>There are many non-profits out there that will hit your limits... I
>don't think anyone knows how many there are. 1,000 users is fairly
>trivial, and most non profits won't even be able to fill in your forms
>second "required" field of how many messag
On Tuesday, November 11, 2008, 4:58:01 PM, Dave Koontz wrote:
> Jeff Chan wrote ... (11/11/2008 7:33 PM):
>> Hi Micah,
>> Thanks very much for the feedback. Does anyone know how many
>> non-profits have more than 1,000 users (i.e., users with
>> mailboxes)? The non-profit pricing is below ISPs an
Hi!
Given this change in SURBL in policy and pricing, I would strongly
suggest removing their rules from the SA rule base. Otherwise, you will
likely get lots of complaints from users of systems that have embedded
SA installs, or others who do not monitor this list. I can see many
Barracuda us
On Tue, Nov 11, 2008 at 07:58:01PM -0500, Dave Koontz wrote:
>
> Given this change in SURBL in policy and pricing, I would strongly
> suggest removing their rules from the SA rule base. Otherwise, you will
> likely get lots of complaints from users of systems that have embedded
> SA installs, or o
Jeff Chan wrote ... (11/11/2008 7:33 PM):
> Hi Micah,
> Thanks very much for the feedback. Does anyone know how many
> non-profits have more than 1,000 users (i.e., users with
> mailboxes)? The non-profit pricing is below ISPs and half that
> of regular end users.
>
There are many non-profits
On Tuesday, November 11, 2008, 8:49:44 AM, Micah Anderson wrote:
> "Jeff Chan" <[EMAIL PROTECTED]> writes:
> I think that SURBL is a valuable service, and I understand how it is
> difficult to maintain such a service without resources.
>> The funding is, by design, very moderate and will provide
"Jeff Chan" <[EMAIL PROTECTED]> writes:
I think that SURBL is a valuable service, and I understand how it is
difficult to maintain such a service without resources.
> The funding is, by design, very moderate and will provide much needed
> support to sustain this initiative.
However, I believe th
On Tuesday, December 19, 2006, 7:19:51 PM, Theo Dinter wrote:
> On Tue, Dec 19, 2006 at 09:47:15PM -0500, Charles Sprickman wrote:
>> "http://refinance-poiku07-com";
>>
>> In the cgi lookup linked above, the subdomain does not hit, but the main
>> domain does. Should SA be looking at the domain
On Tue, Dec 19, 2006 at 09:47:15PM -0500, Charles Sprickman wrote:
> "http://refinance-poiku07-com";
>
> In the cgi lookup linked above, the subdomain does not hit, but the main
> domain does. Should SA be looking at the domain for surbl checks or not?
It should only be looking at the domain.
Jeff Chan wrote:
> The test points were changed from returning a value of 127.0.0.2
> to 127.0.0.126 as of about a year ago. I neglected to announce
> the change, though it was mentioned on the SURBL discussion list.
> Announcing now.
>
> 127.0.0.126 represents all ones for the bits of all existin
On Thursday, December 14, 2006, 5:03:33 PM, Matt Kettler wrote:
> email containing the surbl permanent test point, and no spam quotes.
> The test-point URL used to only be listed in SC, although tests at
> uribl.com and rulesemporium.com both just report it as listed as a "test
> point" and don't
On Wed, 6 Dec 2006 08:34:43 -0500, "Coffey, Neal"
<[EMAIL PROTECTED]> wrote:
>Nigel Frankcom wrote:
>> I get the following off the SA box (I don't use OpenDNS or any
>> proxying, the rest of my lan uses the same dns that the SA box uses
>> and all is resolving normally)
>>
>> [...]
>>> ;; AUTHORI
Nigel Frankcom wrote:
> I get the following off the SA box (I don't use OpenDNS or any
> proxying, the rest of my lan uses the same dns that the SA box uses
> and all is resolving normally)
>
> [...]
>> ;; AUTHORITY SECTION:
>> multi.surbl.org.810 IN SOA a.surbl.org.
You're n
Hi Jeff,
Below are the headers from 3 emails in chronological order. The 1st
has no headers, a couple of minutes later the 2nd has them, then after
that the 3rd (and all subsequent ones) don't.
I have no clue what's going on. I've check all my local DNS and they
appear to be working fine. Can you
On Wednesday, December 6, 2006, 1:41:11 AM, Nigel Frankcom wrote:
> On Wed, 06 Dec 2006 08:52:09 +, Nigel Frankcom
> Oookay... now it's stopped. Sometime between 08:36 and 09:33 GMT.
> The SURBL headers have stopped appearing in every mail. I've made no
> changes. I ran --lint which showed no
On Wed, 06 Dec 2006 08:52:09 +, Nigel Frankcom
<[EMAIL PROTECTED]> wrote:
>On Wed, 6 Dec 2006 00:40:38 -0800, Jeff Chan <[EMAIL PROTECTED]> wrote:
>
>>On Tuesday, December 5, 2006, 11:59:17 PM, Nigel Frankcom wrote:
>>> Hi All,
>>
>>> I was just going through the overnight spam and cam across
On Wed, 6 Dec 2006 00:40:38 -0800, Jeff Chan <[EMAIL PROTECTED]> wrote:
>On Tuesday, December 5, 2006, 11:59:17 PM, Nigel Frankcom wrote:
>> Hi All,
>
>> I was just going through the overnight spam and cam across a load of
>> very definite FP's.
>
>> SURBL seems to be firing on legitimate domains.
On Tuesday, December 5, 2006, 11:59:17 PM, Nigel Frankcom wrote:
> Hi All,
> I was just going through the overnight spam and cam across a load of
> very definite FP's.
> SURBL seems to be firing on legitimate domains. A check on
> http://www.rulesemporium.com/cgi-bin/uribl.cgi showed none of the
On Wednesday 08 March 2006 21:57, jdow wrote:
>From: "Kenneth Porter" <[EMAIL PROTECTED]>
>
>> --On Wednesday, March 08, 2006 8:40 PM -0500 Theo Van Dinter
>>
>> <[EMAIL PROTECTED]> wrote:
>>> Not in SA proper. For curiosity sake, I wrote up a quick rule to
>>> test it out:
>>>
>>> MSECSSPAM%
On Wed, Mar 08, 2006 at 06:46:41PM -0800, Kenneth Porter wrote:
> > 1.400 1.0852 3.17810.255 0.001.00 TVD_NESTED_ANCHOR
> What MUA generates all the FP's?
I already deleted the results, but there were a lot of newsletters.
People are sloppy when they write html, leave an anchor tag
From: "Kenneth Porter" <[EMAIL PROTECTED]>
--On Wednesday, March 08, 2006 8:40 PM -0500 Theo Van Dinter
<[EMAIL PROTECTED]> wrote:
Not in SA proper. For curiosity sake, I wrote up a quick rule to test
it out:
MSECSSPAM% HAM% S/ORANK SCORE NAME
027920 4940
--On Wednesday, March 08, 2006 8:40 PM -0500 Theo Van Dinter
<[EMAIL PROTECTED]> wrote:
Not in SA proper. For curiosity sake, I wrote up a quick rule to test
it out:
MSECSSPAM% HAM% S/ORANK SCORE NAME
027920 49400.850 0.000.00 (all messages)
1.400
On Wed, Mar 08, 2006 at 04:25:40PM -0800, Kenneth Porter wrote:
> >It's an interesting use, but I don't believe it would confuse
> >SpamAssassin, etc. The second URI should be visible enough to be
> >checked, and I added the IP to ph.surbl.org.
>
> Is there an SA rule that checks for nested ancho
--On Wednesday, March 08, 2006 2:24 PM -0800 Jeff Chan <[EMAIL PROTECTED]>
wrote:
It's an interesting use, but I don't believe it would confuse
SpamAssassin, etc. The second URI should be visible enough to be
checked, and I added the IP to ph.surbl.org.
Is there an SA rule that checks for ne
On Wednesday, March 8, 2006, 9:14:57 AM, Kevin McGrail wrote:
> A co-worker of mine just pointed this out to me today. He tested it in
> Thunderbird and I tested it in OE6. It warrants serious attention.
> Ignoring the munged part, this would trick a very savvy internet user that
> allows HTML e
On Friday, February 10, 2006, 1:53:19 PM, Joey Joey wrote:
> OK on this web site http://spamcheck.freeapp.net/ they have a list located
> here http://spamcheck.freeapp.net/top-sites-domains which contains info from
> http://www.surbl.org/.
> I wrote a script to download the list and put into body_c
Theo Van Dinter wrote:
> On Fri, Feb 10, 2006 at 04:53:19PM -0500, Joey wrote:
>
>>Is there a way to use these surbl lists via SA and instead of scoring them
>>high, actually have them reject/delete the message for this rule and not
>>just score it for tagging?
>>I guess I am asking if there is a
On Fri, Feb 10, 2006 at 04:53:19PM -0500, Joey wrote:
> Is there a way to use these surbl lists via SA and instead of scoring them
> high, actually have them reject/delete the message for this rule and not
> just score it for tagging?
> I guess I am asking if there is a way to have both delete & ta
From: "List Mail User" <[EMAIL PROTECTED]>
>...
On Friday, January 13, 2006, 10:12:40 AM, Irina Irina wrote:
Hello Matt and all,
I enabled SURBL checks on a secondary server yesterday. It catches spam so
great that I like it very much.
Today I enabled it on our main server... Queue star
>...
>On Friday, January 13, 2006, 10:12:40 AM, Irina Irina wrote:
>> Hello Matt and all,
>
>> I enabled SURBL checks on a secondary server yesterday. It catches spam so
>> great that I like it very much.
>
>> Today I enabled it on our main server... Queue started to grow, messages
>> were piling
I forgot to add, if you're processing more than 100k messages per
day, then you should probably apply for rsync access to the SURBL
zone files and serve them up locally:
http://www3.surbl.org/rsync-signup.html
That too will improve performance.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
ht
On Friday, January 13, 2006, 10:12:40 AM, Irina Irina wrote:
> Hello Matt and all,
> I enabled SURBL checks on a secondary server yesterday. It catches spam so
> great that I like it very much.
> Today I enabled it on our main server... Queue started to grow, messages
> were piling up. I had t
- Original Message -
From: "Matt Kettler" <[EMAIL PROTECTED]>
To: "Irina" <[EMAIL PROTECTED]>
Cc:
Sent: Thursday, January 12, 2006 4:05 PM
Subject: Re: SURBL
> Irina wrote:
> > Thank you Matt and Leonardo,
> >
> > Oh, n. I checked about ever
Thank you.
We catch so many now I see in scores.
Irina
- Original Message -
From: "Matt Kettler" <[EMAIL PROTECTED]>
To: "Irina" <[EMAIL PROTECTED]>
Cc:
Sent: Thursday, January 12, 2006 4:05 PM
Subject: Re: SURBL
> Irina wrote:
> > Thank you
Irina wrote:
> Thank you Matt and Leonardo,
>
> Oh, n. I checked about everything, but not this file. I am missing it
> there. I am afraid I don't have the original file and will have to find in
> a TAR file.
Yes, you NEED init.pre.
Also, if you're using SA 3.1.0 you'll need v310.pre.
(I
much.
Irina
===
- Original Message -
From: "Matt Kettler" <[EMAIL PROTECTED]>
To: "Irina" <[EMAIL PROTECTED]>
Cc:
Sent: Thursday, January 12, 2006 3:40 PM
Subject: Re: SURBL
> Irina wrote:
> > Hello everybody again.
> >
Irina escreveu:
Hello everybody again.
Here is my other issue I found. I can not find any of SURBL in spam
reports. I am looking for this exact string SURBL (may be I am wrong?).
Spamassassin -D --lint shows the module is installed
[53711] dbg: dns: is Net::DNS::Resolver available? yes
Irina wrote:
> Hello everybody again.
>
> Here is my other issue I found. I can not find any of SURBL in spam
> reports. I am looking for this exact string SURBL (may be I am wrong?).
>
> Spamassassin -D --lint shows the module is installed
> [53711] dbg: dns: is Net::DNS::Resolver availabl
Sent: Wednesday, January 04, 2006 10:26 AM
To: 'SURBL Discussion list'; users@spamassassin.apache.org
Subject: RE: [SURBL-Discuss] RE: Google search as spam URI
[EMAIL PROTECTED] wrote:
> Dallas L. Engelken wrote:
>>> From: Dallas L. Engelken [mailto:[EMAIL PROTECTED]
>&g
[EMAIL PROTECTED] wrote:
> Dallas L. Engelken wrote:
>>> From: Dallas L. Engelken [mailto:[EMAIL PROTECTED]
>>>
>>> /^https?:\/\/(?:www\.)?google\.com\/search\?q=site:([A-Za-z0-9
>>> \-\.]+)$/I
>>>
>>
>> Notice the 'I' at the end should be 'i'.
>> Damn outlook,
>
> Agreed.
>
>> I know what I
I'm attaching the original spam message as is (in Outlook .msg format).
You'll be able to see my SA full report in the headers.
I don't think it would matter much because in my posting here I put
the original HTML HREF tag that includes the URI that should be
caught.
On 8/29/05, Craig McLean <[EMA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daryl C. W. O'Shea wrote:
| Craig McLean wrote:
|
|> -BEGIN PGP SIGNED MESSAGE-
|> Hash: SHA1
|>
|> 3.1.0-rc1 nailed it to the wall.
|>
|> Craig.
| <...>
|> domain
|> | 4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL
|> bloc
Craig McLean wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
3.1.0-rc1 nailed it to the wall.
Craig.
<...>
domain
| 4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL
blocklist
| [URIs: moonboard.info]
Did you detect that with a redirector
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
3.1.0-rc1 nailed it to the wall.
Craig.
Ilan Aisic wrote:
|
| pts rule name description
| --
- --
| 0.9 RCVD_BY_IP Received by mail server with no na
Perhaps changing the uri check would be a short-term fix. There is a
redirector pattern detector in SA which would be the right thing to fix.
Loren
On Friday, August 12, 2005, 10:07:47 AM, Dirk Bonengel wrote:
> Given: A (phishing-)mail containg a link to the IP 219.144.194.158
> The lookup page on rulesemporium.com says it's listed on ws and ph in SURBL
> However, I find that the current SpamAssassin (3.0.4) does not appear to
> lookup I
On Wednesday, July 27, 2005, 5:03:58 PM, Timothy Spear wrote:
> Second Test: Using a local .eml file I have a hyper link to
> http://test.surbl.org I then pass with file to either spamassassin or spamc
> Third Test: Send an email from a yahoo account with the same
>
@spamassassin.apache.org
Subject: Re: SURBL Rules Not Being Used
On Wed, Jul 27, 2005 at 09:08:28PM -0400, Timothy Spear wrote:
> Any other ideas?
The first thing for any issue is: run with -D and see what's happening.
--
Randomly Generated Tagline:
"Q. Why is this so clumsy?
A. The trick is
On Wed, Jul 27, 2005 at 09:08:28PM -0400, Timothy Spear wrote:
> Any other ideas?
The first thing for any issue is: run with -D and see what's happening.
--
Randomly Generated Tagline:
"Q. Why is this so clumsy?
A. The trick is to use Perl's strengths rather than its weaknesses."
I am running 0.53; straight from CPAN.
Any other ideas?
Tim
-Original Message-
From: Rick Macdougall [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 27, 2005 8:13 PM
To: Timothy Spear
Cc: users@spamassassin.apache.org
Subject: Re: SURBL Rules Not Being Used
Timothy Spear wrote
Timothy Spear wrote:
Hello,
The SURBL Rules do not appear to be working for me. I think I am
missing something basic.
The test:
First Test: Telnet into my MTA and manually enter the SMTP
Commands to send an email from a bogus address, email content is the same as
jdow pointed out problems with the prior rules for SA 3.0.1+.
These ones should work:
urirhsbl URIBL_SC2_SURBL sc2.surbl.org. A127.0.0.2
body URIBL_SC2_SURBL eval:check_uridnsbl('URIBL_SC2_SURBL')
describe URIBL_SC2_SURBL Has URI in SC2 at http://www.surbl.org/lists.html
tflags
> All it needs is port 53 TCP and UDP open (outbound),
> depending on what
> firewall product you use, depends on how. A bit of Google with what
> ports on what product will yield what you should need.
One thing to note... if your firewall is proxying for you, make sure it
doesn't think it's a
Dr Robert Young wrote:
> Is there a particular "port" and/or "protocol (TCP/UDP) that must be
> opened on any firewalls that might be on the network for the plugin to
> work?
You don't "need" to open any ports, however you must be able to resolve DNS
queries.
In general you can test it by using "
Dr Robert Young wrote:
Is there documentation available on all the prerequisites and setup
necessary for it to operate correctly?
On Jul 9, 2005, at 8:39 PM, Theo Van Dinter wrote:
On Sat, Jul 09, 2005 at 07:47:22PM -0400, Dr Robert Young wrote:
Is there any information available on what c
Is there documentation available on all the prerequisites and setup
necessary for it to operate correctly?
On Jul 9, 2005, at 8:39 PM, Theo Van Dinter wrote:
On Sat, Jul 09, 2005 at 07:47:22PM -0400, Dr Robert Young wrote:
Is there any information available on what configuration your firewal
On Sat, Jul 09, 2005 at 07:47:22PM -0400, Dr Robert Young wrote:
> Is there any information available on what configuration your firewall
> needs in order to make use of SURBL in SA 3.0.4? Forts, etc??
SURBL needs DNS to function.
--
Randomly Generated Tagline:
Cop: "He's making a break for it.
Dr Robert Young wrote on Fri, 8 Jul 2005 20:34:00 -0400:
> Is there a particular "port" and/or "protocol (TCP/UDP) that must be
> opened on any firewalls that might be on the network for the plugin to
> work?
Probably 53. If you have control of the firewall, then simply shut it off
for a few m
Is there a particular "port" and/or "protocol (TCP/UDP) that must be
opened on any firewalls that might be on the network for the plugin to
work?
On Jul 8, 2005, at 6:25 PM, Matt Kettler wrote:
Dr Robert Young wrote:
I have been looking at the incorporation or SURBL into the SA 3.0.4
releas
Dr Robert Young wrote:
> I have been looking at the incorporation or SURBL into the SA 3.0.4
> release (I will say up front I am very early on the learning curve for SA).
>
> I have read that the SURBL support is built in by default in SA 304, and
> I can see where the plugin is loaded in init.pre
Dr Robert Young wrote:
I have been looking at the incorporation or SURBL into the SA 3.0.4
release (I will say up front I am very early on the learning curve for SA).
I have read that the SURBL support is built in by default in SA 304, and
I can see where the plugin is loaded in init.pre.
Ho
Theo Van Dinter wrote:
On Wed, Jul 06, 2005 at 12:18:32PM +0200, mouss wrote:
In fact, the problem seems with quoted-printable, not with the
redirection. here is an example (reduced to the minimum, and with munged
URI).
Actually it has nothing to do with quoted-printable. The spammer put i
On Wed, Jul 06, 2005 at 12:18:32PM +0200, mouss wrote:
> In fact, the problem seems with quoted-printable, not with the
> redirection. here is an example (reduced to the minimum, and with munged
> URI).
Actually it has nothing to do with quoted-printable. The spammer put in an
invalid HTML tag:
Raymond Dijkxhoorn wrote:
That domain is listed for quitte some time...
URIBL_BLACK 3.00, URIBL_JP_SURBL 4.26, URIBL_OB_SURBL 3.21, URIBL_SBL
4.26, URIBL_WS_SURBL 1.46
But then again, without headers we also dont know much more then you do :)
True!
In fact, the problem seems with quoted-
Hi!
3.0.4 finds it fine in my test. As usual, run with -D:
debug: uri found:
http://ar.atwola.com/redir/B0/NIGMELhw-OhjdGRhu9krS8hjdsxhHJMd7aZyBahYZOlB1rRxxNchtg$$/http://medsavenow.com/?name=revup
debug: uri found: http://medsavenow.com/?name=revup
The problem is likely that when the message
On Wed, Jul 06, 2005 at 04:00:19AM +0200, mouss wrote:
> The following url is missed by uribl, eventhough medsavenow.com is
> listed. is it because of the "$$"?
3.0.4 finds it fine in my test. As usual, run with -D:
debug: uri found:
http://ar.atwola.com/redir/B0/NIGMELhw-OhjdGRhu9krS8hjdsxhHJM
>-Original Message-
>From: Michele Neylon :: Blacknight Solutions
>[mailto:[EMAIL PROTECTED]
>Sent: Tuesday, May 31, 2005 5:05 AM
>To: 'Jeff Chan'; 'SURBL Discussion list'; 'SpamAssassin Users'
>Subject: RE: [SURBL-Discuss] Blogger attac
yes - should be fixed as while ago, just needing the DNS change to
propogate. Someone added .com to the list!
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Bryan Haase wrote:
Anyone seeing problems with SURBL "AB"? This morning I have had more
false posit
On Wednesday, May 4, 2005, 8:37:45 AM, martin smith wrote:
M>>From: Jeff Chan [mailto:[EMAIL PROTECTED]
M>>A good way to report spams is to use SpamCop. The SpamCop
M>>spamvertised site data goes into sc.surbl.org:
M>>
M>> http://www.surbl.org/lists.html#sc
M>>
> Jeff, does this include the li
M>-Original Message-
M>From: Jeff Chan [mailto:[EMAIL PROTECTED]
M>Sent: 04 May 2005 02:29
M>To: users@spamassassin.apache.org
M>Subject: Re: [SURBL] how to report
M>
M>On Monday, May 2, 2005, 11:34:14 PM, hamann w wrote:
M>> I just came across this website
M
On Monday, May 2, 2005, 11:34:14 PM, hamann w wrote:
> I just came across this website
> www.webspawner.com/users/moneymakerman555
> What is the best way to have the spam that this will likely create blocked by
> surbl?
> Wolfgang Hamann
A good way to report spams is to use SpamCop. The SpamCo
[EMAIL PROTECTED] wrote:
>Hi,
>
>I just came across this website
>www.webspawner.com/users/moneymakerman555
>
>What is the best way to have the spam that this will likely create blocked by
>surbl?
>
>
Correction , what's the best way to have spam this will create be
blocked by SpamAssassin.
SU
On Friday, April 22, 2005, 7:27:17 AM, John Delisle wrote:
> Even if data re average age of the domains, wouldn't they just start
> registering them earlier so as to not match that pattern?
Yeah that's always a possibility. But there seems to be some
evidence that a lot of spam domains don't get
On Friday, April 22, 2005, 9:27:56 AM, Steven Champeon wrote:
> See:
> http://www.merit.edu/mail.archives/nanog/2005-01/msg00225.html
> for one particular spamgang (dunno who); seems to be entirely dedicated
> to sending out spam in multipart with one redirector link (ends in .html,
> with embedd
; SpamAssassin Users
>Subject: Re: [SURBL-Discuss] RE: Research wanted: age of spam gang URI
>domains
>
>
>Even if data re average age of the domains, wouldn't they just start
>registering them earlier so as to not match that pattern?
>
>John Delisle, CISA
>Senior Net
On Saturday, April 9, 2005, 10:14:27 AM, List User wrote:
> I've begun sending them to [EMAIL PROTECTED] - no bounce, but no
> response
> either. Starting tomorrow, *all* the CNet editors get a copy. Todays below.
> Paul Shupak
> [EMAIL PROTECTED]
LOL, but I can't reall
>...
>Date: Sat, 9 Apr 2005 10:56:10 +0200 (CEST)
>From: Raymond Dijkxhoorn <[EMAIL PROTECTED]>
>X-X-Sender: [EMAIL PROTECTED]
>To: "Kevin A. McGrail" <[EMAIL PROTECTED]>
>Subject: Re: [SURBL-Discuss] More spams with Zdnet redirector
>...
>
>Hi!
One good redirector deserves Yet another.
http://cz7.clickzs. com/tn.php?carefullyacross&kza%2eiB%72s%6fft.%63Om
This one SURBL does not catch, except for the fact that 'clickzs. com'
is listed in WS. ;)
--
Dave Funk University of Iowa
College of Engine
On Thursday, February 17, 2005, 4:46:28 PM, Jeff Chan wrote:
> IMO The correct answer is for eBay not to have an open redirector
> or for them to protect it better, for example as Matthew suggests.
> We could ask them follow the lead of other redirection sites and
> use SURBLs to check the URIs:
1 - 100 of 256 matches
Mail list logo
