On Sat, 10 Nov 2012, Igor Chudov wrote:
On Sat, Nov 10, 2012 at 08:47:57AM +0300, Jonathan Nichols wrote:
So, why is it triggering URIBL_BLACK and URIBL_DBL_SPAM etc now, but
not when I received the original spam?
Or was the database updated with those
URLs after I received that particular s
On Sat, Nov 10, 2012 at 08:47:57AM +0300, Jonathan Nichols wrote:
> >
> > So, why is it triggering URIBL_BLACK and URIBL_DBL_SPAM etc now, but
> > not when I received the original spam?
> >
> > Or was the database updated with those
> > URLs after I received that particular spam?
> > i
>
> It i
>
> So, why is it triggering URIBL_BLACK and URIBL_DBL_SPAM etc now, but
> not when I received the original spam?
>
> Or was the database updated with those
> URLs after I received that particular spam?
> i
It is quite likely that it was not in the database when you received it, but
was added
wolfgang a écrit :
> My message below was rejected as spam:
> :
> 140.211.11.136_failed_after_I_sent_the_message./Remote_host_said:_552_spam_score_(15.9)_exceeded_threshold/
>
> So, I resend it with the queried domain name obfuscated.
>
Let me quote Alex's reply on the uribl list:
> See http://
On Thu, 2008-10-16 at 18:24 -0400, Kris Deugau wrote:
> Karsten Bräckelmann wrote:
> > Unlike regular score lines for non-existent rules (which are kind of
> > ignored), the relative score adjustment depends on the rule to be
> > defined before.
> >
> > Given your demo rule above,
[...]
> > you ar
Matt Kettler wrote:
Hmm, I'm not exactly sure why you'd do that. Are you trying to
distribute updates rule sets over sa-update that contain score mods?
Exactly.
When I came across this the first time, I just created a meta rule with
a score of -1 instead, and that's been working for months no
Kris Deugau writes:
> Karsten Bräckelmann wrote:
> > Unlike regular score lines for non-existent rules (which are kind of
> > ignored), the relative score adjustment depends on the rule to be
> > defined before.
> >
> > Given your demo rule above,
>
> Nominally live, actually. I've had perfectl
Kris Deugau wrote:
> Matt Kettler wrote:
>> I just tested this, and it works perfectly on my system. I added this
>> line to my local.cf:
>>score URIBL_SC_SURBL (1.5)
>>
>> And that rule jumped from 0.5 to 2.0 in a test message.
>
> Yes, that works fine. What doesn't work is where the "sco
Karsten Bräckelmann wrote:
Unlike regular score lines for non-existent rules (which are kind of
ignored), the relative score adjustment depends on the rule to be
defined before.
Given your demo rule above,
Nominally live, actually. I've had perfectly legitimate staff email
hitting FORGED_MUA
On Thu, 2008-10-16 at 17:10 -0400, Kris Deugau wrote:
> Yes, that works fine. What doesn't work is where the "score RULE (adj)"
> entry is in a channel ruleset, and the original rule is in a different
> channel or the stock ruleset.
>
> At least, as of last time I tried that was the case. And
Matt Kettler wrote:
I just tested this, and it works perfectly on my system. I added this
line to my local.cf:
score URIBL_SC_SURBL (1.5)
And that rule jumped from 0.5 to 2.0 in a test message.
Yes, that works fine. What doesn't work is where the "score RULE (adj)"
entry is in a cha
On Wed, 2008-10-15 at 17:55 -0400, Kris Deugau wrote:
> Matt Kettler wrote:
> > You can always do a relative score adjust.. SA supports that you know:
> >
> > score URIBL_BLACK (1.5)
> >
> > Will take whatever the existing score is and add 1.5 to it.
>
> ... but this doesn't work in rule channel
Kris Deugau wrote:
> Matt Kettler wrote:
>> You can always do a relative score adjust.. SA supports that you know:
>>
>> score URIBL_BLACK (1.5)
>>
>> Will take whatever the existing score is and add 1.5 to it.
>
> ... but this doesn't work in rule channels pulled in by sa-update. :(
>
> (You *can
Kris Deugau wrote:
> Matt Kettler wrote:
>> You can always do a relative score adjust.. SA supports that you know:
>>
>> score URIBL_BLACK (1.5)
>>
>> Will take whatever the existing score is and add 1.5 to it.
>
> ... but this doesn't work in rule channels pulled in by sa-update. :(
>
> (You *can
Matt Kettler wrote:
You can always do a relative score adjust.. SA supports that you know:
score URIBL_BLACK (1.5)
Will take whatever the existing score is and add 1.5 to it.
... but this doesn't work in rule channels pulled in by sa-update. :(
(You *can* have "score RULE newvalue" entries
> -Original Message-
> From: Jeff Chan [mailto:[EMAIL PROTECTED]
> Sent: 2008-10-13 05:28
> To: users@spamassassin.apache.org
> Subject: Re: URIBL_BLACK
>
>
> On Friday, October 10, 2008, 11:29:33 PM, Yet Ninja wrote:
>
> > Something tells me your
On 10/13/2008 11:27 AM, Jeff Chan wrote:
On Friday, October 10, 2008, 11:29:33 PM, Yet Ninja wrote:
Something tells me your stats are either obsolete, biased, borked or
your ham corpus would be quite a few other ppl's mainsleaze spam corpus.
Imo, that 1.1% FP rating seems to have little valu
On Friday, October 10, 2008, 11:29:33 PM, Yet Ninja wrote:
> Something tells me your stats are either obsolete, biased, borked or
> your ham corpus would be quite a few other ppl's mainsleaze spam corpus.
> Imo, that 1.1% FP rating seems to have little value in a global context.
> thx for the tr
On 10/11/2008 12:43 AM, Theo Van Dinter wrote:
On Sat, Oct 11, 2008 at 12:15:00AM +0200, Yet Another Ninja wrote:
74.714 78.1593 1.11300.986 0.780.00 URIBL_BLACK
Would you pls post those FP URIs so ppl can judge what your rating is
based upon.
(imperfect) command posted for my f
On 10/10/2008 11:19 PM, Theo Van Dinter wrote:
This has come up on the list before, but... Looking at my most recent
network run:
OVERALLSPAM% HAM% S/ORANK SCORE NAME
0 460740215640.955 0.000.00 (all messages)
0.0 95.5290 4.47100.955 0.00
Benny Pedersen wrote:
>
>> Huh, why not simply:
>> score URIBL_BLACK 6
>> Inside your local.cf? This is wasting CPU... ?
>>
>
> olso works, but when sa-rules change the score you did not notice the change
>
>
You can always do a relative score adjust.. SA supports that you know:
score URIB
[EMAIL PROTECTED] wrote:
Of the fair amount of false negatives that get through, more than 90% of
them appear to hit on URIBL_BLACK. I have incrementally increased it
recently to a score of 5.0 (I hit on 6.0). The stuff that's still
getting through seems to be hitting on only URIBL_BLACK.
On Sat, October 11, 2008 00:32, Theo Van Dinter wrote:
> score URIBL_BLACK (1.5)
> you don't need another rule, you just want to add a value to the score.
both ways do the same ?
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
On Sat, Oct 11, 2008 at 12:15:00AM +0200, Yet Another Ninja wrote:
> > 74.714 78.1593 1.11300.986 0.780.00 URIBL_BLACK
>
> Would you pls post those FP URIs so ppl can judge what your rating is
> based upon.
(imperfect) command posted for my future reference ...
$ grep URIBL_BLACK h
On Sat, Oct 11, 2008 at 12:01:48AM +0200, Benny Pedersen wrote:
> meta URIBL_BLACK_ADJ (URIBL_BLACK)
> describe URIBL_BLACK_ADJ Meta: i trust uribl more :)
> score URIBL_BLACK_ADJ 1.5
>
> that way you still benefit from score adjust on sa-rules
The right way to do this is:
score URIBL_BLACK (1.5
Hi!
describe URIBL_BLACK_ADJ Meta: i trust uribl more :)
score URIBL_BLACK_ADJ 1.5
that way you still benefit from score adjust on sa-rules
Huh, why not simply:
score URIBL_BLACK 6
Inside your local.cf? This is wasting CPU... ?
olso works, but when sa-rules change the score you did not not
On Sat, October 11, 2008 00:11, Raymond Dijkxhoorn wrote:
>> meta URIBL_BLACK_ADJ (URIBL_BLACK)
>> describe URIBL_BLACK_ADJ Meta: i trust uribl more :)
>> score URIBL_BLACK_ADJ 1.5
>> that way you still benefit from score adjust on sa-rules
read last line here one more time
> Huh, why not simply
Hi!
I am very tempted to bump the score of it to 6.0 or higher, as it would
drastically reduce spam, but I'd like to get any false positive feedback
on doing that first. I haven't seen any so far, but I figure others must
be doing this.
meta URIBL_BLACK_ADJ (URIBL_BLACK)
describe URIBL_BLACK
On Fri, October 10, 2008 22:55, [EMAIL PROTECTED] wrote:
> I am very tempted to bump the score of it to 6.0 or higher, as it would
> drastically reduce spam, but I'd like to get any false positive feedback
> on doing that first. I haven't seen any so far, but I figure others must
> be doing this
This has come up on the list before, but... Looking at my most recent
network run:
OVERALLSPAM% HAM% S/ORANK SCORE NAME
0 460740215640.955 0.000.00 (all messages)
0.0 95.5290 4.47100.955 0.000.00 (all messages as %)
74.714 78.1593 1.
On Mon, Jul 02, 2007 at 01:28:27PM -0700, Jo Rhett wrote:
> Both of these assume I know every person who needs to e-mail me, and
> everything they will send me. Theo, you're active in enough open
> source projects to know better.
Well, you just said you were receiving a large amount of "syste
On Jul 2, 2007, at 1:22 PM, Theo Van Dinter wrote:
If these are from known good sources, just whitelist them (or skip SA
altogether). Otherwise, if the names are specific, you could always
use uridnsbl_skip_domain to bypass URIDNSBL checks on the parsed
domains.
Both of these assume I know e
On Mon, Jul 02, 2007 at 01:05:17PM -0700, Jo Rhett wrote:
> I need to completely disable this over-opportunistic behavior. 90%
> of my e-mails have either system output, or are concerning code
> segments or router interfaces, etc, etc. I need these mails to get
> through.
>
> At the very le
From: Jo Rhett [mailto:[EMAIL PROTECTED]
I need to completely disable this over-opportunistic behavior. 90%
of my e-mails have either system output, or are concerning code
segments or router interfaces, etc, etc. I need these mails to get
through.
At the very least, common collisions like scri
> From: Jo Rhett [mailto:[EMAIL PROTECTED]
>
> > SA doesn't just look for full URLs, it looks for things that could
be
> > hostnames ala "copy www.example.com into your browser".
>
> This is fairly nonfunctional. I've been chasing around all sorts of
> FPs that seem to hit pretty much every mess
On Jun 30, 2007, at 6:23 PM, Theo Van Dinter wrote:
On Sat, Jun 30, 2007 at 12:07:04PM -0700, Jo Rhett wrote:
There's no URL in this message. What is it mis-matching against?
When in doubt, run through "spamassassin -D":
[9710] dbg: uridnsbl: domains to query: sync.pl svcolo.com
Thanks for
Jo Rhett wrote:
Note: yes, uribl has their own mailing list. That server has been down
for quite some time, so I gave up and posted it here in case someone is
dual listed and can fix it.
There's no URL in this message. What is it mis-matching against?
This has been answered, but, if you're
Quoting SM <[EMAIL PROTECTED]>:
> Hi Jeff,
> At 03:58 01-07-2007, Jeff Chan wrote:
> >http://lookup.uribl.com/?domain=sync.pl
>
> I missed that one. :-) It's not listed though.
It was listed when I wrote.
Jeff C.
Hi Jeff,
At 03:58 01-07-2007, Jeff Chan wrote:
http://lookup.uribl.com/?domain=sync.pl
I missed that one. :-) It's not listed though.
Regards,
-sm
On Sun, 1 Jul 2007 at 05:58 -0500, [EMAIL PROTECTED] confabulated:
Quoting SM <[EMAIL PROTECTED]>:
At 12:07 30-06-2007, Jo Rhett wrote:
Note: yes, uribl has their own mailing list. That server has been
down for quite some time, so I gave up and posted it here in case
someone is dual listed a
Quoting SM <[EMAIL PROTECTED]>:
> At 12:07 30-06-2007, Jo Rhett wrote:
> >Note: yes, uribl has their own mailing list. That server has been
> >down for quite some time, so I gave up and posted it here in case
> >someone is dual listed and can fix it.
> >
> >There's no URL in this message. What i
At 12:07 30-06-2007, Jo Rhett wrote:
Note: yes, uribl has their own mailing list. That server has been
down for quite some time, so I gave up and posted it here in case
someone is dual listed and can fix it.
There's no URL in this message. What is it mis-matching against?
There was a URL in
On Sat, Jun 30, 2007 at 12:07:04PM -0700, Jo Rhett wrote:
> There's no URL in this message. What is it mis-matching against?
When in doubt, run through "spamassassin -D":
[9710] dbg: uridnsbl: domains to query: sync.pl svcolo.com
SA doesn't just look for full URLs, it looks for things that coul
List Mail User wrote:
>> ...
>> List Mail User wrote:
>>
>>> Huh? (Lookup "strawman" in a dictionary, please.)
>>>
>> That's my understanding of what you were claiming happened. Yes, it
>> looks like an absurdly weak argument. However, it's the argument you
>> presented, as best I can
>...
>List Mail User wrote:
>> Huh? (Lookup "strawman" in a dictionary, please.)
>That's my understanding of what you were claiming happened. Yes, it
>looks like an absurdly weak argument. However, it's the argument you
>presented, as best I can make sense of your posts.
>
>Or are you admitting th
List Mail User wrote:
> Huh? (Lookup "strawman" in a dictionary, please.)
That's my understanding of what you were claiming happened. Yes, it
looks like an absurdly weak argument. However, it's the argument you
presented, as best I can make sense of your posts.
Or are you admitting that you made
>...
>List Mail User wrote:
>
>> Paul.. None of those pages contain a link. The user would have to
>> >copy-paste or hand-type the url. That would defeat any referrer mechanism.
>>
>>
>> Also, whether cut&paste generates a referral all depends on your
>> browser and the setting used in some
From: "Matt Kettler" <[EMAIL PROTECTED]>
List Mail User wrote:
Paul.. None of those pages contain a link. The user would have to
>copy-paste or hand-type the url. That would defeat any referrer mechanism.
Also, whether cut&paste generates a referral all depends on your
browser and the settin
List Mail User wrote:
> Paul.. None of those pages contain a link. The user would have to
> >copy-paste or hand-type the url. That would defeat any referrer mechanism.
>
>
> Also, whether cut&paste generates a referral all depends on your
> browser and the setting used in some (e.g. Opera
>...
>
Matt,
>> In each case, normal HTML gives a "referrer" page, so no affiliate
>> ID is needed.
>
>Paul.. None of those pages contain a link. The user would have to
>copy-paste or hand-type the url. That would defeat any referrer mechanism.
Also, whether cut&paste genera
List Mail User wrote:
>>
> In each case, normal HTML gives a "referrer" page, so no affiliate
> ID is needed.
Paul.. None of those pages contain a link. The user would have to
copy-paste or hand-type the url. That would defeat any referrer mechanism.
(more extensive commentary directe
From: "List Mail User" <[EMAIL PROTECTED]>
>List Mail User wrote:
winterizewithscotts.com
Scott's lawncare registered user updates.
Matt,
winterizewithscotts.com looks like a case of "affiliate" spamming or
misuse of "sweepstakes" entries.
See:
http://forums.gottadeal.com/archive/index.php
>List Mail User wrote:
>>> winterizewithscotts.com
>>>
>>> Scott's lawncare registered user updates.
>>>
>>>
>> Matt,
>>
>> winterizewithscotts.com looks like a case of "affiliate" spamming or
>> misuse of "sweepstakes" entries.
>> See:
>> http://forums.gottadeal.com/archive/index.p
From: "Matt Kettler" <[EMAIL PROTECTED]>
I'm thinking of something like:
score URIBL_SURBL 2.0
score URIBL_AB_SURBL 1.812
score URIBL_JP_SURBL 2.087
score URIBL_OB_SURBL 1.008
score URIBL_PH_SURBL 0.800
score URIBL_SC_SURBL 2.498
score URIBL_WS_SURBL 0.140
Whereas I am thinking of increas
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Sunday, February 19, 2006 06:09
> To: jdow
> Cc: users@spamassassin.apache.org
> Subject: Re: URIBL_BLACK + OB_SURBL double-listed nonspam domain
>
> Right now JP+SC scores 8.585, w
jdow wrote:
>
> If a solution that leads to the grand total of all BL hits never
> exceeding 5 with SA as it exists now and without a very complex
> interlocking meta rule set I'll experience a very dramatic increase
> in spams slipping through, from a couple a week, to maybe one an
> hour. A fair
From: "Matt Kettler" <[EMAIL PROTECTED]>
List Mail User wrote:
"
Any information you provide to us (i.e., name, e-mail address, etc.)...
or to provide you with special notices. ...
A more complete quote reads:
his information may be used to provide you with information *you've
requested* ab
List Mail User wrote:
>
>
> "
> Any information you provide to us (i.e., name, e-mail address, etc.)...
> or to provide you with special notices. ...
A more complete quote reads:
his information may be used to provide you with information *you've
requested* about our company, our products and our
List Mail User wrote:
>> winterizewithscotts.com
>>
>> Scott's lawncare registered user updates.
>>
>>
> Matt,
>
> winterizewithscotts.com looks like a case of "affiliate" spamming or
> misuse of "sweepstakes" entries.
> See:
> http://forums.gottadeal.com/archive/index.php/t-14640
>winterizewithscotts.com
>
>Scott's lawncare registered user updates.
>
Matt,
winterizewithscotts.com looks like a case of "affiliate" spamming or
misuse of "sweepstakes" entries.
See:
http://forums.gottadeal.com/archive/index.php/t-14640.html
http://forums.gottadeal.com/archive/i
60 matches
Mail list logo
