Title: RE: Bypassing SURBLs using end user brain cells
> -Original Message-
> From: Paolo Cravero [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 19, 2006 9:31 AM
> To: users@spamassassin.apache.org
> Subject: Bypassing SURBLs using end user brain cells
>
Spam message without any link, and instructions inside an image:
http://i11.tinypic.com/2pqtaba.gif
First time I've seen this. Funny, but other RBLs
(RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_SORBS_WEB, RCVD_IN_XBL) caught it.
Paolo
: SpamAssassin Users
Subject: RE: SURBLS
> Here is everything I got from debug. I ran it as root so there is a
> Bayes error that normally wouldn't pop up.
>
Mike, didn't we already rule out SA off-list? You might want to try the
MIMEDefang list.
d
> Here is everything I got from debug. I ran it as root so
> there is a Bayes error that normally wouldn't pop up.
>
Mike, didn't we already rule out SA off-list? You might want to try the
MIMEDefang list.
d
At 09:35 PM 12/2/2004, Mike Carlson wrote:
debug: config: SpamAssassin failed to parse line, skipping:
rewrite_subject 1
debug: config: SpamAssassin failed to parse line, skipping: subject_tag
(SPAM) _HITS_
debug: config: SpamAssassin failed to parse line, skipping:
use_terse_report
k[2130]: [ 5] Connecting to pride.cloudmark.com ...
^Clogmsg: server hit by SIGCHLD
logmsg: handled cleanup of child pid 2134
logmsg: handled cleanup of child pid 2133
logmsg: handled cleanup of child pid 2132
logmsg: handled cleanup of child pid 2131
logmsg: handled cleanup of child pid 2130
log
At 07:47 PM 12/2/2004, Mike Carlson wrote:
debug: URIDNSBL: domains to query:
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.48
debug: all '*From' addrs: [EMAIL PROTECTED]
Ok, that much is good. We can tell you did install Net::DNS and you have a
recent version.
However, f
On Thursday, December 2, 2004, 4:47:59 PM, Mike Carlson wrote:
> Here is a snippet of what I got:
> debug: URIDNSBL: domains to query:
> debug: is Net::DNS::Resolver available? yes
> debug: Net::DNS version: 0.48
> debug: all '*From' addrs: [EMAIL PROTECTED]
Looks like 0.48 is the latest Net::D
On Thursday, December 2, 2004, 12:18:19 PM, Mike Carlson wrote:
> If I run that command I get this:
> hades# spamd -D -p 800 2>&1 | grep postcard
> Ambiguous output redirect.
> hades#
> --Mike
What shell are you using? Standard output and error redirection
syntax is a little different betwee
ecember 02, 2004 6:30 PM
To: Mike Carlson; users@spamassassin.apache.org
Subject: RE: SURBLS
At 06:13 PM 12/2/2004, Mike Carlson wrote:
>I have Net::DNS installed.
>
>It's a FreeBSD 4.9 with SA being called by MIMEDefang.
>
>I am not sure if any of the RBL stuff is working. I
At 06:13 PM 12/2/2004, Mike Carlson wrote:
I have Net::DNS installed.
It's a FreeBSD 4.9 with SA being called by MIMEDefang.
I am not sure if any of the RBL stuff is working. I figured I would work
on one thing at a time.
Well, I'd start with at least verifying you have a fully working DNS setup
f
I have both those options set.
--Mike
-Original Message-
From: Guyang Mao [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 02, 2004 5:13 PM
To: users@spamassassin.apache.org
Subject: RE: SURBLS
Make sure your mimedefang is configuring SA to use the RBL.
In the mimedefang-filter
ECTED]
Sent: Thursday, December 02, 2004 5:14 PM
To: Matt Kettler; users@spamassassin.apache.org
Subject: RE: SURBLS
I have Net::DNS installed.
It's a FreeBSD 4.9 with SA being called by MIMEDefang.
I am not sure if any of the RBL stuff is working. I figured I would work on
one thing at a time.
--Mike
2004 2:55 PM
To: Mike Carlson; users@spamassassin.apache.org
Subject: RE: SURBLS
At 02:46 PM 12/2/2004, Mike Carlson wrote:
>It wasnt in the hits either.
>
>--Mike
Hmm. Do you have Net::DNS installed? Do any normal RBLs work?
At 02:46 PM 12/2/2004, Mike Carlson wrote:
It wasnt in the hits either.
--Mike
Hmm. Do you have Net::DNS installed? Do any normal RBLs work?
Subject: RE: SURBLS
> Ok, I tried the command, but I am SSH's so the output
> redirection didnt work.
>
> I did do spamd -D -p 800 | grep postcard
>
# spamd -D -p 800 2>&1 | grep postcard
Notice the stderr to stdout redirector??
d
> Ok, I tried the command, but I am SSH's so the output
> redirection didnt work.
>
> I did do spamd -D -p 800 | grep postcard
>
# spamd -D -p 800 2>&1 | grep postcard
Notice the stderr to stdout redirector??
d
sg: handled cleanup of child pid 2130
logmsg: server killed by SIGINT, shutting down
From: Dallas L. Engelken [mailto:[EMAIL PROTECTED]
Sent: Thu 12/2/2004 1:42 PM
To: Mike Carlson
Cc: users@SpamAssassin.apache.org
Subject: RE: SURBLS
Nah, but your could put it in debug mo
L
blocklist
* [URIs: postcards.com]
Dallas
> -Original Message-
> From: Mike Carlson [mailto:[EMAIL PROTECTED]
> Sent: Thursday, December 02, 2004 1:35 PM
> To: Dallas L. Engelken
> Subject: RE: SURBLS
>
> Ok, I got the same res
It wasnt in the hits either.
--Mike
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Thu 12/2/2004 1:36 PM
To: Mike Carlson; users@spamassassin.apache.org
Subject: RE: SURBLS
At 02:35 PM 12/2/2004, Mike Carlson wrote:
>I sent an email with that URL in
At 02:35 PM 12/2/2004, Mike Carlson wrote:
I sent an email with that URL in it and it didnt get tagged.
Well, it won't get tagged by SA based on that alone. There are very few
"sure fire spam" rules in SA, and none of the SURBLs are on that small list.
What you need to do is lo
I sent an email with that URL in it and it didnt get tagged.
--Mike
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Thu 12/2/2004 1:25 PM
To: Mike Carlson; users@spamassassin.apache.org
Subject: Re: SURBLS
At 02:01 PM 12/2/2004, Mike Carlson wrote:
>W
At 02:01 PM 12/2/2004, Mike Carlson wrote:
What tests can I do to make sure SURBLS is working? I havent seen any
scores for SURBLS in any of the caught or uncaught emails.
Send yourself an email with the surbl tespoint in it:
http://www.surbl-org-permanent-test-point.com/
That should trigger the
What tests can I do to make sure SURBLS is working? I havent seen any scores
for SURBLS in any of the caught or uncaught emails.
Thanks,
--Mike
Just a reminder that since Qmail-Scanner supports SpamAssassin,
it also supports using SURBLs with the Qmail mail server.
http://qmail-scanner.sourceforge.net/
Also supports anti-virus, etc.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Quoting Sahil Tandon <[EMAIL PROTECTED]>:
Problem solved!
> When messages actually arrive from the Internet, Postfix hands off
> messages to amavisd-new+SA which let it through just fine without the
> proper score. The odd part is that messages that are in the regular
> spamcop relay (not relate
Jeff Chan wrote:
Default scores should be ok. The default configuration should
have rules and scores already in place.
Firstly, thanks to everyone who has contributed some advice thus far. I
ran some spam through spamassassin via the command line. I su'd to to
the amavisd-new user (vscan), and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sahil Tandon writes:
> Jeff Chan wrote:
>
> > That said, it sounds like your installation may be messed up
> > since init.pre was missing.
>
> init.pre wasn't missing; the .sample was there since it should be
> modified to suit the admin's needs
> So it looks like I now need to know what the appropriate 'score'
> variable are. Thanks for the clarification.
There are default scores for the 3.0 surbl rules that work fairly well for
most people.
Loren
On Sunday, October 17, 2004, 8:04:10 PM, Sahil Tandon wrote:
> Jeff Chan wrote:
> > That said, it sounds like your installation may be messed up
> > since init.pre was missing.
> init.pre wasn't missing; the .sample was there since it should be
> modified to suit the admin's needs and then put
Jeff Chan wrote:
> That said, it sounds like your installation may be messed up
> since init.pre was missing.
init.pre wasn't missing; the .sample was there since it should be
modified to suit the admin's needs and then put in place. *I* did
something wrong; the port/package is fine.
If the def
On Sunday, October 17, 2004, 6:28:19 PM, Sahil Tandon wrote:
> And it's probably worth repeating that the default (suggested) local.cf
> entries from www.surbl.org don't tickle spamassassin --lint which exits
> quietly.
Please don't use the examples in the SURBL Quickstart. I need
to revise that
Michael Parker wrote:
init.pre is part of the SA distribution, if your package/port does not
include it then it is broken and you should complain to your package
maintainer. I've forgotten all of the details but init.pre is special
because it gets loaded before all other files are processed (ie sh
On Sun, Oct 17, 2004 at 03:29:35AM -0400, Sahil Tandon wrote:
> Khalid Waheed wrote:
>
> >If you are using --siteconfigpath other then default, copy the init.pre
> >file to location.
>
> I repeat: there is no init.pre. The FreeBSD port does not include one,
> it seems. Everything else works j
Khalid Waheed wrote:
If you are using --siteconfigpath other then default, copy the init.pre
file to location.
I repeat: there is no init.pre. The FreeBSD port does not include one,
it seems. Everything else works just dandy via the local.cf and
user_prefs files. I am able to successfully loa
If you are using --siteconfigpath other then default, copy the init.pre file to
location.
Sahil Tandon wrote:
Laurent Luyckx wrote:
Are you sure you're using a recent version of Net::DNS module (>= 0.34)?
Indeed.
#pkg_info | grep p5-Net-DNS
p5-Net-DNS-0.48 Perl5 interface to the DNS resolver
On Sat, 16 Oct 2004, Sahil Tandon wrote:
> Theo Van Dinter wrote:
>
> >>loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
> >
> > this should already be in the default init.pre file.
>
> This file does not exist on my box. Without the loadplugin line, --lint
> spits out errors; with it, it
Laurent Luyckx wrote:
Are you sure you're using a recent version of Net::DNS module (>= 0.34)?
Indeed.
#pkg_info | grep p5-Net-DNS
p5-Net-DNS-0.48 Perl5 interface to the DNS resolver, and dynamic updates
I'm still baffled as to why this still doesn't work.
--
Sahil Tandon
I don't get that -
> it was EXACTLY the same as with 2.64, with which --lint didn't complain.
> Are those options now depreciated?
>
> Very bad: SURBLs don't work. I have the following in local.cf:
>
> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
>
On Sat, Oct 16, 2004 at 01:53:21PM -0400, Sahil Tandon wrote:
> This file does not exist on my box. Without the loadplugin line, --lint
It should exist in /etc/mail/spamassassin, or wherever your local.cf file
lives. If not, your installation is incomplete.
> >As usual, run with -D and see wha
Theo Van Dinter wrote:
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
this should already be in the default init.pre file.
This file does not exist on my box. Without the loadplugin line, --lint
spits out errors; with it, it exits quietly. My machine is FreeBSD
4.10-STABLE and I'm using t
On Sat, Oct 16, 2004 at 01:35:38PM -0400, Sahil Tandon wrote:
> Very bad: SURBLs don't work. I have the following in local.cf:
>
> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
this should already be in the default init.pre file.
> http://surbl-org-permanent-test
h --lint didn't complain.
Are those options now depreciated?
Very bad: SURBLs don't work. I have the following in local.cf:
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
urirhssub URIBL_JP_SURBL multi.surbl.org.A 64
headerURIBL_JP_SURBL eval:check_uridnsbl(&
> -Original Message-
> From: Smart,Dan
> To: Chris Santerre; [EMAIL PROTECTED]
> Subject: RE: SARE_FRAUD vs SURBLs (Was: RE: Mass-check errors)
>
> I then did a
> Perl -d:Dprof /usr/bin/spamassassin < testfile And then ran
> the profiler as descri
PROTECTED]
> Sent: Thursday, September 09, 2004 10:27 AM
> To: [EMAIL PROTECTED]
> Subject: RE: SARE_FRAUD vs SURBLs (Was: RE: Mass-check errors)
>
>
>
> >-Original Message-
> >From: Jeff Chan [mailto:[EMAIL PROTECTED]
> >Sent: Thurs
Jeff Chan wrote:
SARE_FRAUD has rules to catch text patterns in messages. It does
not look for phishing URI domains and IP addresses. Therefore PH
and SARE_FRAUD are not equivalent, and you may want to keep using
the SARE rule, even if you are using PH in multi.surbl.org.
More importantly, many o
>-Original Message-
>From: Jeff Chan [mailto:[EMAIL PROTECTED]
>Sent: Thursday, September 09, 2004 3:07 AM
>To: [EMAIL PROTECTED]
>Subject: SARE_FRAUD vs SURBLs (Was: RE: Mass-check errors)
>
>
>On Wednesday, September 8, 2004, 7:12:26 AM, Smart,Dan Smart,Dan wr
On Wednesday, September 8, 2004, 7:12:26 AM, Smart,Dan Smart,Dan wrote:
> What I found was that the Textcat language rules was main time-sink,
> followed by the SARE_FRAUD ruleset. Since SURBL now has the PH list, I
> removed the FRAUD ruleset too.
Dan,
SARE_FRAUD has rules to catch text patterns
48 matches
Mail list logo
