On 1/30/2015 4:07 PM, Benny Pedersen wrote:
@spamhaus: Spamhaus DBL users please note 127.0.1.3 is now gone,
replaced by 127.0.1.103 for 'Abused Spammed Redirector Domains'
http://www.spamhaus.org/news/article/713/
is spamassassin rules updated ?
tryed to find css, but only found
@spamhaus: Spamhaus DBL users please note 127.0.1.3 is now gone, replaced
by 127.0.1.103 for 'Abused Spammed Redirector Domains'
http://www.spamhaus.org/news/article/713/
is spamassassin rules updated ?
tryed to find css, but only found the above change, css is still in zen as
127.0.0.3
As per:
http://www.spamhaus.org/news/article/713/
Return CodesTypeNote
127.0.1.2 spam domain
127.0.1.3 spammed redirector / url shortener (Phased out on January 7th,
2015)
127.0.1.4 phish domain
127.0.1.5 malware domain
127.0
On 3/5/2014 9:40 AM, Neil Schwartzman wrote:
>
> Yeah. An abused, and abusive redirector. They only deal with abuse
> Monday-Friday, 9:00-17:00.* They never break links, but put an
> interstitial in between the victim and the payload. Gee thanks.
>
They do at least deal with it.
We reported a
On 5 Mar 2014 22:40:37 +0800
Neil Schwartzman wrote:
> On Mar 5, 2014, at 9:38 PM, RW wrote:
>
> > On Wed, 05 Mar 2014 08:18:39 -0500
> > Joe Quinn wrote:
> >
> >
> >> By the way, I recommend you inform Spamhaus of the FP on bitly.
> >
> > It's not an FP, Spamhaus lists it as a redirector, wh
On 3/5/2014 9:57 AM, Neil Schwartzman wrote:
On Mar 5, 2014, at 10:40 PM, Neil Schwartzman wrote:
Yeah. An abused, and abusive redirector. They only deal with abuse
Monday-Friday, 9:00-17:00.* They never break links, but put an interstitial in
between the victim and the payload. Gee thanks.
On Mar 5, 2014, at 10:40 PM, Neil Schwartzman wrote:
> Yeah. An abused, and abusive redirector. They only deal with abuse
> Monday-Friday, 9:00-17:00.* They never break links, but put an interstitial
> in between the victim and the payload. Gee thanks.
BTW spamhaus aren’t the only ones fed up
On Mar 5, 2014, at 9:38 PM, RW wrote:
> On Wed, 05 Mar 2014 08:18:39 -0500
> Joe Quinn wrote:
>
>
>> By the way, I recommend you inform Spamhaus of the FP on bitly.
>
> It's not an FP, Spamhaus lists it as a redirector, which it is. As has
> already been pointed-out it scores 0.001 in SA.
Yea
On Wed, 05 Mar 2014 08:18:39 -0500
Joe Quinn wrote:
> By the way, I recommend you inform Spamhaus of the FP on bitly.
It's not an FP, Spamhaus lists it as a redirector, which it is. As has
already been pointed-out it scores 0.001 in SA.
On 03/05/2014 02:18 PM, Joe Quinn wrote:
On 3/5/2014 7:18 AM, Ben wrote:
On 05/03/2014 05:47, Benny Pedersen wrote:
On 2014-03-04 18:52, Ben wrote:
Just for my reference, is there a way to affect the score rather than
skip completely ?
score FOO (1) (1) (1) (1)
add one point to FOO rule
On 3/5/2014 7:18 AM, Ben wrote:
On 05/03/2014 05:47, Benny Pedersen wrote:
On 2014-03-04 18:52, Ben wrote:
Just for my reference, is there a way to affect the score rather than
skip completely ?
score FOO (1) (1) (1) (1)
add one point to FOO rule
it also works with negative scores that wi
On 05/03/2014 05:47, Benny Pedersen wrote:
On 2014-03-04 18:52, Ben wrote:
Just for my reference, is there a way to affect the score rather than
skip completely ?
score FOO (1) (1) (1) (1)
add one point to FOO rule
it also works with negative scores that will subtract scores
post sample i
On 2014-03-04 18:52, Ben wrote:
Just for my reference, is there a way to affect the score rather than
skip completely ?
score FOO (1) (1) (1) (1)
add one point to FOO rule
it also works with negative scores that will subtract scores
post sample if more help is needed
On 03/04/2014 06:52 PM, Ben wrote:
uridnsbl_skip_domain bit.ly
Thanks, will try that.
or you liked the other way, score when bit.ly is in urls ?
Just for my reference, is there a way to affect the score rather than
skip completely ?
according to my copy of the DBL zone,
bit.ly is in the
uridnsbl_skip_domain bit.ly
Thanks, will try that.
or you liked the other way, score when bit.ly is in urls ?
Just for my reference, is there a way to affect the score rather than
skip completely ?
On 2014-03-04 17:52, Ben wrote:
I'm filtering strongly on Spamhaus DBLwhich is working great.
Except for bit.ly which Spamhaus take exception to.
How can I reduce the weighting specifically for the bit.ly domain ?
uridnsbl_skip_domain bit.ly
or you liked the other way, score
Hi,
I'm filtering strongly on Spamhaus DBLwhich is working great.
Except for bit.ly which Spamhaus take exception to.
How can I reduce the weighting specifically for the bit.ly domain ?
Thanks !
Ben
On 3/8/2011 4:46 PM, Yet Another Ninja wrote:
> I'll never grasp why one would use one of those in mail.
Many legitimate social networks auto-generate shortened URLs. These then
get copied into e-mails... sometimes in automated ways, sometimes via
people copying a twitter post (or whatever) and t
On 03/08/2011 01:46 PM, Yet Another Ninja wrote:
> I'll never grasp why one would use one of those in mail.
Many shortened links allow you to anonymously track click-throughs
(clicks-through?), e.g. adding a plus sign to any bit.ly or j.mp URI
will bring anybody to the stats (and target) of the li
On 2011-03-08 22:28, Joseph Brennan wrote:
http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20DBL#291
quote,
One way to address this problem would have been to treat URL shortener
domains the same way as any other spammed domain and include them in our
main DBL zone. But, as ment
http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20DBL#291
quote,
One way to address this problem would have been to treat URL shortener
domains the same way as any other spammed domain and include them in our
main DBL zone. But, as mentioned, most of these URL shortener serve
On 2011-03-08 22:12, Warren Togami Jr. wrote:
On 3/8/2011 9:58 AM, Bill Landry wrote:
FYI: "Spamhaus created a new "URL shortener/redirector" zone in the
DBL." See:
http://www.spamhaus.org/news.lasso?article=667
Will Spamassassin be adding support for this new DBL
shortener/redirector response
On 3/8/2011 9:58 AM, Bill Landry wrote:
FYI: "Spamhaus created a new "URL shortener/redirector" zone in the
DBL." See:
http://www.spamhaus.org/news.lasso?article=667
Will Spamassassin be adding support for this new DBL
shortener/redirector response code?:
127.0.1.3 spammed redirector domain
F
On Mar 8, 2011, at 3:07 PM, Yet Another Ninja wrote:
> Dunno if mirrors are beign served the same data atm.. seems so.
My mirror is also commented out.
Chris
--
-
Chris Owen - Garden City (620) 275-1900 - Lottery (
On 03/08, Yet Another Ninja wrote:
> http://pastebin.com/CdDPHnTX
It doesn't look like it's working.
$ host dbltest.com.dbl.spamhaus.org
dbltest.com.dbl.spamhaus.org has address 127.0.1.2
Good.
$ host rdrct.us.dbl.spamhaus.org
Host rdrct.us.dbl.spamhaus.org not found: 3(NXDOMAIN)
$ host acces
On 03/08, Lawrence @ Rogers wrote:
> eval:check_uridnsbl('URIBL_DBL_REDIRECTOR')
Thanks. Looks like the way to go about getting this in SA is opening a bug
to get it tested via mass checks, so I did:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6550
--
"Force, my friends, is violence
On 2011-03-08 20:58, Bill Landry wrote:
FYI: "Spamhaus created a new "URL shortener/redirector" zone in the
DBL." See:
http://www.spamhaus.org/news.lasso?article=667
Will Spamassassin be adding support for this new DBL
shortener/redirector response code?:
127.0.1.3 spammed redirector domain
F
On 08/03/2011 5:12 PM, Yet Another Ninja wrote:
On 2011-03-08 21:24, dar...@chaosreigns.com wrote:
Looks like that would be something like this?
urirhssub URIBL_DBL_REDIRECTOR dbl.spamhaus.org. A
127.0.1.3
bodyURIBL_DBL_REDIRECTOR
eval:check_uridnsbl('URIBL_DBL_S
On 2011-03-08 21:24, dar...@chaosreigns.com wrote:
Looks like that would be something like this?
urirhssub URIBL_DBL_REDIRECTOR dbl.spamhaus.org. A 127.0.1.3
bodyURIBL_DBL_REDIRECTOR eval:check_uridnsbl('URIBL_DBL_SPAM')
describeURIBL_DBL_REDIRECTOR Contai
On 08/03/2011 4:54 PM, dar...@chaosreigns.com wrote:
Looks like that would be something like this?
urirhssub URIBL_DBL_REDIRECTOR dbl.spamhaus.org. A 127.0.1.3
bodyURIBL_DBL_REDIRECTOR eval:check_uridnsbl('URIBL_DBL_SPAM')
describeURIBL_DBL_REDIRECTOR Cont
Looks like that would be something like this?
urirhssub URIBL_DBL_REDIRECTOR dbl.spamhaus.org. A 127.0.1.3
bodyURIBL_DBL_REDIRECTOR eval:check_uridnsbl('URIBL_DBL_SPAM')
describeURIBL_DBL_REDIRECTOR Contains a URL listed in the DBL as a
spammed redirector d
FYI: "Spamhaus created a new "URL shortener/redirector" zone in the
DBL." See:
http://www.spamhaus.org/news.lasso?article=667
Will Spamassassin be adding support for this new DBL
shortener/redirector response code?:
127.0.1.3 spammed redirector domain
For details, see:
http://www
you block on any 127* return, then
> you are blocking on more than just spam.
>
>
The SpamHaus DBL does not return 127.0.2.5. Ever. This must be a typo
similar to the one I corrected in your previ
Le 27/01/2011 15:12, Michael Scheidell a écrit :
> On 1/26/11 11:58 PM, Sahil Tandon wrote:
>>> reject_rhsbl_sender dbl.spamhaus.org=127.0.1.2,
>> Sound advice to advocate good practices, but in more recent version of
>> Postfix, this should not be required.
> eh?
>
> reject_rhsbl_sender dbl.spamh
On 1/26/11 11:58 PM, Sahil Tandon wrote:
reject_rhsbl_sender dbl.spamhaus.org=127.0.1.2,
Sound advice to advocate good practices, but in more recent version of
Postfix, this should not be required.
eh?
reject_rhsbl_sender dbl.spamhaus.org can return (potentially) one of
several 127.* values.
rejected even before the RHSBL checks with:
>
> 501 5.1.7 Bad sender address syntax
>
>> (127.255.255.255 is returned if you pass it an ip address)
> 127.0.1.255 is returned for IP queries to the SpamHaus DBL.
>
>> withing seconds of putting on a 2000 user box, got hit
55.255 is returned if you pass it an ip address)
127.0.1.255 is returned for IP queries to the SpamHaus DBL.
> withing seconds of putting on a 2000 user box, got hits. (just using
> _sender) looked up the sender's name and found 27 spams sent today
> that SA had to deal with (no mor
On 1/22/11 12:38 PM, Ned Slider wrote:
For me they don't catch a lot after greylisting and zen has done it's
stuff, but they do still hit a couple times a week even on my low
volume home server.
I am toying with the idea of putting them in front of zen.. smaller db?
faster response?
oh, an
On 22/01/11 16:36, Michael Scheidell wrote:
Anyone using dbl.spamhaus.org? Do you consider it safe to use for MTA
blocking?
Yes and yes. No problems that I've seen so far. I would imagine if you
consider zen safe to use then you would probably consider the dbl likewise.
reject_rhsbl_sender
Anyone using dbl.spamhaus.org? Do you consider it safe to use for MTA
blocking?
reject_rhsbl_sender dbl.spamhaus.org
any suggested SA rules?
i see these, but they don't seem to cover from or env from.
25_uribl.cf:urirhssub URIBL_DBL_SPAM dbl.spamhaus.org. A
127.0.1.2
25_u
Mark's suggestion to switch resolvers seems to have resolved the issue. Thanks
to Mark and everyone for his help.
Regards,
Lawrence
From: Benny Pedersen
To: users@spamassassin.apache.org
Sent: Mon, August 30, 2010 10:09:53 PM
Subject: Re: enabling Spa
On tir 31 aug 2010 00:34:33 CEST, LAWRENCE WILLIAMS wrote
Here is a link to the complete output.
http://www.lcwsoft.com/salintoutput/salintoutput.txt
Aug 30 20:00:47.455 [19467] dbg: async: aborting after 7.423 s,
deadline shrunk: URI-DNSBL, DNSBL:multi.uribl.com.:with.com
have a cacheing
On Tue, 31 Aug 2010, Mark Martinec wrote:
> Lawrence,
>
> > This is a dedicated server in a facility in the US. The server is
> > configured to use the resolvers 4.2.2.1 and 4.2.2.2
> >
> > I wouldn't dream of relying on Google for anything :)
>
> Like I said, your resolver is tricking you. Either
> It is definitely something with those resolvers. When I try the host
> command you gave me, I get the following error:
> Host midpage.ru.dbl.spamhaus.org. not found: 3(NXDOMAIN)
> I am contacting the DC now and will hopefully have no further need for
> assistance on this mailing list :)
See also
On man 30 aug 2010 18:55:44 CEST, LAWRENCE WILLIAMS wrote
How do I work around this?
spamassassin 2>&1 -D -t msgfile | less
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
:)
Thank you for your help!
Regards,
Lawrence
From: Mark Martinec
To: users@spamassassin.apache.org
Sent: Mon, August 30, 2010 9:20:53 PM
Subject: Re: enabling SpamHaus DBL
Lawrence,
> > Either your DNS resolver is borked, or your firewall/home-router
Lawrence,
> > Either your DNS resolver is borked, or your firewall/home-router
> > is playing jokes on you.
> > Are you using Google Public DNS for this? Don't!
> This is a dedicated server in a facility in the US. The server is
> configured to use the resolvers 4.2.2.1 and 4.2.2.2
>
> I wouldn
Lawrence,
> Here is a link to the complete output.
> http://www.lcwsoft.com/salintoutput/salintoutput.txt
The midpage(d)ru should have been listed in SpamHaus DBL,
but you are receiving a negative response:
dbg: async: starting: URI-DNSBL, DNSBL:dbl.spamhaus.org.:midpage.ru
dbg:
Here is a link to the complete output.
http://www.lcwsoft.com/salintoutput/salintoutput.txt
Any ideas?
Regards,
Lawrence
From: Mark Martinec
To: users@spamassassin.apache.org
Sent: Mon, August 30, 2010 7:21:42 PM
Subject: Re: enabling SpamHaus DBL
On
On Monday August 30 2010 21:19:22 LAWRENCE WILLIAMS wrote:
> I think I was confused for a second. I merely posted the --lint output so
> that a better eye could see if it showed anything that was obviously
> wrong. I do not run SA this way normally.
>
> Like I said before, I am using a stock SA 3.
weekly and the 2 extra
configuration file I linked to earlier (which modify some scores and make sure
DCC is run properly).
From: Mark Martinec
To: users@spamassassin.apache.org
Sent: Mon, August 30, 2010 3:11:59 PM
Subject: Re: enabling SpamHaus DBL
On 8/30/2010 1:41 PM, Mark Martinec wrote:
spamassassin --lint -D output:
http://www.lcwsoft.com/salintoutput/salintoutput_debug.txt
>>> Option --lint implies --local-only
>> How do I work around this?
> Do not specify --lint when doing a normal mail check.
>
> This option is intended fo
>>> spamassassin --lint -D output:
>>> http://www.lcwsoft.com/salintoutput/salintoutput_debug.txt
> > Option --lint implies --local-only
> How do I work around this?
Do not specify --lint when doing a normal mail check.
This option is intended for syntactic check of config files and rules
only,
How do I work around this?
- Lawrence
From: Mark Martinec
To: users@spamassassin.apache.org
Sent: Mon, August 30, 2010 2:21:03 PM
Subject: Re: enabling SpamHaus DBL
On Saturday 28 August 2010 20:00:11 LAWRENCE WILLIAMS wrote:
> He was talking about
On Saturday 28 August 2010 20:00:11 LAWRENCE WILLIAMS wrote:
> He was talking about RBL checks when he said that, not the DBL. I think it
> was just that he used a non-standard format in his reply, which confuses
> some people
>
> Regardless, it is still not working for me. I completely removed an
ubject: RE: enabling SpamHaus DBL
benny
i meant your description of DBL
i went to their website and everything they said was opposite of what you
said
- rh
benny
i meant your description of DBL
i went to their website and everything they said was opposite of what you
said
- rh
On lør 28 aug 2010 08:12:02 CEST, R-Elists wrote
it appears you might have it backwards...
for the skip_rbl_checks? no
http://www.spamhaus.org/dbl/
this list does not contain ip
if skip_rbl_checks disable uribl testing let me know :=)
--
xpoint http://www.unicom.com/pw/reply-to-harmful.h
>
> this is not urls, but ip blacklisted dns ip
>
> url is another test
>
> --
> xpoint
>
benny,
it appears you might have it backwards...
http://www.spamhaus.org/dbl/
http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20DBL#287
- rh
On fre 27 aug 2010 01:30:41 CEST, LAWRENCE WILLIAMS wrote
I figured as such. Either way, I have the following at the end of my local.cf
file (which I confirmed SA 3.3.1 is using, as I used it to tweak
Bayes autolearn
settings and they are in effect).
# Look up e-mail links in variable DNS BL
n
To: users@spamassassin.apache.org
Sent: Thu, August 26, 2010 8:34:37 PM
Subject: Re: enabling SpamHaus DBL
On fre 27 aug 2010 00:09:51 CEST, LAWRENCE WILLIAMS wrote
> I am getting nothing hitting on it. I had one e-mail with a link directly to
> midpage dot ru (HTML link) and nothing wa
On Thu, 26 Aug 2010 15:09:51 -0700 (PDT)
LAWRENCE WILLIAMS wrote:
> I am getting nothing hitting on it. I had one e-mail with a link
> directly to midpage dot ru (HTML link) and nothing was triggered.
> What do you have set for skip_rbl_checks?
>
I don't set it, or skip_uribl_checks.
On fre 27 aug 2010 00:09:51 CEST, LAWRENCE WILLIAMS wrote
I am getting nothing hitting on it. I had one e-mail with a link directly to
midpage dot ru (HTML link) and nothing was triggered. What do you
have set for skip_rbl_checks?
this is not urls, but ip blacklisted dns ip
url is another
Subject: Re: enabling SpamHaus DBL
On Thu, 26 Aug 2010 14:35:25 -0700 (PDT)
LAWRENCE WILLIAMS wrote:
> Hi,
>
> I installed SpamAssassin 3.3.1 from CPAN (running CentOS 5.5) 5 days
> ago and have it running as a daemon (spamd).
>
> I see that support for the SpamHaus DBL was adde
On Thu, 26 Aug 2010 14:35:25 -0700 (PDT)
LAWRENCE WILLIAMS wrote:
> Hi,
>
> I installed SpamAssassin 3.3.1 from CPAN (running CentOS 5.5) 5 days
> ago and have it running as a daemon (spamd).
>
> I see that support for the SpamHaus DBL was added in 3.3.1, but it
> se
Hi,
I installed SpamAssassin 3.3.1 from CPAN (running CentOS 5.5) 5 days ago and
have it running as a daemon (spamd).
I see that support for the SpamHaus DBL was added in 3.3.1, but it seems to be
disabled by default (I've had several near-spam messages come in that contain
domains list
spamassassin to do that?
> > Get SA 3.3.1. Run sa-update.
Important notice: Do NOT try to use Spamhaus DBL with older SA
versions. See
http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20DBL
> I did and it seems to be active:
>
> dsrv:/etc/spamassassin# grep "DBL&qu
On Wed, April 21, 2010 12:05 am, Bret Miller wrote:
> On 4/20/2010 3:09 PM, Jack Knowlton wrote:
>> Hi all.
>> I noticed Spamhaus made available a new URIBL. I updated my SA package
>> (debian testing) to the latest version and I wanted to implement check
>> on
>> the DBL list too.
>> How do I conf
On 4/20/2010 3:09 PM, Jack Knowlton wrote:
Hi all.
I noticed Spamhaus made available a new URIBL. I updated my SA package
(debian testing) to the latest version and I wanted to implement check on
the DBL list too.
How do I configure spamassassin to do that?
Thanks,
-JK
Get SA 3.3.1. Run sa
Hi all.
I noticed Spamhaus made available a new URIBL. I updated my SA package
(debian testing) to the latest version and I wanted to implement check on
the DBL list too.
How do I configure spamassassin to do that?
Thanks,
-JK
I've been running it since 1:51 Eastern (US) time, yesterday.
>You risk wrongly flagging legitimate email if you make IP queries
>to the DBL.
For now, I'm :) cheating, by mapping one of the (officially)
unused high bits to a negative score, which should wipe out the
positive score for a raw IP UR
ores you assign for a dbl positive hit ?
>>
>> I assume my current datafeed would already extend to data access on the
>> dbl list. I will have to setup my rbldnsd before trying this out.
>>
>>
> The new Spamhaus DBL may not be used with current versions of SpamAs
access on the
dbl list. I will have to setup my rbldnsd before trying this out.
The new Spamhaus DBL may not be used with current versions of SpamAssassin.
A new version of SpamAssassin will be released soon which adds support for
the DBL. Check out the DBL FAQ at
http://www.spamha
http://www.spamhaus.org/dbl/
I think sa-folks would have this already in some URIBL rule. What are
the scores you assign for a dbl positive hit ?
I assume my current datafeed would already extend to data access on the
dbl list. I will have to setup my rbldnsd before trying this out.
74 matches
Mail list logo
