Same as I am - hmm.
ok, check the /etc/mail/spamassassin.init.pre file for this list
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
Andrew Xiang wrote:
3.01
----- Original Message ----- From: "Tim Litwiller" <[EMAIL PROTECTED]> To: "Andrew Xiang" <[EMAIL PROTECTED]> Sent: Thursday, December 02, 2004 7:51 PM Subject: Re: How to block rolex spam
which version of spamassassin are you using?
comment out the URIBL sections and then test again
Andrew Xiang wrote:
I failed lint when I added:
spamassassin --lint
config: SpamAssassin failed to parse line, skipping: urirhssub
URIBL_JP_SURBL multi.surbl.org. A 64
Failed to run URIBL_JP_SURBL SpamAssassin test, skipping:
(Can't locate object method "check_uridnsbl" via package
"Mail::SpamAssassin::PerMsgStatus" (perhaps you forgot to load
"Mail::SpamAssassin::PerMsgStatus"?) at
/usr/local/lib/perl5/site_perl/5.6.1/Mail/SpamAssassin/PerMsgStatus.pm line
2296.
)
lint: 2 issues detected. please rerun with debug enabled for more
information.
local.cf:
urirhssub URIBL_JP_SURBL multi.surbl.org. A 64
body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html
tflags URIBL_JP_SURBL net
score URIBL_JP_SURBL 4.0
----- Original Message ----- From: "Tim Litwiller" <[EMAIL PROTECTED]> To: "Andrew Xiang" <[EMAIL PROTECTED]> Sent: Thursday, December 02, 2004 4:44 PM Subject: Re: How to block rolex spam
It is a personal preference - I think it helps some but i wouldn't use it as the only bayes learning
The SURBL plugin in SA 3* take urls found in email and compares those to
a url black list - if the url of an advertised site is listed in SURBL
it is most likely spam
The rules are already in 3.0 but they are scored way to low.
Andrew Xiang wrote:
is it a good idea to autolearn, the key file can get pretty large?
And what are those blacklist? how does it work?
# set bayes autolearning levels bayes_auto_learn_threshold_nonspam -2.0 bayes_auto_learn_threshold_spam 8.0
# blacklist #-------------------------------------------- urirhssub URIBL_PH_SURBL multi.surbl.org. A 8 header URIBL_PH_SURBL eval:check_uridnsbl('URIBL_PH_SURBL') describe URIBL_PH_SURBL Contains a URL listed in PH tflags URIBL_PH_SURBL net score URIBL_PH_SURBL 5.0
urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 header URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') describe URIBL_JP_SURBL Contains a URL listed in JP tflags URIBL_JP_SURBL net score URIBL_JP_SURBL 4.0
#--------------------------------------------- #Global WBL entries whitelist_from [EMAIL PROTECTED]
#---------------------------------------------
---snip---
Andrew Xiang wrote:
can you send me your local.cf file?
thanks Andrew
----- Original Message ----- From: "Tim Litwiller" <[EMAIL PROTECTED]>
To: "Andrew Xiang" <[EMAIL PROTECTED]>
Sent: Thursday, December 02, 2004 3:23 PM
Subject: Re: How to block rolex spam
in you local.cf file add lines like
score RCVD_IN_BL_SPAMCOP_NET # score RCVD_IN_DSBL # score RCVD_IN_SORBS_HTTP # score RCVD_IN_SORBS_MISC #
where # is the score you want that rule to use
I have spamcop at 5 dsbl at 3.8
and I'm not using sorbs so I don't know what those actually contribure
to the score.
I did look thru the rolex spam in my quarentine and they average a
score
of 29.7
here are the SA headers from an averave rolex spam - Note the SURBL is
really pushing the score up on the linked domain.
X-Spam-Prev-Subject: Order Rolex or other Swiss watches online X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on mailhost.bccwebhosting.com X-Spam-DCC: xmailer: mailhost 1192; Body=many Fuz1=many Fuz2=many X-Spam-Report: * 1.9 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * 3.0 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) * 3.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org * [<http://dsbl.org/listing?84.24.207.174>] * 5.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?84.24.207.174>]
* 1.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [<http://www.spamhaus.org/query/bl?ip=84.24.207.174>]
* 0.0 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server
* [84.24.207.174 listed in dnsbl.sorbs.net]
* 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
* [84.24.207.174 listed in dnsbl.sorbs.net]
* 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist
* [URIs: bhex.com]
* 4.3 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
* [URIs: bhex.com]
* 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
* [URIs: bhex.com]
* 3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
* [URIs: bhex.com]
* 0.4 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
* [URIs: bhex.com]
* 2.7 MSGID_DOLLARS Message-Id has pattern used in spam
X-Spam-Status: Yes, score=29.7 required=5.0 tests=BAYES_99,DCC_CHECK,
MSGID_DOLLARS,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,RCVD_IN_SORBS_DUL,
RCVD_IN_SORBS_WEB,RCVD_IN_XBL,URIBL_AB_SURBL,URIBL_OB_SURBL,URIBL_SBL,
URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=spam version=3.0.1 X-Spam-Level: *****************************
Andrew Xiang wrote:
How do I add points? spamcop, DSBL and each of the SORBS
----- Original Message ----- From: "Tim Litwiller" <[EMAIL PROTECTED]>
Cc: "spamassassin-users mailing-list"
<[EMAIL PROTECTED]>
Sent: Thursday, December 02, 2004 12:00 PM
Subject: Re: How to block rolex spam
Ronald I. Nutter wrote:
I have been getting bombarded by spam trying to sell me Rolex
watches of
X-Spam-Status: No, hits=5.562 tagged_above=2 required=6.31 tests=BAYES_50, RAZOR2_CF_RANGE_51_100, RAZOR2_CHECK, RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_DSBL, RCVD_IN_SORBS_HTTP, RCVD_IN_SORBS_MISC X-Spam-Level: *****
That email hist enough blacklists that it should have got marked but
youraised your required score to 6.31 - and you didn't raise the blacklistscoreing to match.
I'd add .3 to .5 to spamcop, DSBL and each of the SORBS
I see a few rolex spam in my quarantine but I've never had one in my
inbox yet.
