> -----Messaggio originale----- > Da: Chris St. Pierre [mailto:[EMAIL PROTECTED] > > On Mon, 26 Mar 2007, Giampaolo Tomassoni wrote: > > > By "black-listing" URI's host IPs, one could easily score high this > kind of > > e-mails. Maybe there is also some RBL regarding web hosts, by the > way. Is > > it? > > You mean URIBL? Not only does it exist, it's included with SA. If > the URIBL_* family of rules aren't among your top 5 most effective, > something is seriously wrong with your SA installation.
No, not URIBL: that would detect the URI (which always changes). I mean some RBL thing which enlists suspicious web host IP address, since the IP address of this spammer is always the same. One could alternatively have a similar check on the authoritative DNS server(s) for the URI's domain: this too is always the same. A SA plugin which lets me score messages containing URI resolving to suspicious web hosts and/or authoritative name servers would suffice. Being out there even some RBL service about suspicious web hosts IP addresses and/or the IP address of suspicious authoritative name servers would be great for to stop him/she... > FWIW, the OP's message scored 31.3 on my system, as it hit Razor2 and > two URIBL rules (the scores for which I crank up). Unfortunately, it seems I often get this crap before many others do. Thereby, there is no Razor or Pyzor or DCC report about it. Sometimes there is a URIBL report, however, which, helped by Bayes, rises the score to high enough to mark it as "[SPAM?]". Not enough to be discarded, anyway. > Chris St. Pierre > Unix Systems Administrator > Nebraska Wesleyan University > ---------------------------- > Never send mail to [EMAIL PROTECTED] ------------------------------------- Giampaolo Tomassoni - I.T. Consultant Piazza VIII Aprile 1948, 4 I-53043 Chiusi (SI) - Italy Tel/Ph: +39-0578-21100 MAI mandare un messaggio a: NEVER send an e-mail to: [EMAIL PROTECTED]
