On Sun, 2008-04-06 at 20:00 -0400, Juan Miscaro wrote: > Hi, I recently activated URIDNSBL and my scores went through the roof.
You mean you activated the plugin? What's your SA version? These checks are enabled by default and actually are quite effective. As you noticed. And as the plugin doc [1] states. ;) > I'm a little worried about it. Don't. :) Seriously, I know that feeling -- changing your mail processing "slightly", and noticing some massive changes. However... > So first, is this method a recommended in the SA community? Yes. It is enabled by default. > And secondly, how can I mod down the (high) scores I'm seeing? I > tried this in my local.cf file but it was ignored: > > score URIBL_SBL 1.0 That will *only* change the score for the URIBL_SBL test, the URI Blacklist by Spamhaus, which defaults to a score of about 1.5 in SA. This indeed doesn't make much of a difference -- even more so, since there are other blacklists queried [2]. URIBL_BLACK for example is highly efficient, and will trigger on a lot of (read: most) spam containing URIs. If you really want to lower the scores for the tests you just enabled, you will need to do so in your local.cf for other rules, too. See 25_uribl.cf and 50_scores.cf for the default score. Lint check and restart spamd after modifying anything in local.cf. IMHO, the high scores are justified. ;) The scoring process prior to a release carefully set these scores, based on the reliability and effectiveness of the various BLs, while minimizing FPs. guenther [1] http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_URIDNSBL.html [2] see 25_uribl.cf -- char *t="[EMAIL PROTECTED]"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
