You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by David Hasbrouck <da...@gmail.com> on 2008/12/29 06:55:33 UTC

All emails being tagged URIBL

Hello,

I use qmail with simscan, run spamd as a daemon.  I am running Spam Assassin
3.2.5 on CentOS 4.7.

I am having an issue where all my emails are getting tagged with
URIBL_RED/GREY/BLACK.
Emails that contain invalid domains in them are also getting tagged.

>From the information I have found, to test this, I should lookup the domains
as follows:

dig somedomaingoeshere12345.com.multi.surbl.org A

Using somedomaingoeshere12345.com as an example, that isn't listed in URIBL
(and isn't even a valid domain name), but an email that contains just
somedomaingoeshere12345.com in the body is getting tagged.

We have valid domains that are also getting tagged.  I looked them up in
URIBL and they are not there (both at their site and using the above dig
method).  I found a few valid domains that are listed, and the dig command
properly returns an A record for those.

I am not sure what other information would be helpful, so will leave it at
this for now.

Thanks for any help!

David

Re: All emails being tagged URIBL

Posted by Kevin Golding <ke...@caomhin.demon.co.uk>.

In article <a5...@mail.gmail.com>,
David Hasbrouck <da...@gmail.com> writes
>    I am having an issue where all my emails are getting tagged with 
>    URIBL_RED/GREY/BLACK.  Emails that contain invalid domains in them 
>    are also getting tagged.
>
>    From the information I have found, to test this, I should lookup 
>    the domains as follows:
>
>    dig somedomaingoeshere12345.com.multi.surbl.org A

Nope, that's testing against SURBL not URIBL.  The recommended way of
testing against URIBL would be:

host -tA 2.0.0.127.multi.uribl.com

http://www.uribl.com/about.shtml has some other tests to try too which
may help with your problem (hint: see the bottom part of the page).

Kevin

Re: All emails being tagged URIBL

Posted by ram <ra...@netcore.co.in>.

On Sun, 2008-12-28 at 23:55 -0600, David Hasbrouck wrote:
> Hello,
> 
> I use qmail with simscan, run spamd as a daemon.  I am running Spam
> Assassin 3.2.5 on CentOS 4.7.
> 
> I am having an issue where all my emails are getting tagged with
> URIBL_RED/GREY/BLACK.  Emails that contain invalid domains in them are
> also getting tagged.
> 

save the mail as a textfile with full headers 
run ( assuming u have a *nix OS ) 
spamassassin -D -t < /path/mail >/tmp/sa.log 2>&1

Now read the sa.log file and see exactly where the URIBL rule hit 

It must be some footer/disclaimer in the mails .. that happens
frequently enough



> From the information I have found, to test this, I should lookup the
> domains as follows:
> 
> dig somedomaingoeshere12345.com.multi.surbl.org A

multi.surbl.org is for SURBL rules not URIBL


> Using somedomaingoeshere12345.com as an example, that isn't listed in
> URIBL (and isn't even a valid domain name), but an email that contains
> just somedomaingoeshere12345.com in the body is getting tagged.
> 
> We have valid domains that are also getting tagged.  I looked them up
> in URIBL and they are not there (both at their site and using the
> above dig method).  I found a few valid domains that are listed, and
> the dig command properly returns an A record for those.
> 
> I am not sure what other information would be helpful, so will leave
> it at this for now.  
> 
> Thanks for any help!
> 
> David
> 
> 
> 
>

Re: All emails being tagged URIBL

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

On 28.12.08 23:55, David Hasbrouck wrote:
> I use qmail with simscan, run spamd as a daemon.  I am running Spam
> Assassin 3.2.5 on CentOS 4.7.
> 
> I am having an issue where all my emails are getting tagged with
> URIBL_RED/GREY/BLACK.
> Emails that contain invalid domains in them are also getting tagged.

> We have valid domains that are also getting tagged.  I looked them up in
> URIBL and they are not there (both at their site and using the above dig
> method).  I found a few valid domains that are listed, and the dig command
> properly returns an A record for those.

By any chance, didn't your ISP start "providing search service" for any
web name that does not exist?

> I am not sure what other information would be helpful, so will leave it at
> this for now.

X-Spam-* headers...

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes.