You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Yves Goergen <no...@unclassified.de> on 2018/07/28 19:20:49 UTC
stackexchange.com in URIBL (false positive?)
Hello,
I've received a notification e-mail from stackexchange.com
(stackoverflow.com) with a high spam score. It has this line in its report:
5.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: stackexchange.com]
I guess that's not supposed to be like that. I can't change anything at
it, just for information for somebody in the position to fix that.
Here's the complete report:
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at
http://www.dnswl.org/, no
trust
[198.252.206.125 listed in list.dnswl.org]
5.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: stackexchange.com]
-0.0 SPF_PASS SPF: Senderechner entspricht SPF-Datensatz
0.0 HTML_MESSAGE BODY: Nachricht enthält HTML
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature
from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
-Yves
Re: stackexchange.com in URIBL (false positive?)
Posted by Yves Goergen <no...@unclassified.de>.
Yes, I have changed the value of this rule long ago. It seemed to be
better. I may have to turn it down a little.
And I am the admin myself but I'm no expert in spam fighting. Especially
what the reason or source of that blacklisting is. I just see the rule
matched and I consider that wrong because stackexchange is a service I
use often and it never sent my anything unexpected.
So what is the reason for this host being listed?
-Yves
________________________________________
Von: RW
Gesendet: Sa, 2018-07-28 21:35 +0200
On Sat, 28 Jul 2018 21:20:49 +0200
Yves Goergen wrote:
> Hello,
>
> I've received a notification e-mail from stackexchange.com
> (stackoverflow.com) with a high spam score. It has this line in its
> report:
>
> 5.7 URIBL_BLACK Contains an URL listed in the URIBL
> blacklist [URIs: stackexchange.com]
>
> I guess that's not supposed to be like that.
The default is 1.7, 5.7 is extremely aggressive for that rule,
particular when there's no BAYES_* result in the report.
> I can't change anything
> at it, just for information for somebody in the position to fix that.
It's a very indirect way of getting to your local admin.
Re: stackexchange.com in URIBL (false positive?)
Posted by RW <rw...@googlemail.com>.
On Sat, 28 Jul 2018 21:20:49 +0200
Yves Goergen wrote:
> Hello,
>
> I've received a notification e-mail from stackexchange.com
> (stackoverflow.com) with a high spam score. It has this line in its
> report:
>
> 5.7 URIBL_BLACK Contains an URL listed in the URIBL
> blacklist [URIs: stackexchange.com]
>
> I guess that's not supposed to be like that.
The default is 1.7, 5.7 is extremely aggressive for that rule,
particular when there's no BAYES_* result in the report.
> I can't change anything
> at it, just for information for somebody in the position to fix that.
It's a very indirect way of getting to your local admin.
Re: stackexchange.com in URIBL (false positive?)
Posted by John Hardin <jh...@impsec.org>.
On Sun, 29 Jul 2018, Daniele Duca wrote:
> On 29/07/2018 09:53, Yves Goergen wrote:
>
>> No I can't because it's a locked system. I'd need an account for that. And
>> I'm not going to register just for saving another admin's system. So either
>> stackexchange admins repair their entry themselves, or the blacklist
>> operator needs a review.
>>
>> -Yves
> A third option would be for you to use uridnsbl_skip_domain and don't bother
> anymore ;)
As of right now URIBL does not report stackexchange.com as being listed.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Look at the people at the top of both efforts. Linus Torvalds is a
university graduate with a CS degree. Bill Gates is a university
dropout who bragged about dumpster-diving and using other peoples'
garbage code as the basis for his code. Maybe that has something to
do with the difference in quality/security between Linux and
Windows. -- anytwofiveelevenis on Y! SCOX
-----------------------------------------------------------------------
6 days until the 283rd anniversary of John Peter Zenger's acquittal
Re: stackexchange.com in URIBL (false positive?)
Posted by Daniele Duca <du...@staff.spin.it>.
On 29/07/2018 09:53, Yves Goergen wrote:
> No I can't because it's a locked system. I'd need an account for that.
> And I'm not going to register just for saving another admin's system.
> So either stackexchange admins repair their entry themselves, or the
> blacklist operator needs a review.
>
> -Yves
A third option would be for you to use uridnsbl_skip_domain and don't
bother anymore ;)
Daniele
Re: stackexchange.com in URIBL (false positive?)
Posted by Yves Goergen <no...@unclassified.de>.
No I can't because it's a locked system. I'd need an account for that.
And I'm not going to register just for saving another admin's system. So
either stackexchange admins repair their entry themselves, or the
blacklist operator needs a review.
-Yves
________________________________________
Von: Dave Wreski
Gesendet: Sa, 2018-07-28 21:29 +0200
> 5.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
> [URIs: stackexchange.com]
>
> I guess that's not supposed to be like that. I can't change anything at
> it, just for information for somebody in the position to fix that.
It is indeed listed, and listed for a reason.
The default score for URIBL_BLACK is 1.7 with bayes. Why have you
changed it?
You can request that it be delisted here:
https://admin.uribl.com/
Regards,
Dave
Re: stackexchange.com in URIBL (false positive?)
Posted by Dave Wreski <dw...@guardiandigital.com>.
> 5.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
> [URIs: stackexchange.com]
>
> I guess that's not supposed to be like that. I can't change anything at
> it, just for information for somebody in the position to fix that.
It is indeed listed, and listed for a reason.
The default score for URIBL_BLACK is 1.7 with bayes. Why have you
changed it?
You can request that it be delisted here:
https://admin.uribl.com/
Regards,
Dave
Re: stackexchange.com in URIBL (false positive?) *** Spam 5.7
Posted by Yves Goergen <no...@unclassified.de>.
Oh I can surely change anything I want. But I don't want to weaken my
spam filter. It's weak enough already. Spam is getting more and more
through. It got to the point where I have to reconsider my complete mail
receiving strategy with subaddresses, filters and a set of inbox
subfolders to keep anything unknown away from me and only put in my
inbox what I already know.
-Yves
________________________________________
Von: Reindl Harald
Gesendet: Sa, 2018-07-28 21:23 +0200
Am 28.07.2018 um 21:20 schrieb Yves Goergen:
> I've received a notification e-mail from stackexchange.com
> (stackoverflow.com) with a high spam score. It has this line in its report:
>
> 5.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
> [URIs: stackexchange.com]
>
> I guess that's not supposed to be like that. I can't change anything at
> it, just for information for somebody in the position to fix that
why in the world do you think you can't change anything as admin of your
server?
/etc/mail/spamassassin/local-06-uridnsbl-skip-domain.cf
uridnsbl_skip_domain stackexchange.com