You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Vicki Brown <vl...@cfcl.com> on 2005/03/16 04:13:04 UTC
****SPAM(6.2)**** Blacklisting embedded URLs
SpamAssassin, running on "mail.dailyhills.com", has identified this incoming
email as possible spam. The original message has been attached to this
email so you can view it (if it isn't spam).
If you have any questions, contact postmaster@dailyhills.com for details.
Content preview: I've been going through a bunch of spam and
blacklisting domains. However, some of the more frequent offenders are
in the body of the message. For example, today I found about half a
dozen porno spams that contained a reference to
http://www.a123s.biz/... [...]
Content analysis details: (6.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
2.3 BIZ_TLD URI: Contains an URL in the BIZ top-level domain
2.5 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50%
[cf: 100]
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
2.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
1.0 URIBL_SBL Contains an URL listed in the SBL blocklist
[URIs: a123s.biz]
0.4 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
[URIs: a123s.biz]
1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: a123s.biz]
3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: a123s.biz]
4.3 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
[URIs: a123s.biz]
-8.8 AWL AWL: From: address is in the auto white-list
---- ---------------------- --------------------------------------------------
Re: [SPAM-TAG] SpamAssassin, running on "mail.dailyhills.com" ...
Posted by Jeff Chan <je...@surbl.org>.
On Tuesday, March 15, 2005, 9:27:50 PM, Vicki Brown wrote:
> Does anyone else find this just too absurdly silly for words?
> Although I guess it surely does prove the point Jeff Chan made for URIDNSBL
> and SURBL - most eloquently in fact :-)
>>SpamAssassin, running on "mail.dailyhills.com", has identified this incoming
>>email as possible spam. The original message has been attached to this
>>email so you can view it (if it isn't spam).
>>If you have any questions, contact postmaster@dailyhills.com for details.
Yes, but it's a broken configuration on Dave Hill's mail
server...
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
SpamAssassin, running on "mail.dailyhills.com" ...
Posted by Vicki Brown <vl...@cfcl.com>.
Does anyone else find this just too absurdly silly for words?
Although I guess it surely does prove the point Jeff Chan made for URIDNSBL
and SURBL - most eloquently in fact :-)
>SpamAssassin, running on "mail.dailyhills.com", has identified this incoming
>email as possible spam. The original message has been attached to this
>email so you can view it (if it isn't spam).
>If you have any questions, contact postmaster@dailyhills.com for details.
>
>Content preview: I've been going through a bunch of spam and
> blacklisting domains. However, some of the more frequent offenders are
> in the body of the message. For example, today I found about half a
> dozen porno spams that contained a reference to
> http://www.a123s.biz/... [...]
>
>Content analysis details: (6.2 points, 5.0 required)
>
> pts rule name description
>---- ----------------------
>--------------------------------------------------
>-0.0 SPF_PASS SPF: sender matches SPF record
> 2.3 BIZ_TLD URI: Contains an URL in the BIZ top-level domain
> 2.5 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50%
> [cf: 100]
>-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> [score: 0.0000]
> 2.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
> 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist
> [URIs: a123s.biz]
> 0.4 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
> [URIs: a123s.biz]
> 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
> [URIs: a123s.biz]
> 3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
> [URIs: a123s.biz]
> 4.3 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
> [URIs: a123s.biz]
>-8.8 AWL AWL: From: address is in the auto white-list
>
>---- ----------------------
>--------------------------------------------------
>
>
>
>Return-Path:
><us...@spamassassin.apache.org>
>Envelope-To: <da...@dailyhills.com>
>X-Spam-Status: SpamAssassin failed demos
>Received: from mail.apache.org ([209.237.227.199] verified)
> by daypicnic.com (CommuniGate Pro SMTP 4.2.8)
> with SMTP id 287354 for daveh@dailyhills.com; Tue, 15 Mar 2005 19:25:19
>-0800
>Received: (qmail 13383 invoked by uid 500); 16 Mar 2005 03:25:03 -0000
>Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm
>Precedence: bulk
>list-help: <ma...@spamassassin.apache.org>
>list-unsubscribe: <ma...@spamassassin.apache.org>
>List-Post: <ma...@spamassassin.apache.org>
>List-Id: <users.spamassassin.apache.org>
>Delivered-To: mailing list users@spamassassin.apache.org
>Received: (qmail 13369 invoked by uid 99); 16 Mar 2005 03:25:03 -0000
>X-ASF-Spam-Status: No, hits=9.6 required=10.0
>
> tests=BIZ_TLD,FORGED_RCVD_HELO,URIBL_AB_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL
>X-Spam-Check-By: apache.org
>Received-SPF: pass (hermes.apache.org: local policy)
>Received: from cpe-24-221-172-174.ca.sprintbbd.net (HELO cfcl.com)
>(24.221.172.174)
> by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 15 Mar 2005 19:25:02 -0800
>Received: from [192.168.254.206] ([192.168.254.206])
> by cfcl.com (8.12.6/8.12.6) with ESMTP id j2G3SktM066434
> for <us...@spamassassin.apache.org>; Tue, 15 Mar 2005 19:28:48 -0800 (PST)
> (envelope-from vlb@cfcl.com)
>Mime-Version: 1.0
>Message-Id: <p06200706be5d5083c33a@[192.168.254.206]>
>X-Mailer: Eudora for Macintosh!
>Date: Tue, 15 Mar 2005 19:13:04 -0800
>To: users@spamassassin.apache.org
>From: Vicki Brown <vl...@cfcl.com>
>Subject: Blacklisting embedded URLs
>Content-Type: text/plain; charset="us-ascii"
>X-Virus-Checked: Checked
>
>I've been going through a bunch of spam and blacklisting domains. However,
>some of the more frequent offenders are in the body of the message. For
>example, today I found about half a dozen porno spams that contained a
>reference to
> http://www.a123s.biz/...
>
>I can do a body match rule.
>Is there anything else I can do?
>
>Is there something useful that could be added to SpamAssassin for
>blacklisting URLs within the body of a message?
>
>I have something like this for my weblog; I use Movable Type with
>MT-Blacklist. It goes through a spam comment and grabs all the URLs it finds
>and adds those to the internal blacklist. Very handy for Texas Hold-em Poker
>spamments.
>--
>Vicki Brown ZZZ
>Journeyman Sourceror: zz |\ _,,,---,,_ Code, Docs, Process,
>Scripts & Philtres zz /,`.-'`' -. ;-;;,_ Perl, WWW, Mac OS X
>http://cfcl.com/vlb |,4- ) )-,_. ,\ ( `'-' SF Bay Area, CA USA
>_______________________ '---''(_/--' `-'\_) ___________________________
--
Vicki Brown ZZZ
Journeyman Sourceror: zz |\ _,,,---,,_ Code, Docs, Process,
Scripts & Philtres zz /,`.-'`' -. ;-;;,_ Perl, WWW, Mac OS X
http://cfcl.com/vlb |,4- ) )-,_. ,\ ( `'-' SF Bay Area, CA USA
_______________________ '---''(_/--' `-'\_) ___________________________
Re: [SPAM-TAG] Blacklisting embedded URLs
Posted by Jeff Chan <je...@surbl.org>.
On Tuesday, March 15, 2005, 7:13:04 PM, Vicki Brown wrote:
> I've been going through a bunch of spam and blacklisting domains. However,
> some of the more frequent offenders are in the body of the message. For
> example, today I found about half a dozen porno spams that contained a
> reference to
> http://www.a123s.biz/...
> I can do a body match rule.
> Is there anything else I can do?
> Is there something useful that could be added to SpamAssassin for
> blacklisting URLs within the body of a message?
Yes, please see URIDNSBL and SURBL:
http://spamassassin.apache.org/full/3.0.x/dist/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
http://www.surbl.org/
which are built into SpamAssassin 3 and enabled by default if
network tests are enabled.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/