You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Stewart, John" <jo...@artesyncp.com> on 2005/05/12 16:02:47 UTC
Re: SpamCopURI not working
This is killing me here.... dozens of spams this morning getting through
(with bayes, RDJ+SARE, razor, dcc). Without the SpamCopURI working, my
detection rate plummets.
Any ideas why SpamCopURI would only be querying multi.surbl.org even though
all of them are configured in my spamcop_uri.cf?
I'm using SA 2.6.4, but with a somewhat old version of perl... other than
that, everything is pretty up to date. Tried the latest Net::DNS, but no
change.
thanks!!
johnS
-----Original Message-----
From: Stewart, John
Sent: Tuesday, May 10, 2005 11:33 AM
To: 'Jeff Chan'; SpamAssassin Users
Subject: RE: SpamCopURI not working, was RE: More Messed Up www URLs
Jeff Chan wrote:
> Have you tried spamassassin -D < some_message and spamassassin
> --lint?
SA lints fine... running it in debug mode, it appears to not be checking
anything but the multi records. See below.
I've grepped through /usr/share/spamassassin and /etc/mail/spamassasin, and
the only URI_RBL reference I find in any .cf file is in
/etc/mail/spamassasin/spamcop_uri.cf, which is the config file included with
SpamCopURI-0.25 (which has rules and scores for 7 different _URI_RBL's). The
only one I'm seeing *ever* hit in my logfiles is SPAMCOP_URL_RBL.
This is really killing my spam scanning performance...!
[...]
debug: using "/usr/share/spamassassin" for default rules dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "/var/amavis/.spamassassin" for user state dir
debug: using "/var/amavis/.spamassassin/user_prefs" for user prefs file
[...]
debug: Razor2 results: spam? 0 highest cf score: 0
debug: running raw-body-text per-line regexp tests; score so far=0
debug: running uri tests; score so far=0
debug: uri tests: Done uriRE
debug: checking url: http://www.achat-montre-rolex.net./
debug: querying for achat-montre-rolex.net.multi.surbl.org
debug: Query failed for achat-montre-rolex.net.multi.surbl.org
debug: Receieved match prefix: 127.0.0
debug: Receieved mask: 2
debug: no match
debug: checking url: http://www.achat-montre-rolex.net./
debug: returning cached data : achat-montre-rolex.net.multi.surbl.org ->
ARRAY(0x9b20414)
debug: Receieved match prefix: 127.0.0
debug: Receieved mask: 4
debug: no match
debug: checking url: http://www.achat-montre-rolex.net./
debug: returning cached data : achat-montre-rolex.net.multi.surbl.org ->
ARRAY(0x9b20414)
debug: Receieved match prefix: 127.0.0
debug: Receieved mask: 32
debug: no match
debug: checking url: http://www.achat-montre-rolex.net./
debug: returning cached data : achat-montre-rolex.net.multi.surbl.org ->
ARRAY(0x9b20414)
debug: Receieved match prefix: 127.0.0
debug: Receieved mask: 64
debug: no match
debug: checking url: http://www.achat-montre-rolex.net./
debug: returning cached data : achat-montre-rolex.net.multi.surbl.org ->
ARRAY(0x9b20414)
debug: Receieved match prefix: 127.0.0
debug: Receieved mask: 16
debug: no match
debug: checking url: http://www.achat-montre-rolex.net./
debug: returning cached data : achat-montre-rolex.net.multi.surbl.org ->
ARRAY(0x9b20414)
debug: Receieved match prefix: 127.0.0
debug: Receieved mask: 8
debug: no match
debug: running full-text regexp tests; score so far=0
debug: Razor2 is available
[...]
I'll also attach the full debug run.
It just seems like SA is not testing all the surbl.org servers.
johnS
Re: [SPAM-TAG] Re: SpamCopURI not working
Posted by Jeff Chan <je...@surbl.org>.
On Thursday, May 12, 2005, 7:02:47 AM, John Stewart wrote:
> This is killing me here.... dozens of spams this morning getting through
> (with bayes, RDJ+SARE, razor, dcc). Without the SpamCopURI working, my
> detection rate plummets.
> Any ideas why SpamCopURI would only be querying multi.surbl.org even though
> all of them are configured in my spamcop_uri.cf?
> I'm using SA 2.6.4, but with a somewhat old version of perl... other than
> that, everything is pretty up to date. Tried the latest Net::DNS, but no
> change.
> thanks!!
> johnS
Please see my previous response. multi is the only list that
should be checked.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/