You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by "Stewart, John" <jo...@artesyncp.com> on 2005/05/12 16:02:47 UTC

Re: SpamCopURI not working

This is killing me here.... dozens of spams this morning getting through
(with bayes, RDJ+SARE, razor, dcc). Without the SpamCopURI working, my
detection rate plummets.

Any ideas why SpamCopURI would only be querying multi.surbl.org even though
all of them are configured in my spamcop_uri.cf?

I'm using SA 2.6.4, but with a somewhat old version of perl... other than
that, everything is pretty up to date. Tried the latest Net::DNS, but no
change.

thanks!!

johnS

-----Original Message-----
From: Stewart, John 
Sent: Tuesday, May 10, 2005 11:33 AM
To: 'Jeff Chan'; SpamAssassin Users
Subject: RE: SpamCopURI not working, was RE: More Messed Up www URLs

Jeff Chan wrote:
> Have you tried spamassassin -D < some_message and spamassassin
> --lint?

SA lints fine... running it in debug mode, it appears to not be checking
anything but the multi records. See below.

I've grepped through /usr/share/spamassassin and /etc/mail/spamassasin, and
the only URI_RBL reference I find in any .cf file is in
/etc/mail/spamassasin/spamcop_uri.cf, which is the config file included with
SpamCopURI-0.25 (which has rules and scores for 7 different _URI_RBL's). The
only one I'm seeing *ever* hit in my logfiles is SPAMCOP_URL_RBL.

This is really killing my spam scanning performance...!

[...]
debug: using "/usr/share/spamassassin" for default rules dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "/var/amavis/.spamassassin" for user state dir
debug: using "/var/amavis/.spamassassin/user_prefs" for user prefs file    
[...]
debug: Razor2 results: spam? 0  highest cf score: 0
debug: running raw-body-text per-line regexp tests; score so far=0
debug: running uri tests; score so far=0
debug: uri tests: Done uriRE
debug: checking url: http://www.achat-montre-rolex.net./
debug: querying for achat-montre-rolex.net.multi.surbl.org

debug: Query failed for achat-montre-rolex.net.multi.surbl.org
debug: Receieved match prefix: 127.0.0
debug: Receieved mask: 2
debug: no match
debug: checking url: http://www.achat-montre-rolex.net./
debug: returning cached data :  achat-montre-rolex.net.multi.surbl.org ->
ARRAY(0x9b20414)
debug: Receieved match prefix: 127.0.0
debug: Receieved mask: 4
debug: no match
debug: checking url: http://www.achat-montre-rolex.net./
debug: returning cached data :  achat-montre-rolex.net.multi.surbl.org ->
ARRAY(0x9b20414)
debug: Receieved match prefix: 127.0.0
debug: Receieved mask: 32
debug: no match
debug: checking url: http://www.achat-montre-rolex.net./
debug: returning cached data :  achat-montre-rolex.net.multi.surbl.org ->
ARRAY(0x9b20414)
debug: Receieved match prefix: 127.0.0
debug: Receieved mask: 64
debug: no match
debug: checking url: http://www.achat-montre-rolex.net./
debug: returning cached data :  achat-montre-rolex.net.multi.surbl.org ->
ARRAY(0x9b20414)
debug: Receieved match prefix: 127.0.0
debug: Receieved mask: 16
debug: no match
debug: checking url: http://www.achat-montre-rolex.net./
debug: returning cached data :  achat-montre-rolex.net.multi.surbl.org ->
ARRAY(0x9b20414)
debug: Receieved match prefix: 127.0.0
debug: Receieved mask: 8
debug: no match
debug: running full-text regexp tests; score so far=0
debug: Razor2 is available
[...]

I'll also attach the full debug run.

It just seems like SA is not testing all the surbl.org servers.

johnS

Re: [SPAM-TAG] Re: SpamCopURI not working

Posted by Jeff Chan <je...@surbl.org>.

On Thursday, May 12, 2005, 7:02:47 AM, John Stewart wrote:

> This is killing me here.... dozens of spams this morning getting through
> (with bayes, RDJ+SARE, razor, dcc). Without the SpamCopURI working, my
> detection rate plummets.

> Any ideas why SpamCopURI would only be querying multi.surbl.org even though
> all of them are configured in my spamcop_uri.cf?

> I'm using SA 2.6.4, but with a somewhat old version of perl... other than
> that, everything is pretty up to date. Tried the latest Net::DNS, but no
> change.

> thanks!!

> johnS

Please see my previous response.  multi is the only list that
should be checked.

Jeff C.
-- 
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/