You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Vicki Brown <vl...@cfcl.com> on 2005/03/16 04:13:04 UTC
Blacklisting embedded URLs
I've been going through a bunch of spam and blacklisting domains. However,
some of the more frequent offenders are in the body of the message. For
example, today I found about half a dozen porno spams that contained a
reference to
http://www.a123s.biz/...
I can do a body match rule.
Is there anything else I can do?
Is there something useful that could be added to SpamAssassin for
blacklisting URLs within the body of a message?
I have something like this for my weblog; I use Movable Type with
MT-Blacklist. It goes through a spam comment and grabs all the URLs it finds
and adds those to the internal blacklist. Very handy for Texas Hold-em Poker
spamments.
--
Vicki Brown ZZZ
Journeyman Sourceror: zz |\ _,,,---,,_ Code, Docs, Process,
Scripts & Philtres zz /,`.-'`' -. ;-;;,_ Perl, WWW, Mac OS X
http://cfcl.com/vlb |,4- ) )-,_. ,\ ( `'-' SF Bay Area, CA USA
_______________________ '---''(_/--' `-'\_) ___________________________
Re: [SPAM-TAG] SpamAssassin, running on "mail.dailyhills.com" ...
Posted by Jeff Chan <je...@surbl.org>.
On Tuesday, March 15, 2005, 9:27:50 PM, Vicki Brown wrote:
> Does anyone else find this just too absurdly silly for words?
> Although I guess it surely does prove the point Jeff Chan made for URIDNSBL
> and SURBL - most eloquently in fact :-)
>>SpamAssassin, running on "mail.dailyhills.com", has identified this incoming
>>email as possible spam. The original message has been attached to this
>>email so you can view it (if it isn't spam).
>>If you have any questions, contact postmaster@dailyhills.com for details.
Yes, but it's a broken configuration on Dave Hill's mail
server...
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
SpamAssassin, running on "mail.dailyhills.com" ...
Posted by Vicki Brown <vl...@cfcl.com>.
Does anyone else find this just too absurdly silly for words?
Although I guess it surely does prove the point Jeff Chan made for URIDNSBL
and SURBL - most eloquently in fact :-)
>SpamAssassin, running on "mail.dailyhills.com", has identified this incoming
>email as possible spam. The original message has been attached to this
>email so you can view it (if it isn't spam).
>If you have any questions, contact postmaster@dailyhills.com for details.
>
>Content preview: I've been going through a bunch of spam and
> blacklisting domains. However, some of the more frequent offenders are
> in the body of the message. For example, today I found about half a
> dozen porno spams that contained a reference to
> http://www.a123s.biz/... [...]
>
>Content analysis details: (6.2 points, 5.0 required)
>
> pts rule name description
>---- ----------------------
>--------------------------------------------------
>-0.0 SPF_PASS SPF: sender matches SPF record
> 2.3 BIZ_TLD URI: Contains an URL in the BIZ top-level domain
> 2.5 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50%
> [cf: 100]
>-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> [score: 0.0000]
> 2.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
> 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist
> [URIs: a123s.biz]
> 0.4 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
> [URIs: a123s.biz]
> 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
> [URIs: a123s.biz]
> 3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
> [URIs: a123s.biz]
> 4.3 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
> [URIs: a123s.biz]
>-8.8 AWL AWL: From: address is in the auto white-list
>
>---- ----------------------
>--------------------------------------------------
>
>
>
>Return-Path:
><us...@spamassassin.apache.org>
>Envelope-To: <da...@dailyhills.com>
>X-Spam-Status: SpamAssassin failed demos
>Received: from mail.apache.org ([209.237.227.199] verified)
> by daypicnic.com (CommuniGate Pro SMTP 4.2.8)
> with SMTP id 287354 for daveh@dailyhills.com; Tue, 15 Mar 2005 19:25:19
>-0800
>Received: (qmail 13383 invoked by uid 500); 16 Mar 2005 03:25:03 -0000
>Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm
>Precedence: bulk
>list-help: <ma...@spamassassin.apache.org>
>list-unsubscribe: <ma...@spamassassin.apache.org>
>List-Post: <ma...@spamassassin.apache.org>
>List-Id: <users.spamassassin.apache.org>
>Delivered-To: mailing list users@spamassassin.apache.org
>Received: (qmail 13369 invoked by uid 99); 16 Mar 2005 03:25:03 -0000
>X-ASF-Spam-Status: No, hits=9.6 required=10.0
>
> tests=BIZ_TLD,FORGED_RCVD_HELO,URIBL_AB_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL
>X-Spam-Check-By: apache.org
>Received-SPF: pass (hermes.apache.org: local policy)
>Received: from cpe-24-221-172-174.ca.sprintbbd.net (HELO cfcl.com)
>(24.221.172.174)
> by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 15 Mar 2005 19:25:02 -0800
>Received: from [192.168.254.206] ([192.168.254.206])
> by cfcl.com (8.12.6/8.12.6) with ESMTP id j2G3SktM066434
> for <us...@spamassassin.apache.org>; Tue, 15 Mar 2005 19:28:48 -0800 (PST)
> (envelope-from vlb@cfcl.com)
>Mime-Version: 1.0
>Message-Id: <p06200706be5d5083c33a@[192.168.254.206]>
>X-Mailer: Eudora for Macintosh!
>Date: Tue, 15 Mar 2005 19:13:04 -0800
>To: users@spamassassin.apache.org
>From: Vicki Brown <vl...@cfcl.com>
>Subject: Blacklisting embedded URLs
>Content-Type: text/plain; charset="us-ascii"
>X-Virus-Checked: Checked
>
>I've been going through a bunch of spam and blacklisting domains. However,
>some of the more frequent offenders are in the body of the message. For
>example, today I found about half a dozen porno spams that contained a
>reference to
> http://www.a123s.biz/...
>
>I can do a body match rule.
>Is there anything else I can do?
>
>Is there something useful that could be added to SpamAssassin for
>blacklisting URLs within the body of a message?
>
>I have something like this for my weblog; I use Movable Type with
>MT-Blacklist. It goes through a spam comment and grabs all the URLs it finds
>and adds those to the internal blacklist. Very handy for Texas Hold-em Poker
>spamments.
>--
>Vicki Brown ZZZ
>Journeyman Sourceror: zz |\ _,,,---,,_ Code, Docs, Process,
>Scripts & Philtres zz /,`.-'`' -. ;-;;,_ Perl, WWW, Mac OS X
>http://cfcl.com/vlb |,4- ) )-,_. ,\ ( `'-' SF Bay Area, CA USA
>_______________________ '---''(_/--' `-'\_) ___________________________
--
Vicki Brown ZZZ
Journeyman Sourceror: zz |\ _,,,---,,_ Code, Docs, Process,
Scripts & Philtres zz /,`.-'`' -. ;-;;,_ Perl, WWW, Mac OS X
http://cfcl.com/vlb |,4- ) )-,_. ,\ ( `'-' SF Bay Area, CA USA
_______________________ '---''(_/--' `-'\_) ___________________________
Re: [SPAM-TAG] Blacklisting embedded URLs
Posted by Jeff Chan <je...@surbl.org>.
On Tuesday, March 15, 2005, 7:13:04 PM, Vicki Brown wrote:
> I've been going through a bunch of spam and blacklisting domains. However,
> some of the more frequent offenders are in the body of the message. For
> example, today I found about half a dozen porno spams that contained a
> reference to
> http://www.a123s.biz/...
> I can do a body match rule.
> Is there anything else I can do?
> Is there something useful that could be added to SpamAssassin for
> blacklisting URLs within the body of a message?
Yes, please see URIDNSBL and SURBL:
http://spamassassin.apache.org/full/3.0.x/dist/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
http://www.surbl.org/
which are built into SpamAssassin 3 and enabled by default if
network tests are enabled.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/