You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Scott Wertz <sw...@gmail.com> on 2005/01/07 22:48:49 UTC
Implicit trust of surbl and sbl
I think this is an easy question, but I haven't been able to find an
answer. If I'm using spamassassin 3, invoking it via procmail as just
'spamassassin' and testing for the result, and I trust that any message
carrying a URL that's listed on surbl.org or spamhaus.org is 100% spam,
what file(s) would I edit and how?
In other words, I've never seen a false positive on either of those BLs,
but I'm seeing spam that meets those tests and is still weighted less
than 5. I want to change that.
Re: Implicit trust of surbl and sbl
Posted by Jim Maul <jm...@elih.org>.
Louis LeBlanc wrote:
> On 01/07/05 05:05 PM, Scott Wertz sat at the `puter and typed:
>
>>On Fri, 2005-01-07 at 16:58, Louis LeBlanc wrote:
>>
>>
>>>>Couldn't you just increase the scores to 100?
>>>
>>>That would be tha answer. I believe "how" might also have been part of
>>>that question.
>>
>>I thought it was...sorry if I wasn't clear, but "how" is exactly what
>>I'm after.
>>
>>
>>>Search for the URIBL_* keys in your
>>>/mumblemumble/share/spamassassin/50_scores.cf. For instance:
>>> score URIBL_WS_SURBL 0 0.539 0 1.462
>>>
>>>So you might want to add the following to your user_prefs:
>>>score URIBL_WS_SURBL 0 100 0 100
>>>
>>>Just make sure you read the descriptions for each in the 25_uribl.cf
>>>file before changing anything.
>>>
>>>HTH
>>
>>That's a big help, thanks. But is there a way to do that on a per-user
>>basis?
>
>
> That *is* the per-user basis. Each user has a
> ~/.spamassassin/user_prefs file. Just put your score mods there.
>
> Modifying the local.cf file is usually not the best way to tweak SA.
> Modifying the users' user_prefs file usually is.
>
Unless you dont allow user_prefs and everything is site-wide like mine ;)
-Jim
Re: Implicit trust of surbl and sbl
Posted by Louis LeBlanc <sp...@keyslapper.org>.
On 01/07/05 05:17 PM, Scott Wertz sat at the `puter and typed:
> I'm really regretting my new year's resolution to switch to
> decaf.
Blasphemer!!! :)
--
Louis LeBlanc spamassassin@keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org Ô¿Ô¬
>From the moment I picked your book up until I put it down I was convulsed
with laughter. Some day I intend reading it.
-- Groucho Marx, from "The Book of Insults"
Re: Implicit trust of surbl and sbl
Posted by Scott Wertz <sw...@gmail.com>.
On Fri, 2005-01-07 at 17:10, Louis LeBlanc wrote:
> > >
> > > So you might want to add the following to your user_prefs:
> > > score URIBL_WS_SURBL 0 100 0 100
> That *is* the per-user basis. Each user has a
> ~/.spamassassin/user_prefs file. Just put your score mods there.
<forehead slap>
So it is. I'm really regretting my new year's resolution to switch to
decaf.
Thanks again!
Re: Implicit trust of surbl and sbl
Posted by Louis LeBlanc <sp...@keyslapper.org>.
On 01/07/05 05:05 PM, Scott Wertz sat at the `puter and typed:
> On Fri, 2005-01-07 at 16:58, Louis LeBlanc wrote:
>
> > > Couldn't you just increase the scores to 100?
> >
> > That would be tha answer. I believe "how" might also have been part of
> > that question.
>
> I thought it was...sorry if I wasn't clear, but "how" is exactly what
> I'm after.
>
> >
> > Search for the URIBL_* keys in your
> > /mumblemumble/share/spamassassin/50_scores.cf. For instance:
> > score URIBL_WS_SURBL 0 0.539 0 1.462
> >
> > So you might want to add the following to your user_prefs:
> > score URIBL_WS_SURBL 0 100 0 100
> >
> > Just make sure you read the descriptions for each in the 25_uribl.cf
> > file before changing anything.
> >
> > HTH
>
> That's a big help, thanks. But is there a way to do that on a per-user
> basis?
That *is* the per-user basis. Each user has a
~/.spamassassin/user_prefs file. Just put your score mods there.
Modifying the local.cf file is usually not the best way to tweak SA.
Modifying the users' user_prefs file usually is.
HTH
Lou
--
Louis LeBlanc spamassassin@keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org Ô¿Ô¬
Flon's Law:
There is not now, and never will be, a language in
which it is the least bit difficult to write bad programs.
Re: Implicit trust of surbl and sbl
Posted by Scott Wertz <sw...@gmail.com>.
On Fri, 2005-01-07 at 16:58, Louis LeBlanc wrote:
> > Couldn't you just increase the scores to 100?
>
> That would be tha answer. I believe "how" might also have been part of
> that question.
I thought it was...sorry if I wasn't clear, but "how" is exactly what
I'm after.
>
> Search for the URIBL_* keys in your
> /mumblemumble/share/spamassassin/50_scores.cf. For instance:
> score URIBL_WS_SURBL 0 0.539 0 1.462
>
> So you might want to add the following to your user_prefs:
> score URIBL_WS_SURBL 0 100 0 100
>
> Just make sure you read the descriptions for each in the 25_uribl.cf
> file before changing anything.
>
> HTH
That's a big help, thanks. But is there a way to do that on a per-user
basis?
Re: Implicit trust of surbl and sbl
Posted by Louis LeBlanc <sp...@keyslapper.org>.
On 01/07/05 09:51 PM, Michele Neylon::Blacknight Solutions sat at the `puter and typed:
> Scott Wertz wrote:
> > I think this is an easy question, but I haven't been able to find an
> > answer. If I'm using spamassassin 3, invoking it via procmail as just
> > 'spamassassin' and testing for the result, and I trust that any message
> > carrying a URL that's listed on surbl.org or spamhaus.org is 100% spam,
> > what file(s) would I edit and how?
> >
> > In other words, I've never seen a false positive on either of those BLs,
> > but I'm seeing spam that meets those tests and is still weighted less
> > than 5. I want to change that.
> >
> >
> Couldn't you just increase the scores to 100?
That would be tha answer. I believe "how" might also have been part of
that question.
Search for the URIBL_* keys in your
/mumblemumble/share/spamassassin/50_scores.cf. For instance:
score URIBL_WS_SURBL 0 0.539 0 1.462
So you might want to add the following to your user_prefs:
score URIBL_WS_SURBL 0 100 0 100
Just make sure you read the descriptions for each in the 25_uribl.cf
file before changing anything.
HTH
Lou
--
Louis LeBlanc spamassassin@keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org Ô¿Ô¬
If God is perfect, why did He create discontinuous functions?
Re: Implicit trust of surbl and sbl
Posted by "Michele Neylon::Blacknight Solutions" <mi...@blacknightsolutions.com>.
Scott Wertz wrote:
> I think this is an easy question, but I haven't been able to find an
> answer. If I'm using spamassassin 3, invoking it via procmail as just
> 'spamassassin' and testing for the result, and I trust that any message
> carrying a URL that's listed on surbl.org or spamhaus.org is 100% spam,
> what file(s) would I edit and how?
>
> In other words, I've never seen a false positive on either of those BLs,
> but I'm seeing spam that meets those tests and is still weighted less
> than 5. I want to change that.
>
>
Couldn't you just increase the scores to 100?
--
Email scanned by Blacknight for viruses and dangerous content.
Visit http://www.blacknight.ie for more information
Re: Implicit trust of surbl and sbl
Posted by Jeff Chan <je...@surbl.org>.
On Friday, January 7, 2005, 2:03:48 PM, William Stearns wrote:
> I personally have trust in the surbl's, so I have no problem
> recommending that people increase the score if they want. Might I humbly
> recommend increasing the surbl score to something between 2 and 5, so that
> if surbl screws up for your particular mail flow the other rules have a
> chance of reining it in?
> Cheers,
> - Bill
I second that suggestion. Don't boost the scores to 100,
but something like 2 to 5 so there's still some defense
against false positives. Our FP rate is low, but non-zero.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: Implicit trust of surbl and sbl
Posted by Louis LeBlanc <sp...@keyslapper.org>.
On 01/07/05 05:03 PM, William Stearns sat at the `puter and typed:
> Good evening, Scott,
>
> On Fri, 7 Jan 2005, Scott Wertz wrote:
>
> > I think this is an easy question, but I haven't been able to find an
> > answer. If I'm using spamassassin 3, invoking it via procmail as just
> > 'spamassassin' and testing for the result, and I trust that any message
> > carrying a URL that's listed on surbl.org or spamhaus.org is 100% spam,
> > what file(s) would I edit and how?
> >
> > In other words, I've never seen a false positive on either of those BLs,
> > but I'm seeing spam that meets those tests and is still weighted less
> > than 5. I want to change that.
>
> As Michele correctly pointed out, you're certainly welcome to
> drive up the scores quite a bit so that emails with an surbl-listed domain
> are much more likely to cross 5.0.
> However, even though Jeff Chan will likely shoot me for saying it
> ;-), surbl's can and occasionally do have false positives. Let's use
> Gevalia coffee as an example. I'll blacklist their domain because they
> regularly send me UBE. However, Gevalia has legitimate customers; for
> those individuals, email from that domain is _not_ UBE, it's solicited
> mail. (Just for reference, we removed gevalia.com because there were
> legitimate uses for it...)
> I personally have trust in the surbl's, so I have no problem
> recommending that people increase the score if they want. Might I humbly
> recommend increasing the surbl score to something between 2 and 5, so that
> if surbl screws up for your particular mail flow the other rules have a
> chance of reining it in?
Excellent suggestion. Shoulda made it myself in my other posts. It's
been mentioned a number of times that scoring a test at 100 is almost
always a bad idea. Boosting the scores to allow them to swing a bigger
bat - although one that can potentially be overridden by very low bayes
scores - is usually ok.
Lou
--
Louis LeBlanc spamassassin@keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org Ô¿Ô¬
Information Processing:
What you call data processing when people are so disgusted with
it they won't let it be discussed in their presence.
Re: Implicit trust of surbl and sbl
Posted by William Stearns <ws...@pobox.com>.
Good evening, Scott,
On Fri, 7 Jan 2005, Scott Wertz wrote:
> I think this is an easy question, but I haven't been able to find an
> answer. If I'm using spamassassin 3, invoking it via procmail as just
> 'spamassassin' and testing for the result, and I trust that any message
> carrying a URL that's listed on surbl.org or spamhaus.org is 100% spam,
> what file(s) would I edit and how?
>
> In other words, I've never seen a false positive on either of those BLs,
> but I'm seeing spam that meets those tests and is still weighted less
> than 5. I want to change that.
As Michele correctly pointed out, you're certainly welcome to
drive up the scores quite a bit so that emails with an surbl-listed domain
are much more likely to cross 5.0.
However, even though Jeff Chan will likely shoot me for saying it
;-), surbl's can and occasionally do have false positives. Let's use
Gevalia coffee as an example. I'll blacklist their domain because they
regularly send me UBE. However, Gevalia has legitimate customers; for
those individuals, email from that domain is _not_ UBE, it's solicited
mail. (Just for reference, we removed gevalia.com because there were
legitimate uses for it...)
I personally have trust in the surbl's, so I have no problem
recommending that people increase the score if they want. Might I humbly
recommend increasing the surbl score to something between 2 and 5, so that
if surbl screws up for your particular mail flow the other rules have a
chance of reining it in?
Cheers,
- Bill
---------------------------------------------------------------------------
"Patience is a minor form of despair, disguised as virtue."
-- Ambrose Bierce, on qualifiers
--------------------------------------------------------------------------
William Stearns (wstearns@pobox.com). Mason, Buildkernel, freedups, p0f,
rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org
--------------------------------------------------------------------------