You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Roman Volf <vo...@keystreams.com> on 2005/06/06 07:53:02 UTC
How to increase score of URIDNSBL?
I recieved a spam (http://www.keystreams.com/~volfman/spamd-msg.txt - I
stripped the X-Spam headers from the message) that only scored a 4.4,
even though the URIDNSBL showed a hit.
Here is the debug from spamd -
http://www.keystreams.com/~volfman/spamd-debug.txt
Is upping the score that a URIDNSBL hit gives a good idea? I mark spam
at 5.0. Is this possible?
Any suggestions?
--
Roman Volf
Keystreams Internet Solutions
volfman@keystreams.com
Re: How to increase score of URIDNSBL?
Posted by Loren Wilton <lw...@earthlink.net>.
I don't know what all rules hit on this for you, but there are some SARE
rules that should have triggered, and there will be some new ones very soon
for the "display:none" trick. Between those and surbl, most of your spams
of this sort should be caught.
If you aren't running bayes, you might consider it. This is a wonderful
example of something that should hit bayes-99 with very little training on
your part. You would just need to adjust the bayes_99 score up to about 4
to make it functional.
Loren
Re: How to increase score of URIDNSBL?
Posted by Maurice Lucas <ms...@taos-it.nl>.
From: "Roman Volf" <vo...@keystreams.com>
Sent: Monday, June 06, 2005 7:53 AM
>I recieved a spam (http://www.keystreams.com/~volfman/spamd-msg.txt - I
>stripped the X-Spam headers from the message) that only scored a 4.4,
> even though the URIDNSBL showed a hit.
> Here is the debug from spamd -
> http://www.keystreams.com/~volfman/spamd-debug.txt
>
> Is upping the score that a URIDNSBL hit gives a good idea? I mark spam at
> 5.0. Is this possible?
>
> Any suggestions?
>
If you would use uribl [1] with the standard usage line your score was added
another 3 points.
[1]http://www.uribl.com/
With kind regards,
Met vriendelijke groet,
Maurice Lucas
TAOS-IT
Re: How to increase score of URIDNSBL?
Posted by Jeff Chan <je...@surbl.org>.
On Monday, June 6, 2005, 7:42:51 AM, Jeff Chan wrote:
> On Monday, June 6, 2005, 7:02:17 AM, Matt Kettler wrote:
>> As someone else suggested, adding the uribl.com tests would also be
>> helpful, but it's hard to say if uribl.com had that link listed at the time
>> you got the message. SURBL lists the domain in AB, OB, SC and WS now, but
>> none of them had it before. However, the more checks you use, the more
>> chances you'll be checking the list that got it reported first.
> keystreams.com is not on any SURBLs currently.
> Jeff C.
Oops, 'scuse me, I see keystreams was for the sample spam and the
spam URI domain is:
firstitregistr.com
Rest asured that SURBLs will shortly be detecting ones like this
much more quickly. The new version of my engine probably would
have gotten this one at:
2005-06-06 02:36 UTC
Which would have been about 23 minutes after the Jun 5 19:13:25
(pacific time?) of the original poster's logs. That's for the
sc.surbl.org list. The xs list might get it earlier.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: How to increase score of URIDNSBL?
Posted by Jeff Chan <je...@surbl.org>.
On Monday, June 6, 2005, 7:02:17 AM, Matt Kettler wrote:
> As someone else suggested, adding the uribl.com tests would also be
> helpful, but it's hard to say if uribl.com had that link listed at the time
> you got the message. SURBL lists the domain in AB, OB, SC and WS now, but
> none of them had it before. However, the more checks you use, the more
> chances you'll be checking the list that got it reported first.
keystreams.com is not on any SURBLs currently.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: How to increase score of URIDNSBL?
Posted by Matt Kettler <mk...@comcast.net>.
At 01:53 AM 6/6/2005, Roman Volf wrote:
>I recieved a spam (http://www.keystreams.com/~volfman/spamd-msg.txt - I
>stripped the X-Spam headers from the message) that only scored a 4.4,
>even though the URIDNSBL showed a hit.
>Here is the debug from spamd -
>http://www.keystreams.com/~volfman/spamd-debug.txt
>
>Is upping the score that a URIDNSBL hit gives a good idea? I mark spam at
>5.0. Is this possible?
>
>Any suggestions?
To be specific, that's URIBL_SBL.
Let's look at the mass-check results for this test:
20.829 42.0571 0.7080 0.983 0.42 1.00 URIBL_SBL
It's got a S/O of 98.3%, which means that 1.7% of the email that rule hits
is nonspam. You could probably raise the score a little bit safely.
However, because the FP rate is low but not insignificant but I would be
careful and not go over 2.0 with it.
As someone else suggested, adding the uribl.com tests would also be
helpful, but it's hard to say if uribl.com had that link listed at the time
you got the message. SURBL lists the domain in AB, OB, SC and WS now, but
none of them had it before. However, the more checks you use, the more
chances you'll be checking the list that got it reported first.
p.s. the SA list moved off incubator a long time ago (Although the address
does still work, and probably will indefinitely, the current "real" address
is users@spamassassin.apache.org)