You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by LuKreme <kr...@kreme.com> on 2006/12/08 23:42:28 UTC
blacklist-uri.cf
Is there something about
blacklist-uri.cf
That I should know? If I install it I seem to get lint errors in
seemingly random locations (usually when it reads $HOME/.spamassassin/
user_pref but it can be several other places as well)
As a note, it WAS running for a long time on my mailserver without
issue, but recently RDJ has been giving me lint errors and after
testing each .cf file I found that one was the culprit.
--
You are responsible for your Rose
Rule #5 Get Kirsten Dunst Wet
Re: blacklist-uri.cf
Posted by Martin Hepworth <ma...@solidstatelogic.com>.
Jeff Chan wrote:
> On Sunday, December 10, 2006, 3:50:33 AM, Arthur CPTeam wrote:
>> Howdy,
>
>>> As Matt says, SURBLs are included in the default configuration
>>> for SA since 3.0. Be sure to have a recent Net::DNS installed
>>> and to enable network tests with the appropriate flags:
>>>
>>> http://www.surbl.org/faq.html#nettest
>>>
>>> You should see lots of SURBL rules hitting, along with RBL rules.
>>>
>>> Jeff C.
>>> --
>
>> SA=3.1.7
>
>> How could I make sure that network tests are enabled if SA is invoked by
>> MailScanner through perl API? Never could understand this...
>
> Don't know. Could be an appropriate question for the Mailscanner
> list. If you get an answer, please let us know here so I can add
> it to our FAQ above.
>
> Cheers,
>
> Jeff C.
MailScanner --debug-sa
--
Martin Hepworth
Senior Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
Re: blacklist-uri.cf
Posted by Jeff Chan <je...@surbl.org>.
On Sunday, December 10, 2006, 3:50:33 AM, Arthur CPTeam wrote:
> Howdy,
>> As Matt says, SURBLs are included in the default configuration
>> for SA since 3.0. Be sure to have a recent Net::DNS installed
>> and to enable network tests with the appropriate flags:
>>
>> http://www.surbl.org/faq.html#nettest
>>
>> You should see lots of SURBL rules hitting, along with RBL rules.
>>
>> Jeff C.
>> --
> SA=3.1.7
> How could I make sure that network tests are enabled if SA is invoked by
> MailScanner through perl API? Never could understand this...
Don't know. Could be an appropriate question for the Mailscanner
list. If you get an answer, please let us know here so I can add
it to our FAQ above.
Cheers,
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
RE: blacklist-uri.cf
Posted by Arthur Sherman CPTeam <li...@cpt.co.il>.
Howdy,
> As Matt says, SURBLs are included in the default configuration
> for SA since 3.0. Be sure to have a recent Net::DNS installed
> and to enable network tests with the appropriate flags:
>
> http://www.surbl.org/faq.html#nettest
>
> You should see lots of SURBL rules hitting, along with RBL rules.
>
> Jeff C.
> --
SA=3.1.7
How could I make sure that network tests are enabled if SA is invoked by
MailScanner through perl API? Never could understand this...
Thanks!
Best,
--
Arthur Sherman
+972-52-4878851
CPTeam
Re: blacklist-uri.cf
Posted by Jeff Chan <je...@surbl.org>.
On Friday, December 8, 2006, 6:25:38 PM, Matt Kettler wrote:
> LuKreme wrote:
>> On 8-Dec-2006, at 16:11, Matt Kettler wrote:
[...]
> Just use multi.surbl.org as the default SA ruleset has it, you don't
> need to do anything else other than get rid of blacklist_uri, and I'd
> recomend getting rid of the spamcop ruleset too.
[...]
>> It looks like I have to build my own rules/cf files in order to enable
>> these checks?
> Nope.
>> Are there pre-rolled cf files for the various SURBLs?
> The 25_uribl.cf that comes with, and is automatically installed with,
> SpamAssassin 3.0.0 and higher has all the SURBL lists in it.
As Matt says, SURBLs are included in the default configuration
for SA since 3.0. Be sure to have a recent Net::DNS installed
and to enable network tests with the appropriate flags:
http://www.surbl.org/faq.html#nettest
You should see lots of SURBL rules hitting, along with RBL rules.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: blacklist-uri.cf
Posted by LuKreme <kr...@kreme.com>.
On 8-Dec-2006, at 19:25, Matt Kettler wrote:
> The 25_uribl.cf that comes with, and is automatically installed with,
> SpamAssassin 3.0.0 and higher has all the SURBL lists in it.
Ah, there we go. It's been so long since I actually DID anything
with SA's config I completely forgot about /usr/local/share/spamassassin
never mind, nothing to see here :)
--
Living is easy with eyes closed, misunderstanding all you see
Re: blacklist-uri.cf
Posted by Matt Kettler <mk...@verizon.net>.
LuKreme wrote:
> On 8-Dec-2006, at 16:11, Matt Kettler wrote:
>> It uses an *ABSURD* amount of memory, and is 100% redundant with the WS
>> list on surbl.org.
>
> The WS list? I don't think I'm setup for SURBL. I'm running RDJ with
SURBL is part of the standard SA ruleset, nothing to do with RDJ..
>
>
> and with the following plugins/modules
>
> # grep -e "^load" /usr/local/etc/mail/spamassassin/*.pre | awk {'print
> $2'}
> Mail::SpamAssassin::Plugin::URIDNSBL
You're set up for SURBL, including WS..
>
> so I guess SURBL is setup, but how do I feed it a specific list like WS?
It's already in there as a part of the stock ruleset, URIBL_WS_SURBL is
the rule.
> And should I replace EvilNumbers and SARE_SPAMCOP with
evilnumbers is completely unrelated. It detects phone numbers, not URI's.
SARE_SPAMCOP doesn't detect URI's either it detects blacklisted.
However, you should get rid of it too as it's redundant with
RCVD_IN_BL_SPAMCOP_NET from the standard ruleset. This ruleset is only
useful for people who have DNS disabled entirely. (ie: they use the
-Lcommand line parameter to disable all network checks)
> be.surbl.or and sc.surbl.org respectively?
be.surbl.org is *DEAD* it's data was originally derived from bigevil.cf
(not evilnumbers), but it has been rolled into ws.surbl.org, along with
blacklist_uri.cf.
> Or just use multi.surbl.org and be?
Just use multi.surbl.org as the default SA ruleset has it, you don't
need to do anything else other than get rid of blacklist_uri, and I'd
recomend getting rid of the spamcop ruleset too.
>> 2) the idea of adding 100ms of latency for a DNS lookup has kept you
>> form enabling the URIBL plugin.
>
> well, it looks like the PLUGIN is enabled, but I certainly am not
> seeing where to tell it what lists to use.
You don't need to tell it what lists to use necause the rules are
already there, all you need to do is load the plugin and the rules
spring into action on their own.
>
> It looks like I have to build my own rules/cf files in order to enable
> these checks?
Nope.
> Are there pre-rolled cf files for the various SURBLs?
The 25_uribl.cf that comes with, and is automatically installed with,
SpamAssassin 3.0.0 and higher has all the SURBL lists in it.
If you're using sa-update you've probably also picked up rules for
uribl.com's URIBL's too. Otherwise, if you feel the need to add on, you
can get rules for their URIBL at the website on www.uribl.com.
uribl.com's URIBL_BLACK tends to have a higher hitrate than the surbl
lists, but is also slightly more prone to false positives in my experience.
Re: blacklist-uri.cf
Posted by LuKreme <kr...@kreme.com>.
On 8-Dec-2006, at 16:11, Matt Kettler wrote:
> It uses an *ABSURD* amount of memory, and is 100% redundant with
> the WS
> list on surbl.org.
The WS list? I don't think I'm setup for SURBL. I'm running RDJ with
TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS RANDOMVAL
BOGUSVIRUS SARE_ADULT SARE_FRAUD SARE_BML SARE_SPOOF
SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER_ABUSE
SARE_SPECIFIC SARE_CODING_HTML SARE_GENLSUBJ SARE_UNSUB SARE_URI0
SARE_REDIRECT_POST300 SARE_OBFU SARE_SPAMCOP_TOP200";
and with the following plugins/modules
# grep -e "^load" /usr/local/etc/mail/spamassassin/*.pre | awk
{'print $2'}
Mail::SpamAssassin::Plugin::URIDNSBL
Mail::SpamAssassin::Plugin::Hashcash
Mail::SpamAssassin::Plugin::SPF
Mail::SpamAssassin::Plugin::DCC
Mail::SpamAssassin::Plugin::Pyzor
Mail::SpamAssassin::Plugin::Razor2
Mail::SpamAssassin::Plugin::SpamCop
Mail::SpamAssassin::Plugin::AntiVirus
Mail::SpamAssassin::Plugin::AWL
Mail::SpamAssassin::Plugin::AutoLearnThreshold
Mail::SpamAssassin::Plugin::TextCat
Mail::SpamAssassin::Plugin::WhiteListSubject
Mail::SpamAssassin::Plugin::MIMEHeader
Mail::SpamAssassin::Plugin::ReplaceTags
Mail::SpamAssassin::Plugin::DKIM
so I guess SURBL is setup, but how do I feed it a specific list like
WS? And should I replace EvilNumbers and SARE_SPAMCOP with
be.surbl.or and sc.surbl.org respectively? Or just use
multi.surbl.org and be?
> 2) the idea of adding 100ms of latency for a DNS lookup has
> kept you
> form enabling the URIBL plugin.
well, it looks like the PLUGIN is enabled, but I certainly am not
seeing where to tell it what lists to use.
It looks like I have to build my own rules/cf files in order to
enable these checks? Are there pre-rolled cf files for the various
SURBLs?
--
Living is easy with eyes closed, misunderstanding all you see
Re: blacklist-uri.cf
Posted by Matt Kettler <mk...@verizon.net>.
LuKreme wrote:
>
> Is there something about
>
> blacklist-uri.cf
>
> That I should know?
It uses an *ABSURD* amount of memory, and is 100% redundant with the WS
list on surbl.org.
Don't use it unless BOTH of the following are true:
1) the idea of increasing your mailserver memory load by a couple
of gigs doesn't worry you.
2) the idea of adding 100ms of latency for a DNS lookup has kept you
form enabling the URIBL plugin.
> If I install it I seem to get lint errors in seemingly random
> locations (usually when it reads $HOME/.spamassassin/user_pref but it
> can be several other places as well)
>
> As a note, it WAS running for a long time on my mailserver without
> issue, but recently RDJ has been giving me lint errors and after
> testing each .cf file I found that one was the culprit.