You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Jeff Chan <je...@surbl.org> on 2004/04/11 10:12:42 UTC
Please sanity check proposed sa.surbl.org announcement
Here's the original proposed announcement for the additional SURBL
built from Bill's data. We can rename sa to sb or something else,
but what other changes would anyone recommend before I post it to
sa-users for example?
Jeff C.
__
http://www.surbl.org/ (with some live links)
New! More SURBL lists
In addition to the first SpamCop URI-derived RBL sc.surbl.org, we
are pleased to host another RBL compatible with the above plugins
(or any other software that can check message body domains
against an RBL). Data for the second SURBL sa.surbl.org comes
from the domains in Bill Stearns' SpamAssassin blacklist:
sa-blacklist. This is a large list of spam domains, including
those found in spam message body URIs. Both sa.surbl.org and
sc.surbl.org SURBLs can be used in the same SA installation by
using two sets of rules.
An SA 2.63 rule and score using SpamCopURI (but not the SpamCop
data!) looks like this:
uri SA_URI_RBL eval:check_spamcop_uri_rbl('sa.surbl.org','127.0.0.2')
describe SA_URI_RBL URI's domain appears in spamcop database at sa.surbl.org
tflags SA_URI_RBL net
score SA_URI_RBL 4.0
An SA 3.0 rule and score using URIBL's urirhsbl looks like this:
urirhsbl URIBL_SA_SURBL sa.surbl.org. A
header URIBL_SA_SURBL eval:check_uridnsbl('URIBL_SA_SURBL')
describe URIBL_SA_SURBL Contains a URL listed in the SA SURBL blocklist
tflags URIBL_SA_SURBL net
score URIBL_SA_SURBL 4.0
More details about sa.surbl.org are available in the
section "Additional SURBLs for spam URI testing."
...
Additional SURBLs for spam URI testing
Additional SURBLs that list domains occurring in spam message
bodies may be used with the same routines that use the
sc.surbl.org RBL.
sa-blacklist available as RBL: sa.surbl.org
In cooperation with Bill Stearns, SURBL is making his
sa-blacklist SpamAssassin blacklist available as the RBL
sa.surbl.org. It can be used in the same way as sc.surbl.org, for
example by adding urirhsbl and SpamCopURI rules as described in
the Quick Start section at the top of this document. Like sc,
sa.surbl.org is available through DNS and, for large-volume mail
servers, as rsynced BIND and rbldns zone files. Raymond
Dijkxhoorn has graciously agreed to host the sa.surbl.org zone
files from his rsync server along with sc.surbl.org's. Please
contact him at surbl@prolocation.net for rsync access.
Both sc and sa RBLs can be used in the same installation. The
choice of using either or both or none is yours. Their data
differs somewhat, and we'll try to briefly describe and link some
of the differences here. Bill's list is rather large at about
9600 domains. It consists of domains found in spam message body
URIs and some spam sender and spam operator domains. Given that
the former are more relevant to isolate these days, most of the
recent additions to Bill's list have been URI domains. Those are
also the domains most relevant for use with the message body
checking approach which we propose throughout this site.
The data in sa-blacklist and therefore sa.surbl.org differ from
the SpamCop URI report data described above in that the list is
about ten times larger, more stable, and may have a slightly
higher false positive rate. Bill's policy for inclusion and
cleaning of the sa-blacklist is quite sound, however, so folks
should feel comfortable giving this list a try in addition to the
sc list. sa may currently have a higher spam detection rate than
sc, but it's worth mentioning that the current sc is a working
prototype and that we expect the performance of sc to improve as
we tune the sc data engine further. sc just got out of the gate,
yet it already has some worthy competition in sa. Thanks Bill!
Because sa is larger and more stable, the zone files for it gets
a six hour TTL compared to 10 minutes for sc. Due to the
differences between the time scales, sizes, and data sources of
sa and sc, we probably won't be offering a combined sa plus sc
list. For example it would be difficult to say what TTL a merged
list should get, and you probably would not want a megabyte plus
BIND zone file refreshing every 10 minutes. For those using
rsynced zone files that would probably not be an issue, but for
those using BIND, the DNS traffic quite well could be.
We encourage you to give sa.surbl.org a try.
--
Jeff Chan
mailto:jeffc@surbl.org-nospam
http://www.surbl.org/
RE: Please sanity check proposed sa.surbl.org announcement
Posted by Erick Calder <e...@arix.com>.
Jeff, for Redhat users who care about installing from an rpm, I've made one
and am happy to share the binary/source so perhaps you want to include a
note about it. the stuff is at:
ftp://arix.com/rpms/
it apparently needs the latest version of URI so I've also made that
available. one caveat: the spamcop_uri.cf needs to be copied manually.
- erick
-----Original Message-----
From: Jeff Chan [mailto:jeffc@surbl.org]
Sent: Sunday, April 11, 2004 1:13 AM
To: SpamAssassin Developers
Subject: Please sanity check proposed sa.surbl.org announcement
Here's the original proposed announcement for the additional SURBL
built from Bill's data. We can rename sa to sb or something else,
but what other changes would anyone recommend before I post it to
sa-users for example?
Jeff C.
__
http://www.surbl.org/ (with some live links)
New! More SURBL lists
In addition to the first SpamCop URI-derived RBL sc.surbl.org, we
are pleased to host another RBL compatible with the above plugins
(or any other software that can check message body domains
against an RBL). Data for the second SURBL sa.surbl.org comes
from the domains in Bill Stearns' SpamAssassin blacklist:
sa-blacklist. This is a large list of spam domains, including
those found in spam message body URIs. Both sa.surbl.org and
sc.surbl.org SURBLs can be used in the same SA installation by
using two sets of rules.
An SA 2.63 rule and score using SpamCopURI (but not the SpamCop
data!) looks like this:
uri SA_URI_RBL eval:check_spamcop_uri_rbl('sa.surbl.org','127.0.0.2')
describe SA_URI_RBL URI's domain appears in spamcop database at
sa.surbl.org
tflags SA_URI_RBL net
score SA_URI_RBL 4.0
An SA 3.0 rule and score using URIBL's urirhsbl looks like this:
urirhsbl URIBL_SA_SURBL sa.surbl.org. A
header URIBL_SA_SURBL eval:check_uridnsbl('URIBL_SA_SURBL')
describe URIBL_SA_SURBL Contains a URL listed in the SA SURBL
blocklist
tflags URIBL_SA_SURBL net
score URIBL_SA_SURBL 4.0
More details about sa.surbl.org are available in the
section "Additional SURBLs for spam URI testing."
...
Additional SURBLs for spam URI testing
Additional SURBLs that list domains occurring in spam message
bodies may be used with the same routines that use the
sc.surbl.org RBL.
sa-blacklist available as RBL: sa.surbl.org
In cooperation with Bill Stearns, SURBL is making his
sa-blacklist SpamAssassin blacklist available as the RBL
sa.surbl.org. It can be used in the same way as sc.surbl.org, for
example by adding urirhsbl and SpamCopURI rules as described in
the Quick Start section at the top of this document. Like sc,
sa.surbl.org is available through DNS and, for large-volume mail
servers, as rsynced BIND and rbldns zone files. Raymond
Dijkxhoorn has graciously agreed to host the sa.surbl.org zone
files from his rsync server along with sc.surbl.org's. Please
contact him at surbl@prolocation.net for rsync access.
Both sc and sa RBLs can be used in the same installation. The
choice of using either or both or none is yours. Their data
differs somewhat, and we'll try to briefly describe and link some
of the differences here. Bill's list is rather large at about
9600 domains. It consists of domains found in spam message body
URIs and some spam sender and spam operator domains. Given that
the former are more relevant to isolate these days, most of the
recent additions to Bill's list have been URI domains. Those are
also the domains most relevant for use with the message body
checking approach which we propose throughout this site.
The data in sa-blacklist and therefore sa.surbl.org differ from
the SpamCop URI report data described above in that the list is
about ten times larger, more stable, and may have a slightly
higher false positive rate. Bill's policy for inclusion and
cleaning of the sa-blacklist is quite sound, however, so folks
should feel comfortable giving this list a try in addition to the
sc list. sa may currently have a higher spam detection rate than
sc, but it's worth mentioning that the current sc is a working
prototype and that we expect the performance of sc to improve as
we tune the sc data engine further. sc just got out of the gate,
yet it already has some worthy competition in sa. Thanks Bill!
Because sa is larger and more stable, the zone files for it gets
a six hour TTL compared to 10 minutes for sc. Due to the
differences between the time scales, sizes, and data sources of
sa and sc, we probably won't be offering a combined sa plus sc
list. For example it would be difficult to say what TTL a merged
list should get, and you probably would not want a megabyte plus
BIND zone file refreshing every 10 minutes. For those using
rsynced zone files that would probably not be an issue, but for
those using BIND, the DNS traffic quite well could be.
We encourage you to give sa.surbl.org a try.
--
Jeff Chan
mailto:jeffc@surbl.org-nospam
http://www.surbl.org/
RE: Please sanity check proposed sa.surbl.org announcement
Posted by Erick Calder <e...@arix.com>.
oh cool. well, since you haven't yet made the announcement I will hack a
little more at the spec file so users don't have to manually copy the .cf
file
also, I have a little problem because "make install" wants to overwrite my
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Conf.pm, which is owned by
the Mail::SpamAssassing RPM and that is not allowed. to get it to install I
had to --force but I'll think a little more about how to resolve the
conflict. any clue appreciated.
-----Original Message-----
From: Jeff Chan [mailto:jeffc@surbl.org]
Sent: Sunday, April 11, 2004 6:42 PM
To: SpamAssassin Developers
Subject: Re: Please sanity check proposed sa.surbl.org announcement
On Sunday, April 11, 2004, 6:19:02 PM, Erick Calder wrote:
> oops, reading my mail in chronological order and I see the announcement
was
> already made. anyway, maybe you want to at least include a link to the
RPMs
> on the website.
Hi Erik,
We have not officially announced the new list because we're still
trying to decide on a non-"sa" name. :-)
Thanks much for the link and the RPM. We'll probably need to ask
you to update it when we finalize a name, and we will then
include your link in the announcement.
Daniel Quinlan,
Do you have any suggestions that would not seem to indicate SA as
an official source for it, or are you ok with any name that is
not "sa"?
Comments anyone?
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org-nospam
http://www.surbl.org/
Re: Please sanity check proposed sa.surbl.org announcement
Posted by Jeff Chan <je...@surbl.org>.
On Sunday, April 11, 2004, 6:19:02 PM, Erick Calder wrote:
> oops, reading my mail in chronological order and I see the announcement was
> already made. anyway, maybe you want to at least include a link to the RPMs
> on the website.
Hi Erik,
We have not officially announced the new list because we're still
trying to decide on a non-"sa" name. :-)
Thanks much for the link and the RPM. We'll probably need to ask
you to update it when we finalize a name, and we will then
include your link in the announcement.
Daniel Quinlan,
Do you have any suggestions that would not seem to indicate SA as
an official source for it, or are you ok with any name that is
not "sa"?
Comments anyone?
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org-nospam
http://www.surbl.org/
RE: Please sanity check proposed sa.surbl.org announcement
Posted by Erick Calder <e...@arix.com>.
oops, reading my mail in chronological order and I see the announcement was
already made. anyway, maybe you want to at least include a link to the RPMs
on the website.
-----Original Message-----
From: Jeff Chan [mailto:jeffc@surbl.org]
Sent: Sunday, April 11, 2004 1:13 AM
To: SpamAssassin Developers
Subject: Please sanity check proposed sa.surbl.org announcement
Here's the original proposed announcement for the additional SURBL
built from Bill's data. We can rename sa to sb or something else,
but what other changes would anyone recommend before I post it to
sa-users for example?
Jeff C.
__
http://www.surbl.org/ (with some live links)
New! More SURBL lists
In addition to the first SpamCop URI-derived RBL sc.surbl.org, we
are pleased to host another RBL compatible with the above plugins
(or any other software that can check message body domains
against an RBL). Data for the second SURBL sa.surbl.org comes
from the domains in Bill Stearns' SpamAssassin blacklist:
sa-blacklist. This is a large list of spam domains, including
those found in spam message body URIs. Both sa.surbl.org and
sc.surbl.org SURBLs can be used in the same SA installation by
using two sets of rules.
An SA 2.63 rule and score using SpamCopURI (but not the SpamCop
data!) looks like this:
uri SA_URI_RBL eval:check_spamcop_uri_rbl('sa.surbl.org','127.0.0.2')
describe SA_URI_RBL URI's domain appears in spamcop database at
sa.surbl.org
tflags SA_URI_RBL net
score SA_URI_RBL 4.0
An SA 3.0 rule and score using URIBL's urirhsbl looks like this:
urirhsbl URIBL_SA_SURBL sa.surbl.org. A
header URIBL_SA_SURBL eval:check_uridnsbl('URIBL_SA_SURBL')
describe URIBL_SA_SURBL Contains a URL listed in the SA SURBL
blocklist
tflags URIBL_SA_SURBL net
score URIBL_SA_SURBL 4.0
More details about sa.surbl.org are available in the
section "Additional SURBLs for spam URI testing."
...
Additional SURBLs for spam URI testing
Additional SURBLs that list domains occurring in spam message
bodies may be used with the same routines that use the
sc.surbl.org RBL.
sa-blacklist available as RBL: sa.surbl.org
In cooperation with Bill Stearns, SURBL is making his
sa-blacklist SpamAssassin blacklist available as the RBL
sa.surbl.org. It can be used in the same way as sc.surbl.org, for
example by adding urirhsbl and SpamCopURI rules as described in
the Quick Start section at the top of this document. Like sc,
sa.surbl.org is available through DNS and, for large-volume mail
servers, as rsynced BIND and rbldns zone files. Raymond
Dijkxhoorn has graciously agreed to host the sa.surbl.org zone
files from his rsync server along with sc.surbl.org's. Please
contact him at surbl@prolocation.net for rsync access.
Both sc and sa RBLs can be used in the same installation. The
choice of using either or both or none is yours. Their data
differs somewhat, and we'll try to briefly describe and link some
of the differences here. Bill's list is rather large at about
9600 domains. It consists of domains found in spam message body
URIs and some spam sender and spam operator domains. Given that
the former are more relevant to isolate these days, most of the
recent additions to Bill's list have been URI domains. Those are
also the domains most relevant for use with the message body
checking approach which we propose throughout this site.
The data in sa-blacklist and therefore sa.surbl.org differ from
the SpamCop URI report data described above in that the list is
about ten times larger, more stable, and may have a slightly
higher false positive rate. Bill's policy for inclusion and
cleaning of the sa-blacklist is quite sound, however, so folks
should feel comfortable giving this list a try in addition to the
sc list. sa may currently have a higher spam detection rate than
sc, but it's worth mentioning that the current sc is a working
prototype and that we expect the performance of sc to improve as
we tune the sc data engine further. sc just got out of the gate,
yet it already has some worthy competition in sa. Thanks Bill!
Because sa is larger and more stable, the zone files for it gets
a six hour TTL compared to 10 minutes for sc. Due to the
differences between the time scales, sizes, and data sources of
sa and sc, we probably won't be offering a combined sa plus sc
list. For example it would be difficult to say what TTL a merged
list should get, and you probably would not want a megabyte plus
BIND zone file refreshing every 10 minutes. For those using
rsynced zone files that would probably not be an issue, but for
those using BIND, the DNS traffic quite well could be.
We encourage you to give sa.surbl.org a try.
--
Jeff Chan
mailto:jeffc@surbl.org-nospam
http://www.surbl.org/