You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Bill Landry <bi...@pointshare.com> on 2004/11/01 02:30:10 UTC

Nice URIDNSBL functionality

Folks, with some of the nice functionality that the SA devs built into the
URIDNSBL plug-in (see
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin_URIDNSBL.html),
you can do cool things like:

=====
# URIDNSBL (queries URIs against standard DNSBLs)

uridnsbl  URIBL_AH_DNSBL dnsbl.ahbl.org.   TXT
body      URIBL_AH_DNSBL eval:check_uridnsbl('URIBL_AH_DNSBL')
describe  URIBL_AH_DNSBL Contains a URL listed in the AH DNSBL blocklist
tflags    URIBL_AH_DNSBL net
score     URIBL_AH_DNSBL 0.5

uridnsbl  URIBL_NJA_DNSBL combined.njabl.org.   TXT
body      URIBL_NJA_DNSBL eval:check_uridnsbl('URIBL_NJA_DNSBL')
describe  URIBL_NJA_DNSBL Contains a URL listed in the NJA DNSBL blocklist
tflags    URIBL_NJA_DNSBL net
score     URIBL_NJA_DNSBL 0.5

uridnsbl  URIBL_SBL_XBL sbl-xbl.spamhaus.org.   TXT
body      URIBL_SBL_XBL eval:check_uridnsbl('URIBL_SBL_XBL')
describe  URIBL_SBL_XBL Contains a URL listed in the SBL-XBL DNSBL blocklist
tflags    URIBL_SBL_XBL net
score     URIBL_SBL_XBL 0.5

uridnsbl  URIBL_SORBS_DNSBL dnsbl.sorbs.net.   TXT
body      URIBL_SORBS_DNSBL eval:check_uridnsbl('URIBL_SORBS_DNSBL')
describe  URIBL_SORBS_DNSBL Contains a URL listed in the SORBS DNSBL
blocklist
tflags    URIBL_SORBS_DNSBL net
score     URIBL_SORBS_DNSBL 0.5

# URIRHSBL (queries URIs against standard RHSBLs)

urirhsbl  URIBL_AH_RHSBL rhsbl.ahbl.org.   A
body      URIBL_AH_RHSBL eval:check_uridnsbl('URIBL_AH_RHSBL')
describe  URIBL_AH_RHSBL Contains a URL listed in the AH RHSBL blocklist
tflags    URIBL_AH_RHSBL net
score     URIBL_AH_RHSBL 0.5

urirhsbl  URIBL_MP_RHSBL block.rhs.mailpolice.com.   A
body      URIBL_MP_RHSBL eval:check_uridnsbl('URIBL_MP_RHSBL')
describe  URIBL_MP_RHSBL Contains a URL listed in the MP RHSBL blocklist
tflags    URIBL_MP_RHSBL net
score     URIBL_MP_RHSBL 0.5

urirhsbl  URIBL_SS_RHSBL blackhole.securitysage.com.   A
body      URIBL_SS_RHSBL eval:check_uridnsbl('URIBL_SS_RHSBL')
describe  URIBL_SS_RHSBL Contains a URL listed in the SS RHSBL blocklist
tflags    URIBL_SS_RHSBL net
score     URIBL_SS_RHSBL 0.5
=====

I have been running these additional URI tests for about two weeks and have
gotten very good results.  If you decide to try out these tests, you may
want to run them with minimal scores until you see how they are going to
perform for you in your particular environment.

Bill

Re: [SURBL-Discuss] Nice URIDNSBL functionality

Posted by Bill Landry <bi...@pointshare.com>.

----- Original Message ----- 
From: "Jeff Chan" <je...@surbl.org>

> >> > Folks, with some of the nice functionality that the SA devs built
into
> > the
> >> > URIDNSBL plug-in (see
> >> >
> >
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin_URIDNSBL.html),
> >> > you can do cool things like:
> >> >
> >> > =====
> >> > # URIDNSBL (queries URIs against standard DNSBLs)
> >> >
> >> > uridnsbl  URIBL_AH_DNSBL dnsbl.ahbl.org.   TXT
> >> > body      URIBL_AH_DNSBL eval:check_uridnsbl('URIBL_AH_DNSBL')
> >> > describe  URIBL_AH_DNSBL Contains a URL listed in the AH DNSBL
blocklist
> >> > tflags    URIBL_AH_DNSBL net
> >> > score     URIBL_AH_DNSBL 0.5
> >> >
> >> > I have been running these additional URI tests for about two weeks
and
> > have
> >> > gotten very good results.  If you decide to try out these tests, you
may
> >> > want to run them with minimal scores until you see how they are going
to
> >> > perform for you in your particular environment.
>
> >> Will these lookups also work with SA 2.6x/SpamcopURI ?
>
> > Alex, I'm sure it would work fine for the RHSBLs (in fact, I was using
> > SpamcopURI against the MailPolice RHSBL before upgrading to SA 3.0.x),
but
> > probably will not for the DNSBLs, since I don't think it supports the
> > functionality of doing a DNS lookup on the URI and then querying the
DNSBL
> > with the IP address (instead of the domain) like the URIDNSBL plug-in
does.
>
> It may be worth pointing out that uridnsbl does not look up the
> IP address of the URI against RBLs, but the IP address of the
> URI domain's *name server*.  It's not the same thing as checking
> the web server against an RBL, but looking up name servers is
> quite effective if the RBL contains some addresses of spammer
> name servers, as sbl.spamhaus.org definitely does.

Yes, thanks for clarifying!

Bill

Re: less header information

Posted by Bill Landry <bi...@pointshare.com>.

----- Original Message ----- 
From: "Roel Bindels" <Ro...@protomation.com>

> I just want the X-spam-flag to be present in the header but not the
report.
> what am I doing wrong.
> See my local.cf below
>
> greetings Roel Bindels
>
> rewrite_subject 0
> report_safe 0
> report_header  0
> use_terse_report
> required_hits           5.0
> use_bayes               1
> auto_learn              1
> skip_rbl_checks         0
> use_razor2              1
> use_dcc                 1
> use_pyzor               1
> ok_languages            all
> ok_locales              all

Try adding "remove_header" after the "report_safe 0" entry.  See
(http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.h
tml#basic_message_tagging_options):
=====
report_safe { 0 | 1 | 2 } (default: 1)
[...]
If this option is set to 0, incoming spam is only modified by adding some
X-Spam- headers and no changes will be made to the body. In addition, a
header named X-Spam-Report will be added to spam. You can use the
remove_header option to remove that header after setting report_safe to 0
=====

Bill

less header information

Posted by Roel Bindels <Ro...@protomation.com>.

Dear Listers,

I just want the X-spam-flag to be present in the header but not the report.
what am I doing wrong.
See my local.cf below

greetings Roel Bindels

rewrite_subject 0
report_safe 0
report_header  0
use_terse_report
required_hits           5.0
use_bayes               1
auto_learn              1
skip_rbl_checks         0
use_razor2              1
use_dcc                 1
use_pyzor               1
ok_languages            all
ok_locales              all

Re: [SURBL-Discuss] Nice URIDNSBL functionality

Posted by Jeff Chan <je...@surbl.org>.

On Sunday, October 31, 2004, 11:24:33 PM, Bill Landry wrote:
> ----- Original Message ----- 
> From: "Alex Broens" <su...@alexb.ch>

>> > Folks, with some of the nice functionality that the SA devs built into
> the
>> > URIDNSBL plug-in (see
>> >
> http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin_URIDNSBL.html),
>> > you can do cool things like:
>> >
>> > =====
>> > # URIDNSBL (queries URIs against standard DNSBLs)
>> >
>> > uridnsbl  URIBL_AH_DNSBL dnsbl.ahbl.org.   TXT
>> > body      URIBL_AH_DNSBL eval:check_uridnsbl('URIBL_AH_DNSBL')
>> > describe  URIBL_AH_DNSBL Contains a URL listed in the AH DNSBL blocklist
>> > tflags    URIBL_AH_DNSBL net
>> > score     URIBL_AH_DNSBL 0.5
>> >
>> > I have been running these additional URI tests for about two weeks and
> have
>> > gotten very good results.  If you decide to try out these tests, you may
>> > want to run them with minimal scores until you see how they are going to
>> > perform for you in your particular environment.

>> Will these lookups also work with SA 2.6x/SpamcopURI ?

> Alex, I'm sure it would work fine for the RHSBLs (in fact, I was using
> SpamcopURI against the MailPolice RHSBL before upgrading to SA 3.0.x), but
> probably will not for the DNSBLs, since I don't think it supports the
> functionality of doing a DNS lookup on the URI and then querying the DNSBL
> with the IP address (instead of the domain) like the URIDNSBL plug-in does.

It may be worth pointing out that uridnsbl does not look up the
IP address of the URI against RBLs, but the IP address of the
URI domain's *name server*.  It's not the same thing as checking
the web server against an RBL, but looking up name servers is
quite effective if the RBL contains some addresses of spammer
name servers, as sbl.spamhaus.org definitely does.

Jeff C.
--
"If it appears in hams, then don't list it."

Re: [SURBL-Discuss] Nice URIDNSBL functionality

Posted by Bill Landry <bi...@pointshare.com>.

----- Original Message ----- 
From: "Alex Broens" <su...@alexb.ch>

> > Folks, with some of the nice functionality that the SA devs built into
the
> > URIDNSBL plug-in (see
> >
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin_URIDNSBL.html),
> > you can do cool things like:
> >
> > =====
> > # URIDNSBL (queries URIs against standard DNSBLs)
> >
> > uridnsbl  URIBL_AH_DNSBL dnsbl.ahbl.org.   TXT
> > body      URIBL_AH_DNSBL eval:check_uridnsbl('URIBL_AH_DNSBL')
> > describe  URIBL_AH_DNSBL Contains a URL listed in the AH DNSBL blocklist
> > tflags    URIBL_AH_DNSBL net
> > score     URIBL_AH_DNSBL 0.5
> >
> > I have been running these additional URI tests for about two weeks and
have
> > gotten very good results.  If you decide to try out these tests, you may
> > want to run them with minimal scores until you see how they are going to
> > perform for you in your particular environment.
>
> Bill or anybody,
>
> Will these lookups also work with SA 2.6x/SpamcopURI ?

Alex, I'm sure it would work fine for the RHSBLs (in fact, I was using
SpamcopURI against the MailPolice RHSBL before upgrading to SA 3.0.x), but
probably will not for the DNSBLs, since I don't think it supports the
functionality of doing a DNS lookup on the URI and then querying the DNSBL
with the IP address (instead of the domain) like the URIDNSBL plug-in does.

Bill