You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Ulysses Cruz <ul...@ucruz.org> on 2004/09/23 19:22:03 UTC
Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
On Thu, Sep 23, 2004 at 10:52:03AM -0500, Sandy S whispered:
> I'm in the process of upgrading to Spamassassin 3.0 and am currently running
> my email through the new version of Spamassassin. I just had an email slip
> through that should have been caught by the URIDNSBL lookups - it's listed
> in all of the URI blacklists.
>
snip the actual URIs
> It appears that instead of querying for wneiis-planet.info, Spamassassin is
> attempting to query the full URL. wneiis-planet.info is listed in the URL
> RBLs, but tvuu.wneiis-planet.info and ckcw.wneiss-planet.info are not, so
> this email got through.
>
> The URIDNSBL is working fine on other messages - here's the log on a similar
> message where the URI DNS lookups worked correctly:
same again
> In this case it correctly extracted the domain to query as bestwneiis.info.
>
> Is this a bug or is there something I missed as I was RTFMing? Thanks for
> any help on this!
>
> Sandy S.
Ironically, my system marked your post as spam specifically because of the
URIBLs.
I am using a standard amavid-new & SA 3.0 install, with only the core rules.
How is your system configured, and are you using any extra rules?
Ulysses
--
Ulysses S. Cruz ulysses@ucruz.org
"If it wasn't for the voices in my head, I'd go insane from loneliness"
-Me, Myself and I
Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
Posted by Sandy S <sa...@boreal.org>.
Thanks for the feedback - I've created the attachment with a sample spam.
Sandy
----- Original Message -----
From: "Theo Van Dinter" <fe...@kluge.net>
To: "Jeff Chan" <je...@surbl.org>
Cc: <us...@spamassassin.apache.org>
Sent: Monday, September 27, 2004 11:26 AM
Subject: Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
Posted by Theo Van Dinter <fe...@kluge.net>.
On Mon, Sep 27, 2004 at 08:22:18AM -0700, Jeff Chan wrote:
> something may be broken. Be sure to include at least
> the full URI in your bugzilla. It may be standard procedure
> is to attach the full message.
Yeah, the URI itself is pretty useless to us.
The instructions are on the "create a new ticket" page, but create the
ticket, then attach (via the web page) the full message w/ all headers
and such.
--
Randomly Generated Tagline:
"Are [Linux users] lemmings collectively jumping off of the cliff of
reliable, well-engineered commercial software?"
(By Matt Welsh)
Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
Posted by Jeff Chan <je...@surbl.org>.
On Monday, September 27, 2004, 7:57:27 AM, Sandy S. wrote:
> URIDNSBL: query for dkcw.wneiis-planet.info took 2 seconds to look up
> (multi.surbl.org.:dkcw.wneiis-planet.info)
> debug: URIDNSBL: query for tvuu.wneiis-planet.info took 2 seconds to look up
> (multi.surbl.org.:tvuu.wneiis-planet.info)
> debug: URIDNSBL: queries completed: 4 started: 0
> debug: URIDNSBL: queries active: at Mon Sep 27 09:31:57 2004
> <---snip---->
> debug:
> tests=BAYES_99,MANY_RBLS_BA,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_B
> L_SPAMCOP_NET,RCVD_IN_SORBS_WEB,SPAMMER_URLS04_I_BA
> debug:
> subtests=__BODY_EXISTS_BA,__CT,__CTE,__CTYPE_CHARSET_QUOTED,__CT_TEXT_PLA
> IN,__HAS_MSGID,__HAS_SUBJECT,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HOS
> T,__
> RCVD_IN_SBL_XBL,__RCVD_IN_SORBS,__SANE_MSGID
> If I'm reading the dig output correctly, it isn't finding the
> tvuu.wneiis-planet.info domain, although wneiis-planet.info is listed. But
> from other posts on this list it's obvious that it is being correctly
> flagged on other systems. Is this an issue with SURBL or with Spamassassin?
> If it's a problem with the way Spamassassin is extracting the URL's I'll
> submit it to bugzilla, but I want to be sure I'm on the right track before I
> do.
It's a SpamAssassin issue. URIDNSBL should be querying
wneiis-planet.info, which does match SURBLs. If it's
not reducing URIs it finds down to that base domain then
something may be broken. Be sure to include at least
the full URI in your bugzilla. It may be standard procedure
is to attach the full message.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
Posted by "Sandy S." <sa...@boreal.org>.
Jeff Chan wrote:
> I'd need to read the source code, but for a .info, urirhssub
> is probably checking the second level domain, i.e.
> wneiis-planet.info . It may be checking at the third levels
> also: tvuu.wneiis-planet.info and dkcw.wneiis-planet.info .
>
> In either case it should not be timing out. If it is checking
> the third levels, an NXDOMAIN response meaning it's not on the
> multi.surbl.org list should be cached after the first try and
> therefore quick on subsequent queries. It should be pretty
> quickly resolved for whatever name servers you happen to hit
> for the first query.
>
> If you try:
>
> time dig tvuu.wneiis-planet.info.multi.surbl.org.
>
> on the same machine SA is running on what result do you get? How
> long does it take. How about:
>
> time dig wneiis-planet.info.multi.surbl.org.
>
> Try a bogus new query like:
>
> time dig some.bogus.query.multi.surbl.org.
>
> and see how long it takes to give an NXDOMAIN. If it's quick
> from the command line it probably should be quick from SA also.
>
> Jeff C.
> --
> Jeff Chan
> mailto:jeffc@surbl.org
> http://www.surbl.org/
>
Thanks for your help with this! I tried the dig commands you suggested and
the response times were very fast:
time dig tvuu.wneiis-planet.info.multi.surbl.org:
; <<>> DiG 8.3 <<>> tvuu.wneiis-planet.info.multi.surbl.org.
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7293
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; tvuu.wneiis-planet.info.multi.surbl.org, type = A, class = IN
;; AUTHORITY SECTION:
multi.surbl.org. 6m56s IN SOA a.surbl.org. zone.surbl.org. (
1096293502 ; serial
10M ; refresh
5M ; retry
1W ; expiry
15M ) ; minimum
;; Total query time: 1 msec
;; FROM: teal.boreal.org to SERVER: 216.70.16.10
;; WHEN: Mon Sep 27 09:36:11 2004
;; MSG SIZE sent: 57 rcvd: 100
0.000u 0.001s 0:00.00 0.0% 0+0k 0+0io 0pf+0w
--------------------------
time dig wneiis-planet.info.multi.surbl.org:
; <<>> DiG 8.3 <<>> wneiis-planet.info.multi.surbl.org.
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24537
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 14, ADDITIONAL: 13
;; QUERY SECTION:
;; wneiis-planet.info.multi.surbl.org, type = A, class = IN
;; ANSWER SECTION:
wneiis-planet.info.multi.surbl.org. 27m15s IN A 127.0.0.54
;; AUTHORITY SECTION:
multi.surbl.org. 3m44s IN NS g.surbl.org.
multi.surbl.org. 3m44s IN NS h.surbl.org.
multi.surbl.org. 3m44s IN NS i.surbl.org.
multi.surbl.org. 3m44s IN NS j.surbl.org.
multi.surbl.org. 3m44s IN NS k.surbl.org.
multi.surbl.org. 3m44s IN NS l.surbl.org.
multi.surbl.org. 3m44s IN NS m.surbl.org.
multi.surbl.org. 3m44s IN NS n.surbl.org.
multi.surbl.org. 3m44s IN NS a.surbl.org.
multi.surbl.org. 3m44s IN NS b.surbl.org.
multi.surbl.org. 3m44s IN NS c.surbl.org.
multi.surbl.org. 3m44s IN NS d.surbl.org.
multi.surbl.org. 3m44s IN NS e.surbl.org.
multi.surbl.org. 3m44s IN NS f.surbl.org.
;; ADDITIONAL SECTION:
g.surbl.org. 23h8m36s IN A 69.10.169.115
g.surbl.org. 23h8m36s IN A 209.234.111.50
h.surbl.org. 23h8m22s IN A 216.241.132.46
h.surbl.org. 23h8m22s IN A 64.21.208.210
i.surbl.org. 23h8m44s IN A 62.58.50.220
i.surbl.org. 23h8m44s IN A 194.109.9.8
i.surbl.org. 23h8m44s IN A 38.116.133.25
j.surbl.org. 23h8m22s IN A 130.161.128.109
j.surbl.org. 23h8m22s IN A 194.134.35.168
j.surbl.org. 23h8m22s IN A 130.161.128.108
k.surbl.org. 23h8m22s IN A 213.132.0.70
k.surbl.org. 23h8m22s IN A 193.95.141.43
k.surbl.org. 23h8m22s IN A 194.134.35.204
;; Total query time: 2 msec
;; FROM: teal.boreal.org to SERVER: 216.70.16.10
;; WHEN: Mon Sep 27 09:37:06 2004
;; MSG SIZE sent: 52 rcvd: 500
0.000u 0.001s 0:00.00 0.0% 0+0k 0+0io 0pf+0w
-------------------
time dig some.bogus.query.multi.surbl.org:
; <<>> DiG 8.3 <<>> some.bogus.query.multi.surbl.org.
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10800
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; some.bogus.query.multi.surbl.org, type = A, class = IN
;; AUTHORITY SECTION:
multi.surbl.org. 4m45s IN SOA a.surbl.org. zone.surbl.org. (
1096293502 ; serial
10M ; refresh
5M ; retry
1W ; expiry
15M ) ; minimum
;; Total query time: 1 msec
;; FROM: teal.boreal.org to SERVER: 216.70.16.10
;; WHEN: Mon Sep 27 09:39:59 2004
;; MSG SIZE sent: 50 rcvd: 93
0.000u 0.001s 0:00.00 0.0% 0+0k 0+0io 0pf+0w
------------------
I tried running the spam in question through Spamassassin again and this
time it doesn't appear to have timed out, but it's still not identifying
this domain as being in the URIBLs.
Debug output:
<---snip---->
URIDNSBL: query for dkcw.wneiis-planet.info took 2 seconds to look up
(multi.surbl.org.:dkcw.wneiis-planet.info)
debug: URIDNSBL: query for tvuu.wneiis-planet.info took 2 seconds to look up
(multi.surbl.org.:tvuu.wneiis-planet.info)
debug: URIDNSBL: queries completed: 4 started: 0
debug: URIDNSBL: queries active: at Mon Sep 27 09:31:57 2004
<---snip---->
debug:
tests=BAYES_99,MANY_RBLS_BA,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_B
L_SPAMCOP_NET,RCVD_IN_SORBS_WEB,SPAMMER_URLS04_I_BA
debug:
subtests=__BODY_EXISTS_BA,__CT,__CTE,__CTYPE_CHARSET_QUOTED,__CT_TEXT_PLA
IN,__HAS_MSGID,__HAS_SUBJECT,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HOS
T,__
RCVD_IN_SBL_XBL,__RCVD_IN_SORBS,__SANE_MSGID
If I'm reading the dig output correctly, it isn't finding the
tvuu.wneiis-planet.info domain, although wneiis-planet.info is listed. But
from other posts on this list it's obvious that it is being correctly
flagged on other systems. Is this an issue with SURBL or with Spamassassin?
If it's a problem with the way Spamassassin is extracting the URL's I'll
submit it to bugzilla, but I want to be sure I'm on the right track before I
do.
Thanks much for your help!
Sandy S.
Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
Posted by Jeff Chan <je...@surbl.org>.
On Thursday, September 23, 2004, 11:54:14 AM, Sandy S wrote:
> I did find these lines in the debug output:
> debug: URIDNSBL: domains to query: tvuu.wneiis-MUNGEDplanet.info
> dkcw.wneiis-MUNGEDplanet.info
> ----and----
> debug: URIDNSBL: queries completed: 0 started: 0
> debug: URIDNSBL: queries active: DNSBL=2 NS=2 at Thu Sep 23 13:36:08 2004
> debug: done waiting for URIDNSBL lookups to complete
> Apparently the lookups timed out. I assume that's something to do with the
> fact that it's checking for tvuu.wneiis-MUNGEDplanet.info instead of just
> wneiis-MUNGEDplanet.info, but I don't know enough about how the URI RBLs
> work to be sure.
I'd need to read the source code, but for a .info, urirhssub
is probably checking the second level domain, i.e.
wneiis-planet.info . It may be checking at the third levels
also: tvuu.wneiis-planet.info and dkcw.wneiis-planet.info .
In either case it should not be timing out. If it is checking
the third levels, an NXDOMAIN response meaning it's not on the
multi.surbl.org list should be cached after the first try and
therefore quick on subsequent queries. It should be pretty
quickly resolved for whatever name servers you happen to hit
for the first query.
If you try:
time dig tvuu.wneiis-planet.info.multi.surbl.org.
on the same machine SA is running on what result do you get? How
long does it take. How about:
time dig wneiis-planet.info.multi.surbl.org.
Try a bogus new query like:
time dig some.bogus.query.multi.surbl.org.
and see how long it takes to give an NXDOMAIN. If it's quick
from the command line it probably should be quick from SA also.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
Posted by Ulysses Cruz <ul...@ucruz.org>.
On Thu, Sep 23, 2004 at 01:54:14PM -0500, Sandy S whispered:
> Apparently the lookups timed out. I assume that's something to do with the
> fact that it's checking for tvuu.wneiis-MUNGEDplanet.info instead of just
> wneiis-MUNGEDplanet.info, but I don't know enough about how the URI RBLs
> work to be sure.
>
> I'm stumped at this point, but fortunately a) it works most of the time and
> b) other checks like Razor and DCC seem to be kicking in to push these
> messages over the Spam threshhold anyway. So I guess it's not a major
> issue - I was just wondering if anyone else had run into it and if it was
> something I should report as a bug.
>
> Thanks for all your help and ideas!
>
> Sandy
Sandy,
Hate to say it, but at this point I'm out of ideas too. Perhaps there is a bug
somewhere in the URIBL rule or in the perl modules involved, but I wouldn't
know where to look.
Maybe someone else on the list as an idea.
Ulysses
--
Ulysses S. Cruz ulysses@ucruz.org
"If it wasn't for the voices in my head, I'd go insane from loneliness"
-Me, Myself and I
Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
Posted by Sandy S <sa...@boreal.org>.
----- Original Message -----
From: "Ulysses Cruz" <ul...@ucruz.org>
To: <us...@spamassassin.apache.org>
Sent: Thursday, September 23, 2004 1:21 PM
Subject: Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
> On Thu, Sep 23, 2004 at 01:10:40PM -0500, Sandy S whispered:
> > Ulysses -
> > Thanks for your advice. I'm pretty sure we have all the needed perl
> > modules, since 99% of the time the URIBL rules are working just as
they're
> > supposed to. It's only on those one or two .info domains that they
don't
> > fire.
> >
> > Any other ideas?
> >
> > Thanks,
> > Sandy
>
> OK, last guess here, you said that you're running SA from procmail, have
you
> checked to see if the URIBL rules are failing for the same user each time,
or
> are they failing for random users? It's possible one of your users has the
> wrong configuration, or possibly lacks permissions to connect to the
URIBLs or
> run a particular perl module.
>
> Ulysses
>
> --
> Ulysses S. Cruz ulysses@ucruz.org
> "If it wasn't for the voices in my head, I'd go insane from loneliness"
> -Me, Myself and I
>
Ulysses -
Thanks for another good idea. Just to make absolutely sure there were no
permissions issues, I went in as root and manually ran the email in question
through spamassassin -D, but I got the same results.
I did find these lines in the debug output:
debug: URIDNSBL: domains to query: tvuu.wneiis-MUNGEDplanet.info
dkcw.wneiis-MUNGEDplanet.info
----and----
debug: URIDNSBL: queries completed: 0 started: 0
debug: URIDNSBL: queries active: DNSBL=2 NS=2 at Thu Sep 23 13:36:08 2004
debug: done waiting for URIDNSBL lookups to complete
Apparently the lookups timed out. I assume that's something to do with the
fact that it's checking for tvuu.wneiis-MUNGEDplanet.info instead of just
wneiis-MUNGEDplanet.info, but I don't know enough about how the URI RBLs
work to be sure.
I'm stumped at this point, but fortunately a) it works most of the time and
b) other checks like Razor and DCC seem to be kicking in to push these
messages over the Spam threshhold anyway. So I guess it's not a major
issue - I was just wondering if anyone else had run into it and if it was
something I should report as a bug.
Thanks for all your help and ideas!
Sandy
Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
Posted by Ulysses Cruz <ul...@ucruz.org>.
On Thu, Sep 23, 2004 at 01:10:40PM -0500, Sandy S whispered:
> Ulysses -
> Thanks for your advice. I'm pretty sure we have all the needed perl
> modules, since 99% of the time the URIBL rules are working just as they're
> supposed to. It's only on those one or two .info domains that they don't
> fire.
>
> Any other ideas?
>
> Thanks,
> Sandy
OK, last guess here, you said that you're running SA from procmail, have you
checked to see if the URIBL rules are failing for the same user each time, or
are they failing for random users? It's possible one of your users has the
wrong configuration, or possibly lacks permissions to connect to the URIBLs or
run a particular perl module.
Ulysses
--
Ulysses S. Cruz ulysses@ucruz.org
"If it wasn't for the voices in my head, I'd go insane from loneliness"
-Me, Myself and I
Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
Posted by Sandy S <sa...@boreal.org>.
----- Original Message -----
From: "Ulysses Cruz" <ul...@ucruz.org>
To: <us...@spamassassin.apache.org>
Sent: Thursday, September 23, 2004 1:03 PM
Subject: Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
> On Thu, Sep 23, 2004 at 12:44:39PM -0500, Sandy S. whispered:
> > Thanks for your response - that's very interesting! We're running
> > Spamassassin 3.0 on FreeBSD 4.9, using spamd/spamc called via procmail.
I
> > do have a bunch of custom rulesets, mostly pulled from the SARE site:
> > 70_sare_uri.cf, 99_sare_fraud_post25x.cf, evilnumbers.cf, tripwire.cf,
and
> > weeds_2.cf. I also have a bunch of my own rules that I've added here
and
> > there to catch things that slip through. (For example I added one like
"uri
> > SPAMMER_URLS04_I /\bwneiis-planet\.info/i" after the message in question
got
> > through.)
> >
> > I'd say 99% of the time the URI RBL lookups are working great. I've
only
> > found one other spam so far where this same thing happened, and that was
> > also a .info domain.
> >
> > Thanks for your help!
> >
> > Sandy S.
>
> I think the general concensus right now on upgrading to SA 3.0 is to use
only
> the core rules, until you are sure that you need additional rules. As I
said,
> my system caught the.info URIs with no problem.
>
> I would also heck to make sure that you have all the needed perl modules
> installed. It's possible that the URIBL rules are being skipped because
you are
> missing a perl mod, or you have the wrong version.
>
> Good luck,
> Ulysses
>
> --
> Ulysses S. Cruz ulysses@ucruz.org
> "If it wasn't for the voices in my head, I'd go insane from loneliness"
> -Me, Myself and I
>
Ulysses -
Thanks for your advice. I'm pretty sure we have all the needed perl
modules, since 99% of the time the URIBL rules are working just as they're
supposed to. It's only on those one or two .info domains that they don't
fire.
Any other ideas?
Thanks,
Sandy
Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
Posted by Ulysses Cruz <ul...@ucruz.org>.
On Thu, Sep 23, 2004 at 12:44:39PM -0500, Sandy S. whispered:
> Thanks for your response - that's very interesting! We're running
> Spamassassin 3.0 on FreeBSD 4.9, using spamd/spamc called via procmail. I
> do have a bunch of custom rulesets, mostly pulled from the SARE site:
> 70_sare_uri.cf, 99_sare_fraud_post25x.cf, evilnumbers.cf, tripwire.cf, and
> weeds_2.cf. I also have a bunch of my own rules that I've added here and
> there to catch things that slip through. (For example I added one like "uri
> SPAMMER_URLS04_I /\bwneiis-planet\.info/i" after the message in question got
> through.)
>
> I'd say 99% of the time the URI RBL lookups are working great. I've only
> found one other spam so far where this same thing happened, and that was
> also a .info domain.
>
> Thanks for your help!
>
> Sandy S.
I think the general concensus right now on upgrading to SA 3.0 is to use only
the core rules, until you are sure that you need additional rules. As I said,
my system caught the.info URIs with no problem.
I would also heck to make sure that you have all the needed perl modules
installed. It's possible that the URIBL rules are being skipped because you are
missing a perl mod, or you have the wrong version.
Good luck,
Ulysses
--
Ulysses S. Cruz ulysses@ucruz.org
"If it wasn't for the voices in my head, I'd go insane from loneliness"
-Me, Myself and I
Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
Posted by "Sandy S." <sa...@boreal.org>.
----- Original Message -----
From: "Ulysses Cruz" <ul...@ucruz.org>
To: <us...@spamassassin.apache.org>
Sent: Thursday, September 23, 2004 12:22 PM
Subject: Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
> On Thu, Sep 23, 2004 at 10:52:03AM -0500, Sandy S whispered:
> > I'm in the process of upgrading to Spamassassin 3.0 and am currently
running
> > my email through the new version of Spamassassin. I just had an email
slip
> > through that should have been caught by the URIDNSBL lookups - it's
listed
> > in all of the URI blacklists.
> >
> snip the actual URIs
> > It appears that instead of querying for wneiis-planet.info, Spamassassin
is
> > attempting to query the full URL. wneiis-planet.info is listed in the
URL
> > RBLs, but tvuu.wneiis-planet.info and ckcw.wneiss-planet.info are not,
so
> > this email got through.
> >
> > The URIDNSBL is working fine on other messages - here's the log on a
similar
> > message where the URI DNS lookups worked correctly:
> same again
> > In this case it correctly extracted the domain to query as
bestwneiis.info.
> >
> > Is this a bug or is there something I missed as I was RTFMing? Thanks
for
> > any help on this!
> >
> > Sandy S.
>
> Ironically, my system marked your post as spam specifically because of the
> URIBLs.
>
> I am using a standard amavid-new & SA 3.0 install, with only the core
rules.
> How is your system configured, and are you using any extra rules?
>
> Ulysses
>
> --
> Ulysses S. Cruz ulysses@ucruz.org
> "If it wasn't for the voices in my head, I'd go insane from loneliness"
> -Me, Myself and I
>
Thanks for your response - that's very interesting! We're running
Spamassassin 3.0 on FreeBSD 4.9, using spamd/spamc called via procmail. I
do have a bunch of custom rulesets, mostly pulled from the SARE site:
70_sare_uri.cf, 99_sare_fraud_post25x.cf, evilnumbers.cf, tripwire.cf, and
weeds_2.cf. I also have a bunch of my own rules that I've added here and
there to catch things that slip through. (For example I added one like "uri
SPAMMER_URLS04_I /\bwneiis-planet\.info/i" after the message in question got
through.)
I'd say 99% of the time the URI RBL lookups are working great. I've only
found one other spam so far where this same thing happened, and that was
also a .info domain.
Thanks for your help!
Sandy S.
Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
Posted by Jeff Chan <je...@surbl.org>.
On Thursday, September 23, 2004, 10:22:03 AM, Ulysses Cruz wrote:
> Ironically, my system marked your post as spam specifically because of the
> URIBLs.
Usually it's recommended to not process anti-spam mailing list
messages with anti-spam tools for this reason.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/