You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by LuKreme <kr...@kreme.com> on 2004/07/20 05:50:09 UTC
Test spam for bigevil/evilnumbers/antidrug/SARE?
So, I have RDJ running with SA3.0 and
70_sare_adult.cf
70_sare_spoof.cf
72_sare_redirect_post3.0.0.cf
99_sare_fraud_post25x.cf
antidrug.cf
bigevil.cf
evilnumbers.cf
tripwire.cf
but I haven't seen a hit yet on those rulesets. And I'm still getting
spam from casinos and various other slime, so I was wondering if there
is a test email designed to trigger some of these rulesets.
Are any of these redundant with SA3.0pre2 (--lint passes now). I did
remove backhair as I saw that has been integrated.
--
Heisenberg's only uncertainty was what pub to vomit in next and Jung
fancied Freud's mother too. -- Jared Earle
Re: Test spam for bigevil/evilnumbers/antidrug/SARE?
Posted by LuKreme <kr...@kreme.com>.
On 20 Jul 2004, at 17:31, Ryan Thompson wrote:
> LuKreme wrote to spamassassin-users@incubator.apache.org:
>
>> I trawled the site for instllation instructions and I may be thicker
>> than molasses, but I could not find anything.
>>
>> "Requires the Mail::SpamAssassin::Plugin::URIDNSBL plugin be loaded."
>
> You're probably just missing the following in your configuration:
>
> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
But where do I get the plugin?
--
Like the moment when the brakes lock/And you slide towards the big
truck/You stretch the frozen moments with your fear
Re: Test spam for bigevil/evilnumbers/antidrug/SARE?
Posted by Ryan Thompson <sp...@sasknow.com>.
LuKreme wrote to spamassassin-users@incubator.apache.org:
> I trawled the site for instllation instructions and I may be thicker than
> molasses, but I could not find anything.
>
> "Requires the Mail::SpamAssassin::Plugin::URIDNSBL plugin be loaded."
You're probably just missing the following in your configuration:
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
uridnsbl URIBL_SBL sbl.spamhaus.org. TXT
header URIBL_SBL eval:check_uridnsbl('URIBL_SBL')
describe URIBL_SBL Contains a URL listed in the SBL blocklist
tflags URIBL_SBL net
score URIBL_SBL 4.0
# Add other URIBL rules here...
>> And, as always, checking the output of spamassassin -D -t will reveal
>> many things that would otherwise be confusing. :-)
>
> [ ... snip debug output ... ]
>
> So there, they're loading.
>
> Must just be all the bigevil is exceeding the 9.0 /dev/null threshold.
;-) So it's working for you, then?
- Ryan
--
Ryan Thompson <ry...@sasknow.com>
SaskNow Technologies - http://www.sasknow.com
901-1st Avenue North - Saskatoon, SK - S7K 1Y4
Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America
Re: Test spam for bigevil/evilnumbers/antidrug/SARE?
Posted by LuKreme <kr...@kreme.com>.
On 20 Jul 2004, at 00:42, Jeff Chan wrote:
> On Monday, July 19, 2004, 11:29:04 PM, LuKreme wrote:
>> I trawled the site for instllation instructions and I may be thicker
>> than molasses, but I could not find anything.
>
>> "Requires the Mail::SpamAssassin::Plugin::URIDNSBL plugin be loaded."
>
>> cpan> install Mail::SpamAssassin::Plugin::URIDNSBL
>> Warning: Cannot install Mail::SpamAssassin::Plugin::URIDNSBL, don't
>> know what it is.
> [...]
>
> That is the correct answer for SA 3.0, which I assume you're
> using. But I'm pretty sure the URIDNSBL plugin is too new
> to be in CPAN. You may need to install it from the development
> tree for now.
Care to be specific?
--
Lister: What d'ya think of Betty? Cat: Betty Rubble? Well, I would go
with Betty... but I'd be thinking of Wilma. Lister: This is crazy. Why
are we talking about going to bed with Wilma Flintstone? Cat: You're
right. We're nuts. This is an insane conversation. Lister: She'll never
leave Fred, and we know it.
Re: Test spam for bigevil/evilnumbers/antidrug/SARE?
Posted by Jeff Chan <je...@surbl.org>.
On Monday, July 19, 2004, 11:29:04 PM, LuKreme wrote:
> I trawled the site for instllation instructions and I may be thicker
> than molasses, but I could not find anything.
> "Requires the Mail::SpamAssassin::Plugin::URIDNSBL plugin be loaded."
> cpan> install Mail::SpamAssassin::Plugin::URIDNSBL
> Warning: Cannot install Mail::SpamAssassin::Plugin::URIDNSBL, don't
> know what it is.
[...]
That is the correct answer for SA 3.0, which I assume you're
using. But I'm pretty sure the URIDNSBL plugin is too new
to be in CPAN. You may need to install it from the development
tree for now.
Or if you're using SA 2.63, then please use SpamCopURI:
http://sourceforge.net/projects/spamcopuri/
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: Test spam for bigevil/evilnumbers/antidrug/SARE?
Posted by LuKreme <kr...@kreme.com>.
On 19 Jul 2004, at 22:34, Ryan Thompson wrote:
> LuKreme wrote to spamassassin-users@incubator.apache.org:
>
>> bigevil.cf
>
> Huge, and deprecated. You should probably get some hits on this, but
> you
> really, really should enable the SURBL rules. http://www.surbl.org/ .
> This answer is now posted to this list daily. :-)
I trawled the site for instllation instructions and I may be thicker
than molasses, but I could not find anything.
"Requires the Mail::SpamAssassin::Plugin::URIDNSBL plugin be loaded."
cpan> install Mail::SpamAssassin::Plugin::URIDNSBL
Warning: Cannot install Mail::SpamAssassin::Plugin::URIDNSBL, don't
know what it is.
Try the command
i /Mail::SpamAssassin::Plugin::URIDNSBL/
to find objects with matching identifiers.
cpan> i /URIDNSBL/
No objects found of any type for argument /URIDNSBL/
<http://spamassassin.apache.org/full/3.0.x/dist/lib/Mail/SpamAssassin/
Plugin/URIDNSBL.pm> looks promising, if I only knew what do do with it.
>> Are any of these redundant with SA3.0pre2 (--lint passes now).
>
> OK, good. --lint passes. Have you restarted spamd?
Yep, RDJ restarts spamd as part of the script (though I've also kilt
and restarted it manually a couple of times as I tweaked the local.cf)
> Perhaps the new .cf files simply aren't being read? Where are they
> being
> stored? They should normally be in the same directory as local.cf, with
> world-readable permissions.
Yep.
> And, as always, checking the output of spamassassin -D -t will reveal
> many things that would otherwise be confusing. :-)
Ah, yes, silly me:
debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf
debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf
debug: config: read file
/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf
debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf
debug: config: read file /etc/mail/spamassassin/antidrug.cf
debug: config: read file /etc/mail/spamassassin/bigevil.cf
debug: config: read file /etc/mail/spamassassin/evilnumbers.cf
debug: config: read file /etc/mail/spamassassin/local.cf
debug: config: read file /etc/mail/spamassassin/tripwire.cf
So there, they're loading.
Must just be all the bigevil is exceeding the 9.0 /dev/null threshold.
--
Lobotomy means never having to say you're sorry -- or anything else.
Re: Test spam for bigevil/evilnumbers/antidrug/SARE?
Posted by Ryan Thompson <sp...@sasknow.com>.
LuKreme wrote to spamassassin-users@incubator.apache.org:
> antidrug.cf
Included in 3.0. Don't use it.
> bigevil.cf
Huge, and deprecated. You should probably get some hits on this, but you
really, really should enable the SURBL rules. http://www.surbl.org/ .
This answer is now posted to this list daily. :-)
> tripwire.cf
I disabled TW_ here, because, while I did see quite a few hits in a
corpus of ~10,000s/10,000h, *none* of the messages were pushed over the
threshold by the TW_* rules.
As for the others:
> So, I have RDJ running with SA3.0 and
>
> 70_sare_adult.cf
> 70_sare_spoof.cf
> 72_sare_redirect_post3.0.0.cf
> 99_sare_fraud_post25x.cf
> evilnumbers.cf
Some of these get more frequent hits than others, but they all do hit at
least occasionally, here.
> but I haven't seen a hit yet on those rulesets. And I'm still getting spam
> from casinos and various other slime, so I was wondering if there is a test
> email designed to trigger some of these rulesets.
Sure, you can test them. Just have a look at the rules. The first rule
in evilnumbers starts like so:
body EVILNUMBER_A_1XX_1 /1(?:0 West Broadway, Long Beach, NY|00 E\.
Knowing what I know about Perl, I parse that to mean
10 West Broadway, Long Beach, NY
ought to trigger the EVILNUMBER_A_1XX_1 rule. So, I send myself an email
with that string in the body. Sure enough, I get a hit for that rule.
> Are any of these redundant with SA3.0pre2 (--lint passes now).
OK, good. --lint passes. Have you restarted spamd?
Perhaps the new .cf files simply aren't being read? Where are they being
stored? They should normally be in the same directory as local.cf, with
world-readable permissions.
And, as always, checking the output of spamassassin -D -t will reveal
many things that would otherwise be confusing. :-)
- Ryan
--
Ryan Thompson <ry...@sasknow.com>
SaskNow Technologies - http://www.sasknow.com
901-1st Avenue North - Saskatoon, SK - S7K 1Y4
Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America
Re: Test spam for bigevil/evilnumbers/antidrug/SARE?
Posted by Matt Kettler <mk...@evi-inc.com>.
At 11:50 PM 7/19/2004, LuKreme wrote:
>antidrug.cf
>bigevil.cf
>evilnumbers.cf
>tripwire.cf
>
>but I haven't seen a hit yet on those rulesets. And I'm still getting
>spam from casinos and various other slime, so I was wondering if there is
>a test email designed to trigger some of these rulesets.
>
>Are any of these redundant with SA3.0pre2 (--lint passes now). I did
>remove backhair as I saw that has been integrated.
antidrug.cf is redundant with SA 3.0pre2.
As for triggering antidrug, just send yourself an email mentioning any of
your favorite penis-pills or high-end prescription painkillers. Also try
obfuscating them with spaces, punctuation, 1337 speak, etc.