You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Ben Poliakoff <be...@reed.edu> on 2005/06/03 02:23:56 UTC
URIDNSBL.pm improvements in 3.1?
So I've noticed that the URIDNSBL.pm in the 3.1 snapshots seems to
recognize obfuscated URIs much better than in 3.0.x.
In other words I was looking at a message that my relatively well
maintained 3.0.3 installation didn't catch. Then I tried running the
same message through my personal 3.1 snapshot installation. The 3.1
installation gave the message a comparatively high score (do to the
domain being listed in multiple SURBLs).
The message in question contained some lines like this:
copy-paste the u[r]l to finish.....
ez-rate*MUNGED*.info
The 3.1 code recoginized the domain name readily, looked it up and found
it in almost all of the SURBLs. But the 3.0.3 code didn't spot it (and
the message scored on bayes alone).
Is there any straightforward way to backport some of this goodness to
3.0.x? I don't mind running the development snapshots at home but at
work I have to answer to a couple thousand users...
Ben
Re: URIDNSBL.pm improvements in 3.1?
Posted by Ben Poliakoff <be...@reed.edu>.
* Stuart Johnston <st...@ebby.com> [20050603 11:09]:
> >Is there any straightforward way to backport some of this goodness to
> >3.0.x? I don't mind running the development snapshots at home but at
> >work I have to answer to a couple thousand users...
>
> Here is the bug concerning the copy-paste urls:
>
> http://bugzilla.spamassassin.org/show_bug.cgi?id=4208
>
> I have just posted a backport patch there. I doubt that it will get
> added to 3.0.4 (if there ever is one) but you should be able to apply it
> to your local install. Although, I should point out that this backport
> has not been tested any further than 'make test'.
Thanks! This is very useful, I'm testing it now, it's caught all of the
problem messages so far.
Looking forward to the 3.1 release! :)
Ben
Re: URIDNSBL.pm improvements in 3.1?
Posted by Stuart Johnston <st...@ebby.com>.
Ben Poliakoff wrote:
> So I've noticed that the URIDNSBL.pm in the 3.1 snapshots seems to
> recognize obfuscated URIs much better than in 3.0.x.
>
> In other words I was looking at a message that my relatively well
> maintained 3.0.3 installation didn't catch. Then I tried running the
> same message through my personal 3.1 snapshot installation. The 3.1
> installation gave the message a comparatively high score (do to the
> domain being listed in multiple SURBLs).
>
> The message in question contained some lines like this:
>
> copy-paste the u[r]l to finish.....
> ez-rate*MUNGED*.info
>
> The 3.1 code recoginized the domain name readily, looked it up and found
> it in almost all of the SURBLs. But the 3.0.3 code didn't spot it (and
> the message scored on bayes alone).
>
> Is there any straightforward way to backport some of this goodness to
> 3.0.x? I don't mind running the development snapshots at home but at
> work I have to answer to a couple thousand users...
Here is the bug concerning the copy-paste urls:
http://bugzilla.spamassassin.org/show_bug.cgi?id=4208
I have just posted a backport patch there. I doubt that it will get
added to 3.0.4 (if there ever is one) but you should be able to apply it
to your local install. Although, I should point out that this backport
has not been tested any further than 'make test'.
-Stuart
Re: URIDNSBL.pm improvements in 3.1?
Posted by jdow <jd...@earthlink.net>.
Does 3.04 or 3.1 contain any way to COUNT "Subject:" header lines?
If not they are wildly incomplete, IMAO.
{^_^}
----- Original Message -----
From: "Theo Van Dinter" <fe...@apache.org>
Re: URIDNSBL.pm improvements in 3.1?
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Raymond Dijkxhoorn wrote:
> Would it be possible to also include the JP SURBL list in 3.0.4 ?
> We get a lot of questions about that right now... Since we withdraw the
> data from WS some months ago now, in preparation of SA 3.1. Hopefully it
> can also be added in 3.0.4.
The JP SURBL list was added to the 3.0 branch two weeks ago.
Daryl
Re: URIDNSBL.pm improvements in 3.1?
Posted by Raymond Dijkxhoorn <ra...@prolocation.net>.
Hi Theo/Daryl!
> On Fri, Jun 03, 2005 at 03:14:41AM +0200, Raymond Dijkxhoorn wrote:
>> Would it be possible to also include the JP SURBL list in 3.0.4 ?
> The JP SURBL list was added to the 3.0 branch two weeks ago.
> Already done. ;)
Great!
Hopefully the score will be a little better then its now with the 3.1.
Its grown a lot since the last score run was done i think.
Bye,
Raymond.
Re: URIDNSBL.pm improvements in 3.1?
Posted by Theo Van Dinter <fe...@apache.org>.
On Fri, Jun 03, 2005 at 03:14:41AM +0200, Raymond Dijkxhoorn wrote:
> Would it be possible to also include the JP SURBL list in 3.0.4 ?
Already done. ;)
--
Randomly Generated Tagline:
Home Safety Tip #2: Don't fry bacon, when your naked.
Re: URIDNSBL.pm improvements in 3.1?
Posted by Raymond Dijkxhoorn <ra...@prolocation.net>.
Theo,
>> Is there any straightforward way to backport some of this goodness to
>> 3.0.x? I don't mind running the development snapshots at home but at
>> work I have to answer to a couple thousand users...
> We're working on getting 3.0.4 done, which has some backports for things like
> obfuscation and such. For instance, it'll handle the "newline in URL",
> ampersand in host, etc, stuff that's been getting through.
Would it be possible to also include the JP SURBL list in 3.0.4 ?
We get a lot of questions about that right now... Since we withdraw the
data from WS some months ago now, in preparation of SA 3.1. Hopefully it
can also be added in 3.0.4.
> That's all separate from the URIBL stuff, actually. 3.1 also has improvements
> for URIBL, such as getting the URIs out of a message in a priority ordering,
> etc.
Yes i am pretty happy with 3.1 so far, runs like a charm.
Bye.
Raymond.
Re: URIDNSBL.pm improvements in 3.1?
Posted by Theo Van Dinter <fe...@apache.org>.
On Thu, Jun 02, 2005 at 05:23:56PM -0700, Ben Poliakoff wrote:
> Is there any straightforward way to backport some of this goodness to
> 3.0.x? I don't mind running the development snapshots at home but at
> work I have to answer to a couple thousand users...
We're working on getting 3.0.4 done, which has some backports for things like
obfuscation and such. For instance, it'll handle the "newline in URL",
ampersand in host, etc, stuff that's been getting through.
That's all separate from the URIBL stuff, actually. 3.1 also has improvements
for URIBL, such as getting the URIs out of a message in a priority ordering,
etc.
--
Randomly Generated Tagline:
Isn't "shrimp on Barbie" a little kinky?