You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Fabien GARZIANO <fa...@caliseo.com> on 2006/10/02 14:39:02 UTC
Problem with URIBL rules : false positive and not listed while mannually checking
Hi folks,
I'm getting strange result with my URIBL_* rules. I get some messages
where theses rules score but I dont get no listing when I manually check
with tools like http://www.rulesemporium.com/cgi-bin/uribl.cgi
For example, I got a mail from one of our providers : westcon.fr (or
weston.com). They provide us with nortel products (nortel.com or
nortelnetworks.com). There Email contains 4 different uri (I dont list
here the 'mailto:') :
http://www.westcon.fr/
www.voicepoint.westcon.com
https://app12.nortelnetworks.com/ ...
www.nortel.com/spq-ppq
I've tried each but I got 'not listed in multi.surbl.org and
multi.surbl.com.
Here's the score and detail from spamassassin :
X-caliseo-MailScanner-SpamCheck: polluriel, SpamAssassin
(score=6.133,
requis 5.8, BAYES_00 -2.60, NO_REAL_NAME 0.01, URIBL_JP_SURBL
2.46,
URIBL_PH_SURBL 2.00, URIBL_SC_SURBL 4.26)
Well ... If anyone experienced the same, or know if I can check with
another tool ?
Is there a way to know which uri was the one which trigger that score ?
--
Fab
Re: Problem with URIBL rules : false positive and not listed while
mannually checking
Posted by Matt Kettler <mk...@verizon.net>.
Fabien GARZIANO wrote:
> I've tried each but I got 'not listed in multi.surbl.org and
> multi.surbl.com.
> Here's the score and detail from spamassassin :
> X-caliseo-MailScanner-SpamCheck: polluriel, SpamAssassin
> (score=6.133,
> requis 5.8, BAYES_00 -2.60, NO_REAL_NAME 0.01, URIBL_JP_SURBL
> 2.46,
> URIBL_PH_SURBL 2.00, URIBL_SC_SURBL 4.26)
>
> Well ... If anyone experienced the same, or know if I can check with
> another tool ?
>
The *best* way, would be to check with SpamAssassin itself. Save the
message off and feed it into spamassassin -t <message.txt.
SA's normal report, unlike the header-only report MailScanner makes,
should tell you which URI matched the message.
Perhaps there's a URI that SA is checking that you've not noticed, or
didn't realize SA would pull out.
Re: Problem with URIBL rules : false positive and not listed while mannually checking
Posted by Jeff Chan <je...@surbl.org>.
On Monday, October 2, 2006, 5:39:02 AM, Fabien GARZIANO wrote:
> I'm getting strange result with my URIBL_* rules. I get some messages
> where theses rules score but I dont get no listing when I manually check
> with tools like http://www.rulesemporium.com/cgi-bin/uribl.cgi
> For example, I got a mail from one of our providers : westcon.fr (or
> weston.com). They provide us with nortel products (nortel.com or
> nortelnetworks.com). There Email contains 4 different uri (I dont list
> here the 'mailto:') :
> http://www.westcon.fr/
> www.voicepoint.westcon.com
> https://app12.nortelnetworks.com/ ...
> www.nortel.com/spq-ppq
> I've tried each but I got 'not listed in multi.surbl.org and
> multi.surbl.com.
> Here's the score and detail from spamassassin :
> X-caliseo-MailScanner-SpamCheck: polluriel, SpamAssassin
> (score=6.133,
> requis 5.8, BAYES_00 -2.60, NO_REAL_NAME 0.01, URIBL_JP_SURBL
> 2.46,
> URIBL_PH_SURBL 2.00, URIBL_SC_SURBL 4.26)
What version of SpamAssassin are you running? Versions before
3.1 have an infrequent DNS query bug:
http://bugzilla.spamassassin.org/show_bug.cgi?id=3997
Another possibility is that there is a DNS proxy or DNS
modification service like OpenDNS changing the DNS results in a
way that's not compatible with SURBL applications:
http://www.surbl.org/faq.html#opendns
In any case, none of the domains mentioned are blacklisted, so
there is a problem with your SpamAssassin or DNS.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/