Re: [Declude.JunkMail] critique my global.cfg file with regards to blacklist use

[Scott Fisher]

You are duplicating effort and doubling the results here::
sbl-xbl.spamhaus.org contains the SBL, CBL, Blitzedall and subset of the 
NJABL data

http://www.spamhaus.org/xbl/index.lasso

BLITZEDALL  ip4r  opm.blitzed.org *  3 0
CBL   ip4r  cbl.abuseat.org 127.0.0.2 3 0
SBL   ip4r sbl-xbl.spamhaus.org*  3 0
NJABL   ip4r  dnsbl.njabl.org 127.0.0.2 3 0
NJABLFORMS   ip4r  dnsbl.njabl.org 127.0.0.8 2 0
NJABLPROXYS  ip4r  dnsbl.njabl.org 127.0.0.9 2 0
NJABLSOURCES ip4r  dnsbl.njabl.org 127.0.0.4 2 0


I certainly wouldn't weight these two tests the same:
You'll find lots of false positives on the suspicious test
MXRATE-BLOCK   ip4r   pub.mxrate.net  127.0.0.2  3 0 MXRATE-SUSPICIOUS 
ip4r   pub.mxrate.net  127.0.0.4  3 0


I'd be leary of the weights here:
This returns 25% spam, 75% ham here.

FIVETENOPTIN  ip4r  blackholes.five-ten-sg.com   127.0.0.4 2 0

75% spam, 25% ham for this one:

FIVETENIGNORE  ip4r  blackholes.five-ten-sg.com   127.0.0.7 2 0


these could be interesting additions:
UCEPROTECT-LEVEL1 ip4r dnsbl-1.uceprotect.net  *   yourweight  0
UCEPROTECT-LEVEL2- ip4r dnsbl-2.uceprotect.net  *   yourweight  0
WHOIS-BOGONS-DYNA ip4r combined-HIB.dnsiplists.completewhois.com 127.0.0.2 
yourweight  0
WHOIS-HIJACKED-DYNA ip4r combined-HIB.dnsiplists.completewhois.com 127.0.0.3 
yourweight  0
WHOIS-INVALID-DYNA ip4r combined-HIB.dnsiplists.completewhois.com 127.0.0.4 
yourweight  0


In general looking at your weighting,
I see very effective tests SBL, SPamcop, CBL with a weight of only one point 
more than less effective tests.
You didn't mention how much weight it takes for your subject 
tag/hold/delete, so it's hard to comment on the weights.
I have the SBL  CBL at 100% of my subject tag weight and Spamcop at 70% of 
my subject tage weight.


blackholes.intersil.net has a very low hit rate. Is it worth running?


- Original Message - 
From: Travis Sullivan [EMAIL PROTECTED]

To: Declude.JunkMail@declude.com
Sent: Tuesday, September 20, 2005 6:51 PM
Subject: [Declude.JunkMail] critique my global.cfg file with regards to 
blacklist use




DSBL   ip4r  list.dsbl.org *  3 0
ORDB   ip4r  relays.ordb.org *  3 0
SPAMCOP   ip4r  bl.spamcop.net 127.0.0.2 3 0
SERVICESNET  ip4r  korea.services.net*  3 0
ORID   ip4r  dnsbl.antispam.or.id127.0.0.2  3 0
FABELSOURCES  ip4r  spamsources.fabel.dk127.0.0.2 3 0
AHBL   ip4r  dnsbl.ahbl.org *  3 0
BLITZEDALL  ip4r  opm.blitzed.org *  3 0
CBL   ip4r  cbl.abuseat.org 127.0.0.2 3 0
SBL   ip4r sbl-xbl.spamhaus.org*  3 0
NJABL   ip4r  dnsbl.njabl.org 127.0.0.2 3 0
NJABLDUL   ip4r  combined.njabl.org127.0.0.3 3 0
NJABLFORMS   ip4r  dnsbl.njabl.org 127.0.0.8 2 0
NJABLPROXYS  ip4r  dnsbl.njabl.org 127.0.0.9 2 0
NJABLSOURCES ip4r  dnsbl.njabl.org 127.0.0.4 2 0
SORBS-HTTP  ip4r  dnsbl.sorbs.net 127.0.0.2 2 0
SORBS-SOCKS  ip4r  dnsbl.sorbs.net 127.0.0.3 2 0
SORBS-MISC  ip4r  dnsbl.sorbs.net 127.0.0.4 2 0
SORBS-SMTP  ip4r  dnsbl.sorbs.net 127.0.0.5 2 0
SORBS-SPAM  ip4r  dnsbl.sorbs.net 127.0.0.6 2 0
SORBS-WEB  ip4r  dnsbl.sorbs.net 127.0.0.7 2 0
SORBS-BLOCK  ip4r  dnsbl.sorbs.net 127.0.0.8 2 0
SORBS-ZOMBIE  ip4r  dnsbl.sorbs.net 127.0.0.9 2 0
SORBS-DUHL  ip4r  dnsbl.sorbs.net 127.0.0.10 2 0
FIVETENDUL  ip4r  blackholes.five-ten-sg.com   127.0.0.3 2 0
FIVETENFREE  ip4r  blackholes.five-ten-sg.com   127.0.0.12 2 0
FIVETENIGNORE  ip4r  blackholes.five-ten-sg.com   127.0.0.7 2 0
FIVETENKLEZ  ip4r  blackholes.five-ten-sg.com   127.0.0.10 2 0
FIVETENMULTI  ip4r  blackholes.five-ten-sg.com   127.0.0.5 2 0
FIVETENOPTIN  ip4r  blackholes.five-ten-sg.com   127.0.0.4 2 0
FIVETENOTHER  ip4r  blackholes.five-ten-sg.com   127.0.0.9 2 0
FIVETENSINGLE  ip4r  blackholes.five-ten-sg.com   127.0.0.6 2 0
FIVETENSRC  ip4r  blackholes.five-ten-sg.com   127.0.0.2 2 0
FIVETENTCPA  ip4r  blackholes.five-ten-sg.com   127.0.0.11 2 0
FIVETENWEBFORM  ip4r  blackholes.five-ten-sg.com   127.0.0.8 2 0

CSMA-SBL   ip4r   sbl.csma.biz  127.0.0.2  2 0 JAMMDNSBL   ip4r 
dnsbl.jammconsulting.com127.0.0.2  2 0 INTERSIL   ip4r 
blackholes.intersil.net 127.0.0.2  2 0 MXRATE-BLOCK   ip4r 
pub.mxrate.net  127.0.0.2  3 0 MXRATE-SUSPICIOUS  ip4r 
pub.mxrate.net  127.0.0.4  3 0 SPAMBAG   ip4r   blacklist.spambag.org 
127.0.0.2  2 0

DSN   rhsbl  dsn.rfc-ignorant.org127.0.0.2 3 0
NOABUSE   rhsbl  abuse.rfc-ignorant.org127.0.0.4 1 0
NOPOSTMASTER  rhsbl  postmaster.rfc-ignorant.org   127.0.0.3 1 0
BOGUSMX   rhsbl  bogusmx.rfc-ignorant.org   127.0.0.8 3 0
DNSILLEGAL  rhsbl  in.dnsbl.org 127.0.0.5 3 0
DNSFRAUD  rhsbl  in.dnsbl.org 127.0.0.3 3 0
DNSMAILLIST  rhsbl  in.dnsbl.org 127.0.0.6 3 0
DNSPROMO  rhsbl  in.dnsbl.org 127.0.0.4 3 0
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found

Re: [Declude.JunkMail] critique my global.cfg file with regards to blacklist use

[Travis Sullivan]

Thank you so much Scott for taking the time with my global.cfg file.  Your 
help/advise was very appreciated.


Travis 


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] critique my global.cfg file with regards to blacklist use

[Travis Sullivan]

DSBL   ip4r  list.dsbl.org *  3 0
ORDB   ip4r  relays.ordb.org *  3 0
SPAMCOP   ip4r  bl.spamcop.net 127.0.0.2 3 0
SERVICESNET  ip4r  korea.services.net*  3 0
ORID   ip4r  dnsbl.antispam.or.id127.0.0.2  3 0
FABELSOURCES  ip4r  spamsources.fabel.dk127.0.0.2 3 0
AHBL   ip4r  dnsbl.ahbl.org *  3 0
BLITZEDALL  ip4r  opm.blitzed.org *  3 0
CBL   ip4r  cbl.abuseat.org 127.0.0.2 3 0
SBL   ip4r sbl-xbl.spamhaus.org*  3 0
NJABL   ip4r  dnsbl.njabl.org 127.0.0.2 3 0
NJABLDUL   ip4r  combined.njabl.org127.0.0.3 3 0
NJABLFORMS   ip4r  dnsbl.njabl.org 127.0.0.8 2 0
NJABLPROXYS  ip4r  dnsbl.njabl.org 127.0.0.9 2 0
NJABLSOURCES ip4r  dnsbl.njabl.org 127.0.0.4 2 0
SORBS-HTTP  ip4r  dnsbl.sorbs.net 127.0.0.2 2 0
SORBS-SOCKS  ip4r  dnsbl.sorbs.net 127.0.0.3 2 0
SORBS-MISC  ip4r  dnsbl.sorbs.net 127.0.0.4 2 0
SORBS-SMTP  ip4r  dnsbl.sorbs.net 127.0.0.5 2 0
SORBS-SPAM  ip4r  dnsbl.sorbs.net 127.0.0.6 2 0
SORBS-WEB  ip4r  dnsbl.sorbs.net 127.0.0.7 2 0
SORBS-BLOCK  ip4r  dnsbl.sorbs.net 127.0.0.8 2 0
SORBS-ZOMBIE  ip4r  dnsbl.sorbs.net 127.0.0.9 2 0
SORBS-DUHL  ip4r  dnsbl.sorbs.net 127.0.0.10 2 0
FIVETENDUL  ip4r  blackholes.five-ten-sg.com   127.0.0.3 2 0
FIVETENFREE  ip4r  blackholes.five-ten-sg.com   127.0.0.12 2 0
FIVETENIGNORE  ip4r  blackholes.five-ten-sg.com   127.0.0.7 2 0
FIVETENKLEZ  ip4r  blackholes.five-ten-sg.com   127.0.0.10 2 0
FIVETENMULTI  ip4r  blackholes.five-ten-sg.com   127.0.0.5 2 0
FIVETENOPTIN  ip4r  blackholes.five-ten-sg.com   127.0.0.4 2 0
FIVETENOTHER  ip4r  blackholes.five-ten-sg.com   127.0.0.9 2 0
FIVETENSINGLE  ip4r  blackholes.five-ten-sg.com   127.0.0.6 2 0
FIVETENSRC  ip4r  blackholes.five-ten-sg.com   127.0.0.2 2 0
FIVETENTCPA  ip4r  blackholes.five-ten-sg.com   127.0.0.11 2 0
FIVETENWEBFORM  ip4r  blackholes.five-ten-sg.com   127.0.0.8 2 0

CSMA-SBL   ip4r   sbl.csma.biz  127.0.0.2  2 0 
JAMMDNSBL   ip4r   dnsbl.jammconsulting.com127.0.0.2  2 0 
INTERSIL   ip4r   blackholes.intersil.net 127.0.0.2  2 0 
MXRATE-BLOCK   ip4r   pub.mxrate.net  127.0.0.2  3 0 
MXRATE-SUSPICIOUS  ip4r   pub.mxrate.net  127.0.0.4  3 0 
SPAMBAG   ip4r   blacklist.spambag.org 127.0.0.2  2 0 


DSN   rhsbl  dsn.rfc-ignorant.org127.0.0.2 3 0
NOABUSE   rhsbl  abuse.rfc-ignorant.org127.0.0.4 1 0
NOPOSTMASTER  rhsbl  postmaster.rfc-ignorant.org   127.0.0.3 1 0
BOGUSMX   rhsbl  bogusmx.rfc-ignorant.org   127.0.0.8 3 0
DNSILLEGAL  rhsbl  in.dnsbl.org 127.0.0.5 3 0
DNSFRAUD  rhsbl  in.dnsbl.org 127.0.0.3 3 0
DNSMAILLIST  rhsbl  in.dnsbl.org 127.0.0.6 3 0
DNSPROMO  rhsbl  in.dnsbl.org 127.0.0.4 3 0
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.