Re: [SURBL-Discuss] RFC: consensus list?

[Jeff Chan]

On Saturday, November 13, 2004, 9:23:34 AM, Frank Ellermann wrote:
> Jeff Chan wrote:

> That's probably too KISS for you, and if you'd add the not
> yet used 7th multi bit it would result in 7 over 3 (any 3
> out of 7) combinations, 99 result codes if I got it right.
> (35 + 35 + 21 + 7 + 1 = 99, is that correct ?)

> Apparently SA already supports Ryan's idea, and then you
> don't need it.  But if you have more complex rules to get
> an "optimal" proper subset of all multi result codes, then
> you could (ab)use bit 0 to mark it.

> Or in other words, any odd N in 127.0.0.N would be optimal.
> And 127.0.0.1 would be still protected (= never returned).

An interesting idea.  IIRC you may have suggested it earlier,
but I didn't see the value at the time.  However, see below.

>> without explicitly creating new, combined lists.

> Yes, that's unnecessary.  Unless you have more than one
> definition of "optimal".  Bit 0 can only handle one "rule",
> i.e. any combination of AND / OR / NOT multi bits you like.

Actually it may be necessary to create some new lists,
partly depending on whether the application can combine
individual lists by itself.  SpamAssassin apparently can,
sort of.  Others may not be able to.  Simple MTA code may
not be able to.

And I just realized a major flaw in my suggestion to try
127.0.0.84 as a single list: Combinations of specific lists
like this are exclusive.  If a list has exactly JP + OB + WS
like this, then it will NOT have any JP + OB + WS + SC, or any
JP + OB + WS + AB, etc.  That kind of combination needs to be
done by creating a new list on the data side, or special
processing in the application. 

So disregard my earlier request for testing these intersected
lists using those numbers in urirhsbl, etc.  I will create some
temporary test lists in the second or third octet of multi to
test on corpora instead.

Jeff C.
--
"If it appears in hams, then don't list it."

Re: Sensible way to use SpamCop reporting?

[Bob Proulx]

Nix wrote:
> On Fri, 12 Nov 2004, Larry stipulated:
> > You could comment out the "spamcop_to_address" in your configuration
> > file.  Then SA will report to the "generic" spamcop address.  Your
> > reports won't be given as much weight (whatever that means) but you
> > won't get the confirmation emails either.
> 
> ... and you won't have to dive around a webform confirming every single
> one by hand?
> 
> Excellent.

I think a better way to describe it is the other way around.  Normally
'spamassassin -r' reports go to spamcop anonymously.  But if you set
spamcop_submission_address then it will use your spamcop account.

  SpamCop reports will have greater effect if you register and set the
  "spamcop_submission_address" option.

Using your account will mean that all of the spamcop rules apply.
That means you need to confirm your spamcop submissions.  But then
they have more weight than anonymous reports.

I also have a spamcop account.  But I only review my caught spam
periodically and often too late for useful reporting to spamcop.
Therefore I don't set the reporting address.  I manually report spam
that slipped through spamassassin as soon as I see it enter my normal
mailbox.  The spam that that is hard to catch needs the RBLs the
most.

Bob

Re: Sensible way to use SpamCop reporting?

[Nix]

On Fri, 12 Nov 2004, Larry stipulated:
> You could comment out the "spamcop_to_address" in your configuration
> file.  Then SA will report to the "generic" spamcop address.  Your
> reports won't be given as much weight (whatever that means) but you
> won't get the confirmation emails either.

... and you won't have to dive around a webform confirming every single
one by hand?

Excellent.

-- 
`Random line noise picked up from an RS432 cable hung in front of a faulty
 radar transmitter. ' --- Greg Hennessy on sendmail.cf

RE: spamassassin and web based mail !

[Peter P. Benac]

You could stand over their shoulders?  

I really doubt that any real spammer will use a cybercafé to send spam.
These idiots use software that generate messages and send them thru any open
relay they can find.  Just because the reply to address says hotmail.com or
yahoo.com doesn't necessarily mean the message originated at Yahoo or
Hotmail.

Short of standing over their shoulders you would need a customized version
of SurfControl or WebSense that did what SpamAssassin does on mail
originating or terminating on a mail sever.  In other words you'd have to
inspect every packet going out of your business and attempt to filter out
what might be a spam source.

All I can say is Good Luck with that.  Programs like SurfControl and
WebSense filter on source and destination IP addresses and hostnames. You
need something that goes deeper into a TCP/UDP packet.

Regards,
Pete

Peter P. Benac, CCNA
Celtic Spirit Network Solutions
Providing Network and Systems Project Management and Installation and Web
Hosting.
Phone: 919-618-2557
Web: http://www.emacolet.com
Need quick reliable Systems or Network Management advice visit
http://www.nmsusers.org

To have principles...
 First have courage.. With principles comes integrity!!!



-Original Message-
From: Cigan Segun [mailto:[EMAIL PROTECTED] 
Sent: Saturday, November 13, 2004 3:41 PM
To: users@spamassassin.apache.org
Subject: Re: spamassassin and web based mail !


Thank you everybody.

My office runs a cybercafe. Customers are only allowed to use web based mail
like yahoo, hotmail, excite, etc and NOT outlook express or any other mail
clients.

The problem: what can I do to check all their mails in order to stop the
ones that are spams?

Thank you all, once again.
Cigan.





ALL-NEW Yahoo! Messenger - all new features - even more fun! 

Re: spamassassin and web based mail !

[Cigan Segun]

Thank you everybody.
 
My office runs a cybercafe. Customers are only allowed to use web based mail like yahoo, hotmail, excite, etc and NOT outlook express or any other mail clients.
 
The problem: what can I do to check all their mails in order to stop the ones that are spams?
 
Thank you all, once again.
Cigan.
 
 
 
		 ALL-NEW 
Yahoo! Messenger 
- all new features - even more fun! 
 

body_test redefined at /usr/local/share/spamassassin/20_phrases.cf

[Vicki Brown]

I'm getting this error in the spamd logfile:

2004-11-13 18:33:43 [54661] i: Subroutine COPY_ACCURATELY_body_test redefined
at
 /usr/local/share/spamassassin/20_phrases.cf, rule COPY_ACCURATELY, line 10,
 line 85.

I have upgraded to SA 3.0.1
spamd is running as
spamd -d -c

/etc/mail/spamassassin/local.cf contains

allow_user_rules 1

my user prefs file contains
use_terse_report1
ok_languagesen
report_safe 0


what problems should I be looking for?
-- 
Vicki Brown ZZZJourneyman Sourceror:
SF Bay Area, CAzz  |\ _,,,---,,_  Scripts & Philtres
http://www.cfcl.com zz /,`.-'`'-.  ;-;;,_Code, Doc, Process, QA
http://cfcl.com/vlb   |,4-  ) )-,_. ,\ ( `'-'Perl, Unix, Mac OS X, WWW
 '---''(_/--'  `-'\_)  ___

Insecure dependency in eval while running setuid

[Vicki Brown]

I'm getting this error in the spamd logfile:

2004-11-13 17:32:05 [54661] i: processing message
<3698158.1100366389516.JavaMai
[EMAIL PROTECTED]> for vlb:1001.
2004-11-13 17:32:05 [54661] i: error: Insecure dependency in eval while
running
setuid at
/usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm
 line 1669,  line 37._ No such file or directory, continuing

I have upgraded to SA 3.0.1
spamd is running as
spamd -d -c

/etc/mail/spamassassin/local.cf contains

allow_user_rules 1

my user prefs file contains
use_terse_report1
ok_languagesen
report_safe 0


what problems should I be looking for?
-- 
Vicki Brown ZZZJourneyman Sourceror:
SF Bay Area, CAzz  |\ _,,,---,,_  Scripts & Philtres
http://www.cfcl.com zz /,`.-'`'-.  ;-;;,_Code, Doc, Process, QA
http://cfcl.com/vlb   |,4-  ) )-,_. ,\ ( `'-'Perl, Unix, Mac OS X, WWW
 '---''(_/--'  `-'\_)  ___

Message is checked but not marked

[Vicki Brown]

I have upgraded to SA 3.0.1
spamd is running as
spamd -d -c

/etc/mail/spamassassin/local.cf contains

allow_user_rules 1

my user prefs file contains
use_terse_report1
ok_languagesen
report_safe 0

According to my Procmail log, the message in question message went through SA.

procmail: Executing "/usr/local/bin/spamc,-s,256000,-t,60"
procmail: [14951] Sat Nov 13 00:55:49 2004


Yet it has no headers added.

I read perldoc Mail::SpamAssassin::Conf
I am not actively removing headers.
I should see X-Spam-Level, X-Spam-Status and X-Spam-Checker-Version yet I do
not.

Can someone suggest what I might be doing wrong or where to look?

 Received: from 24.221.172.174 ([61.109.80.34])
by cfcl.com (8.12.6/8.12.6) with SMTP id iAD8safC014888;
Sat, 13 Nov 2004 00:54:43 -0800 (PST)
(envelope-from [EMAIL PROTECTED])
 From: "Wilfred Oneill" <[EMAIL PROTECTED]>
 Reply-To: "Wilfred Oneill" <[EMAIL PROTECTED]>
 To: [EMAIL PROTECTED]
 Subject: Re: Fioricet, Soma, Buspar, Prozac, and more Prescribed Online and
Shipped to Your Door [NoSpam-OK]
 Message-ID: <[EMAIL PROTECTED]>
 Date: Sat, 13 Nov 2004 12:39:33 +0400
 MIME-Version: 1.0
 Content-Type: multipart/related;
boundary="--279549920567187"
 X-UIDL: OD8"!/Hn"!I1f"!c4~"!

 
 
 DO NOT MISS  YOUR OPPORTUNITY TO BUY THE MEDICATIONS FOR
THE CHEAPEST  PRICES!!!

-- 
Vicki Brown ZZZJourneyman Sourceror:
SF Bay Area, CAzz  |\ _,,,---,,_  Scripts & Philtres
http://www.cfcl.com zz /,`.-'`'-.  ;-;;,_Code, Doc, Process, QA
http://cfcl.com/vlb   |,4-  ) )-,_. ,\ ( `'-'Perl, Unix, Mac OS X, WWW
 '---''(_/--'  `-'\_)  ___

bayes db version 2 is not able to be used, aborting!

[Vicki Brown]

I have upgraded to SA 3.0.1
I read the upgrading document
I built the new SA, ran the tests, turned off the old spamd,  the (old)
sa-learn --rebuild
installed SA 3.0.1, ran the (new) sa-learn --sync and got this:

Argument "RBL" isn't numeric in addition (+) at
/usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf.pm line 244.
Argument "RBL" isn't numeric in addition (+) at
/usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf.pm line 244.
Argument "RBL" isn't numeric in addition (+) at
/usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf.pm line 244.
Argument "RBL" isn't numeric in addition (+) at
/usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf.pm line 244.
bayes: bayes db version 2 is not able to be used, aborting! at
/usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/BayesStore/DBM.pm line
160.

sa-learn --dump -D said
...
debug: bayes: found bayes db version 2
bayes: bayes db version 2 is not able to be used, aborting! at
/usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/BayesStore/DBM.pm line
160.
ERROR: Bayes dump returned an error, please re-run with -D for more
information

Um... what's bayes db version 2, why do I have it, how do I fix it?
what happened?
-- 
Vicki Brown ZZZJourneyman Sourceror:
SF Bay Area, CAzz  |\ _,,,---,,_  Scripts & Philtres
http://www.cfcl.com zz /,`.-'`'-.  ;-;;,_Code, Doc, Process, QA
http://cfcl.com/vlb   |,4-  ) )-,_. ,\ ( `'-'Perl, Unix, Mac OS X, WWW
 '---''(_/--'  `-'\_)  ___

Re: Spamd going nuts - spawning heaps of children

[Bob Apthorpe]

Hi,
Justin Mason wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
there's been a few reports of this, but we're really mystified.
A test case would help, but it doesn't seem easily reproducable
for anyone :(
- --j.
You could add a fragment like this to spamd (introducing a dependency on
Proc::ProcessTable)
--
use Proc::ProcessTable;
my $MEMLIMIT = 64 * 1024 * 1024;
my $mypid = $$;
my $t = Proc::ProcessTable->new;
my $isbloaty = 0;
# print join("\n", $t->fields), "\n";
scantable:
foreach my $p (@{$t->table}) {
if ($p->pid == $mypid) {
#print $p->size, "\n", $p->rss, "\n";
if ($p->size > $MEMLIMIT) {
$isbloaty = 1;
}
last scantable:
}
}
if ($isbloaty) {
# terminate child
}
--
or use it as a basis for an external 'nanny' script to kill bloated spamd's:
--
use Proc::ProcessTable;
my $MEMLIMIT = 64 * 1024 * 1024;
my $t = Proc::ProcessTable->new;
# print join("\n", $t->fields), "\n";
foreach my $p (@{$t->table}) {
if ($p->cmndline =~ /\bspamd\b/) {
if ($p->size > $MEMLIMIT) {
# whack bloaty spamd
}
}
}
# add some sanity checking to find out if you've killed all spamd
# processes and restart spamd if it was running in the first place
# (don't start spamd if it wasn't running)
--
The upside is that 'nanny' scripts make an operator's life easier and
give engineering some breathing room to fix problems as well as gather
environmental data and log restarts to provide clues to the problem. The
downside is you run the risk of never actually solving the underlying
problem and shifting responsibility away from engineering to operations.
I hate nanny scripts because they're laced with subtle logic traps and
they can mask problems if people aren't committed to fixing the code.
Sadly, they're often essential when dealing with commercial software and
lazy/slow/insular/stupid vendors.
-- Bob

Re: {02.8} Re:spamassassin and web based mails !

[NM Public]

On 12 Nov 2004 Cigan Segun ([EMAIL PROTECTED]) wrote:
To be specific on my question, I want to be able to scan all messages
or mails sent to & fro using yahoo or hotmail or any of these known web
based addresses!
I do not have a mail server in my local network yet.
We all use web based mails.

Can you tell us what web-based mail program the people in your 
company use? The answer will depend on this.

NM
--
Infinite Ink: 
Reverse Spam Filtering: 
Procmail Quick Start: 
IMAP Service Providers: 

Re: [SURBL-Discuss] RFC: consensus list?

[Jeff Chan]

On Saturday, November 13, 2004, 12:14:24 AM, Jeff Chan wrote:
> And I have another technique I can use here:  Take the lists
> and permutations of lists then see what percentage of each of
> those hit DNS queries matching blocklists in general.  Recall
> that we now have statistics about whitelist, blocklist and
> unmatched DNS queries sampled from a DNS server.  That means
> we can estimate spam detection rates by lists and permutations
> of lists purely based on SURBL DNS hits.

> This is not as good as proper corpus checks, since our
> blocklist hits may include some FPs, but it does give some
> indication of the general spam detection rates of the lists
> or their permutations.  The best of those results could then
> be checked against hand-checked corpora with some confidence
> that we're at least checking the most promising ones.

OK as advertised, here are some results of looking at the
intersections of different lists and seeing how many of
the blocklist DNS queries they are responsible for:

[sc][ws][ob][jp] 767 records of 82587  68084 hits of 232031 is 29%
[sc][ws][ob] 861 records of 82587  68296 hits of 232031 is 29%
[sc][ws][jp] 904 records of 82587  71545 hits of 232031 is 30%
[sc][ws]1068 records of 82587  72565 hits of 232031 is 31%
[sc][ob][jp] 793 records of 82587  70468 hits of 232031 is 30%
[sc][ob] 920 records of 82587  71218 hits of 232031 is 30%
[sc][jp] 939 records of 82587  73947 hits of 232031 is 31%
[sc]1197 records of 82587  76438 hits of 232031 is 32%
[ws][ob][jp]   16381 records of 82587 144955 hits of 232031 is 62%
[ws][ob]   21788 records of 82587 150104 hits of 232031 is 64%
[ws][jp]   33123 records of 82587 186359 hits of 232031 is 80%
[ws]   58465 records of 82587 209344 hits of 232031 is 90%
[ob][jp]   17143 records of 82587 150525 hits of 232031 is 64%
[ob]   44630 records of 82587 167906 hits of 232031 is 72%
[jp]   34669 records of 82587 195783 hits of 232031 is 84%

This is for 10 days of queries, with 10,000 sampled every 2
hours.  It undercounts the SC hits since those have an
inherent time period of 3 days, not 10.  The results for
SC would be higher when looking at shorter time periods
such as 3 days.

Probably the most useful ones to test further, for example
against hand-built corpora, would be:

[ws][ob][jp]   16381 records of 82587 144955 hits of 232031 is 62%
[ws][ob]   21788 records of 82587 150104 hits of 232031 is 64%
[ws][jp]   33123 records of 82587 186359 hits of 232031 is 80%
[ob][jp]   17143 records of 82587 150525 hits of 232031 is 64%

[ws][ob][jp]  is  127.0.0.84
[ws][ob]  is  127.0.0.20
[ws][jp]  is  127.0.0.68
[ob][jp]  is  127.0.0.80

Theo, Daniel and other SA mass-checkers, would you please
consider testing these using urirhsbl to find the results for
these as intersections (instead of the usual individual lists
with urirhssub)?

We'd be particularly interested to see if any of these
intersections have unusually low FP rates.

Jeff C.
--
"If it appears in hams, then don't list it."

Re: [SURBL-Discuss] RFC: consensus list?

[Jeff Chan]

On Friday, November 12, 2004, 7:07:29 AM, Frank Ellermann wrote:
> See Ryan's answer, it's easy to do interesting stuff
> with the multi bits, multi was a good idea.  If you
> want to simplify it set bit 1 if 3 or more other bits
> are set, examples:

127.0.0.6   =>> 127.0.0.6   (2 or less bits unchanged)
127.0.0.100 =>> 127.0.0.101 (64+32+4 => 64+32+4+1)
127.0.0.14  =>> 127.0.0.15  (8+4+2 => 8+4+2+1)

LOL!  I didn't think of that!  If you take multi and feed it into
urirhsbl or the non-bitmasked version of SpamCopURI and use
numerical values like: 

  127.0.0.100

Then you can find URIs that appear on JP, AB and WS, etc.

  http://www.surbl.org/lists.html#multi

2 = comes from sc.surbl.org
4 = comes from ws.surbl.org
8 = comes from phishing data source (labelled as [ph] in multi)
16 = comes from ob.surbl.org
32 = comes from ab.surbl.org
64 = comes from jp data source (labelled as [jp] in multi)

So simple "and" combinations like this can already be done and
tested without explicitly creating new, combined lists.

SC + AB + WS + OB + JP would be 127.0.0.118
SC + WS + OB + JP  would be 127.0.0.86
SC + OB + JP   would be 127.0.0.82

etc.  Would someone care to run some of these combinations
through their corpus tests?

Jeff C.
--
"If it appears in hams, then don't list it."

RE: spamassassin and web based mails !

[Peter P. Benac]

Cigan,

  What you want is what was mentioned here before.   WebSense or
SurfControl will and can prevent people from using Web Based mail products
like Hotmail, or Yahoo.  Filtering their mail is not going to work.  If they
are using Yahoo or Hotmail for business then they need to directed to use
your companies e-mail.  If they are using Yahoo and/or Hotmail to send spam
then they are doing so on company time and therefore not doing their jobs. 

 Cruel as that sounded it's reality.  Using a businesses bandwidth to
even potentially sending spam is a thief of services.

Regards,

Peter P. Benac, CCNA
Celtic Spirit Network Solutions
Providing Network and Systems Project Management and Installation and Web
Hosting.
Phone: 919-618-2557
Web: http://www.emacolet.com
Need quick reliable Systems or Network Management advice visit
http://www.nmsusers.org

To have principles...
 First have courage.. With principles comes integrity!!!



-Original Message-
From: Cigan Segun [mailto:[EMAIL PROTECTED] 
Sent: Friday, November 12, 2004 4:16 PM
To: users@spamassassin.apache.org
Subject: Re:spamassassin and web based mails !


Hello, 
I indeed praise you for your quick response to my question.
To be specific on my question, I want to be able to scan all messages 
or mails sent to & fro using yahoo or hotmail or any of these known web 
based addresses!

What are the tools? 
Can spamassasin do that? How can I go about configuring such tools?

I do not have a mail server in my local network yet.
We all use web based mails.

Thanks once again.
Cigan_ng.



Moving house? Beach bar in Thailand? New Wardrobe? Win £10k with Yahoo! Mail
to make your dream a reality.

Merging bayes files

[Edesio Costa e Silva]

Hi!

Sorry if thist is FAQ. I checked but I may missed it.

I have two machines, each one running spamassassin on a different
e-mail. One of them is now pretty trained. Is it possible to merge the
bayes files from both machines?

Thanks,

Edésio

Re[2]: spamassassin and web based mails !

[Robert Menschel]

Hello Cigan,

Friday, November 12, 2004, 1:15:57 PM, you wrote:

CS> To be specific on my question, I want to be able to scan all
CS> messages or mails sent to & fro using yahoo or hotmail or any of
CS> these known web based addresses!  
 
CS> What are the tools? 
CS> Can spamassasin do that? How can I go about configuring such
CS> tools?

To use SpamAssassin, you need to have the emails pass through a server
that runs SpamAssassin.  You don't have such a server yet, and
apparently you are not prepared to use one.

One option you can use:  Buy a domain name for your company if you
don't already have one, and establish a small web site on an
inexpensive shared virtual server (until you're ready to do more than
that), taking care to use one that supports SpamAssassin.

You can continue using webmail to access your emails, but instead of
using Yahoo, Hotmail, Mail.com, etc., you'd be connecting to webmail
at yourdomain.com (or perhaps yourdomain.co.uk if that's your
preference).

You could also use POP3 and/or IMAP to access your emails, if you so
choose, and your web/mail host supports them.

I support three domains which have done just that -- the domains run
on shared virtual hosting machines, and each domain has its own access
to SpamAssassin. It works extremely well for us, for under $200/yr
(per domain).

My host might be suitable for you, and I'll be glad to share contact
information off-list if you're interested. The company that hosts the
Rules Emporium web site can also provide this service, I believe, and
probably with more SpamAssassin support than does my host.

Bob Menschel

Re: despamassassining

[David Brodbeck]

Matt Kettler wrote:
At 04:45 AM 11/12/2004, Hanspeter Roth wrote:
> Besides adjusting your administrator with a clue-by-four, you can 
run it
> through spamassassin --remove-markup

I don't know what you mean by 'clue-by-four'. I try to contact the
admin. But he might have some reason for his setting.

Translation: "Besides beating some sense into your administrator with 
a piece of 2x4 lumber" although the use of  the phrase 
"clue-by-four" implies a considerable amount of tongue-in-cheek humor 
that is a bit lost in the translation.
Sucker rod can also be quite effective.  (See the "SECURITY THREATS" 
section of the Linux sysklogd(8) manpage for details.) ;)

Re: [SURBL-Announce] fraud.rhs.mailpolice.com phishing data added to ph SURBL

[Jeff Chan]

On Thursday, November 11, 2004, 10:35:02 PM, Jeff Chan wrote:
> As of 12 November 2004, we have added data from
> fraud.rhs.mailpolice.com into ph, joining our exiting phishing
> data from mailsecurity.net.au.

I should add, this means if you were testing
fraud.rhs.mailpolice.com as a separate list, as in SA 2.63 or
2.64 with SpamCopURI:

uri   MP_URI_RBL
eval:check_spamcop_uri_rbl('fraud.rhs.mailpolice.com','127.0.0.2')
describe  MP_URI_RBL URI's domain appears in MailPolice fraud list
tflagsMP_URI_RBL net
score MP_URI_RBL 2.0

or SpamAssassin 3.0.0:

urirhsbl URIBL_MP fraud.rhs.mailpolice.com.   A
header   URIBL_MP eval:check_uridnsbl('URIBL_MP')
describe URIBL_MP URI's domain appears in MailPolice fraud list
tflags   URIBL_MP net
scoreURIBL_MP 2.0

or SpamAssassin 3.0.1:

urirhsbl URIBL_MP fraud.rhs.mailpolice.com.   A
body URIBL_MP eval:check_uridnsbl('URIBL_MP')
describe URIBL_MP URI's domain appears in MailPolice fraud list
tflags   URIBL_MP net
scoreURIBL_MP 2.0

Then you should remove or disable the above rule as redundant if you
are also using ph in multi.surbl.org, which SpamAssassin 3.0.0
and 3.0.1 do *by default*:

  http://spamassassin.apache.org/full/3.0.x/dist/rules/25_uribl.cf

urirhssub   URIBL_PH_SURBL  multi.surbl.org.A   8
bodyURIBL_PH_SURBL  eval:check_uridnsbl('URIBL_PH_SURBL')
describeURIBL_PH_SURBL  Contains an URL listed in the PH SURBL blocklist
tflags  URIBL_PH_SURBL  net
score   URIBL_PH_SURBL  3.0

(IIRC you can disable rules simply by setting them to zero, but
in this case I'd probably recommend commenting them out or
deleting them.)

So keep the PH rule and delete any test rule using
fraud.rhs.mailpolice.com separately.

Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/

RE: spamassassin and web based mails !

[Matthew.van.Eerde]

Yang Xiao wrote:
> On Fri, 12 Nov 2004 11:52:17 -1200, Kevin W. Gagel
> <[EMAIL PROTECTED]> wrote:
>> I haven't even bothered to read the article on the link.
>> Why? Because I am not going to chase after a spammer that is
>> sending spam to a free email account who's log files I do
>> not have access to. I don't have a leg to stand on in any court of
>> law. 
>> 
> huh? where I'm working, if I even suspect you are doing something
> remotely improper, you are toasted, a severe scolding from the
> management at least. 


It has come to our attention that you have been disclosing confidential company 
business practices on a public mailing list.

A manager will be stopping by your work area shortly to give you a severe 
scolding.


Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"

Re: spamassassin and web based mails !

[Yang Xiao]

On Fri, 12 Nov 2004 11:52:17 -1200, Kevin W. Gagel <[EMAIL PROTECTED]> wrote:
> I haven't even bothered to read the article on the link.
> Why? Because I am not going to chase after a spammer that is
> sending spam to a free email account who's log files I do
> not have access to. I don't have a leg to stand on in any
> court of law.
>
huh? where I'm working, if I even suspect you are doing something
remotely improper, you are toasted, a severe scolding from the
management at least.

I guess people have different standards then.

Yang