Anyone using URIDNSBL for weeding out referrer spam ?
I am looking for a way to weed out referrer spam from Apache logs and Awstats data files. I have seen some tools, but they rely on static blacklist - often very small ones, rarely maintained. It just occurs to me that this is a perfect job for something like Mail::SpamAssassin::Plugin::URIDNSBL so that blacklist maintainance can be mutualized over an even larger pool of users. Has anyone tried using Mail::SpamAssassin::Plugin::URIDNSBL to check for referrer spam ? Even a simple script capable of making an URIDNSBL query for an arbitrary URL would be a good step forward in order to integrate the functionality into some script. - -- http://serendipity.ruwenzori.net/ Jean-Marc Liotier -- View this message in context: http://www.nabble.com/Anyone-using-URIDNSBL-for-weeding-out-referrer-spam---tf4855342.html#a13893856 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Anyone using URIDNSBL for weeding out referrer spam ?
Quoting Jean-Marc Liotier [EMAIL PROTECTED]: I am looking for a way to weed out referrer spam from Apache logs and Awstats data files. I have seen some tools, but they rely on static blacklist - often very small ones, rarely maintained. It just occurs to me that this is a perfect job for something like Mail::SpamAssassin::Plugin::URIDNSBL so that blacklist maintainance can be mutualized over an even larger pool of users. Has anyone tried using Mail::SpamAssassin::Plugin::URIDNSBL to check for referrer spam ? Even a simple script capable of making an URIDNSBL query for an arbitrary URL would be a good step forward in order to integrate the functionality into some script. You may find some programs useful for scanning for blacklisted URIs at: http://www.surbl.org/links.html Jeff C.
Re: Anyone using URIDNSBL for weeding out referrer spam ?
Jeff Chan wrote: You may find some programs useful for scanning for blacklisted URIs at: http://www.surbl.org/links.html Thank you for the pointer. I have downloaded, compiled and tested surblhost - and it looks very handy for integrating into a shell script. http://surblhost.sourceforge.net/ Now I'll adapt an existing script or adapt one to do the actual weeding out... - -- http://serendipity.ruwenzori.net/ Jean-Marc Liotier -- View this message in context: http://www.nabble.com/Anyone-using-URIDNSBL-for-weeding-out-referrer-spam---tf4855342.html#a13898907 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: How do you score?
It's generally not a good idea to post spam to the list. If you need to, put it on a website somewhere and place a link to it. I ran one message through an older install of SA I have (non production), 3.2.3, and it scored a 16.8: ontent analysis details: (16.8 points, 5.0 required) pts rule name description -- -- 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS 5.0 BOTNET Relay might be a spambot or virusbot [botnet0.7,ip=196.44.3.90,nordns] 1.3 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO 0.6 ALL_NATURALBODY: Spam is 100% natural?! 0.8 SARE_URI_MEDS URI: domain selling meds 3.4 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: mymedsinformation.com] 2.6 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: mymedsinformation.com] 3.0 URIBL_BLACKContains an URL listed in the URIBL blacklist [URIs: mymedsinformation.com] I'll try and run the other one later. Happy Thanskgiving. Evan At 07:50 AM 11/22/2007, Trevor Dodds wrote: Hi, I've recently seen a lot more spam emails passing through our spamassassin filters. I continually train Bayes on emails that score low. Please can you tell me what scores you receive on the attached two emails. Thanks Trevor
quarantine and junkmailbox configuration
I use amavisd-new with spamassassin loaded as a perl module. My actual config: /etc/amavisd/amavisd.conf: $sa_tag_level_deflt = 2.0; # 2+ put X-Spam-Status headers only $sa_tag2_level_deflt = 5.0;# 5+ put X-Spam-FLag = YES $sa_kill_level_deflt = 8; # 8+ send to quarantine /var/spool/amavisd/quarantine $sa_quarantine_cutoff_level = 20; # 20+ send to /dev/null I would like that messages classified from level 8 to 13 goes to a junk mailbox ([EMAIL PROTECTED]) and only above goes to the quarantine! What I need to add to my config to do that! (I know that I can put according configs in /etc/mail/spamassassin/local.cf). If I set spam-admin = [EMAIL PROTECTED] messages from level 8 ($sa_kill_level_deflt = 8;) to level 20 ($sa_quarantine_cutoff_level = 20;) go to this mailbox and not to filesystem quarantine! Thanks!
Change Score
Hi All I want to increase scores of all rules in 20_drugs.cf how can I do this shortly ?? Regards Get easy, one-click access to your favorites. Make Yahoo! your homepage. http://www.yahoo.com/r/hs
Re: Change Score
I want to increase scores of all rules in 20_drugs.cf how can I do this shortly ?? How shortly (quickly/easily) you can do this depends on how many rules there are in the rules file, and maybe how good you are with some text filtering and replacement tools. You need to capture all of the 'score' lines from the rule file, change the score values to what you want, and then put them into A NEW FILE, not the original file. If you only want to raise the scores, and if you want to do it by the same amount for all of the rules (although this seems somewhat silly to me) you can do offset scores for all of the rules, as: score SOME_RULE+0.2 score SOME_OTHER_RULE+0.2 A score line can have one score or 4 scores. Since you are probably always using the same score set, a single score that will modify (or replace) all of the scores is usually sufficient when you are changing scores. Loren
Re: recover quarantined messages web interface
Morvan Daniel, I try webmin clamav module. I'm using amavisd-new with spamassassin perl module. Quarantined messages are in plain text format below /var/spool/amavisd/quarantine/spam-xxx.gz. If I use the resend buton from web interface (webmim clamav quarantine module) to recover some message to my users, this message is send to final user in plain text format, i.e, html quarantined messages go to the final user in a non comprensible format. The user see headers and tags. There is and add-on to the webmin clamav module that convert quarantined html messages in the original format when I use the resend buton! Or there is other web tool to manage quarantined messages (my quarantine is in the filesystem (/var directory) not in a database)! Try MailZu: http://www.mailzu.net/ From its FAQ: 4) Do I have to configure amavisd-new to quarantine email to SQL? No. MailZu does not require that the actual message bodies be kept in SQL. Release is handled by amavisd-new, so MailZu need not be aware of the location of the quarantine. Quarantine to SQL is only necessary if you want your users to be able to view spam in the MailZu interface, otherwise they will only see the basic headers of the quarantined message. Mark
Re: quarantine and junkmailbox configuration
Morvan Daniel,
I use amavisd-new with spamassassin loaded as a perl module.
My actual config: /etc/amavisd/amavisd.conf:
$sa_tag_level_deflt = 2.0; # 2+ put X-Spam-Status headers only
$sa_tag2_level_deflt = 5.0;# 5+ put X-Spam-Flag = YES
$sa_kill_level_deflt = 8; # 8+ send to quarantine
$sa_quarantine_cutoff_level = 20; # 20+ send to /dev/null
I would like that messages classified from level 8 to 13 goes to a junk
mailbox ([EMAIL PROTECTED]) and only above goes to the quarantine!
What I need to add to my config to do that!
You actually want two levels of a quarantine, the first level to be
delivered to a mailbox, and the second level to a normal quarantine.
There is currently only one level of quarantining, but it is possible
to achieve the desired effect by putting a tag3_level to good use,
along with appending address extensions and a little help from a MTA:
$sa_tag_level_deflt = 2; # insert spam headers
$sa_tag2_level_deflt = 5; # let spam headers say YES, spam
$sa_tag3_level_deflt = 8; # by default no effect, but see below
$sa_kill_level_deflt = 13; # block mail and quarantine
$sa_quarantine_cutoff_level = 20; # suppress quarantine above that level
$recipient_delimiter = '+';
# here is a little tricky part: turn on address extensions at tag3_level
$addr_extension_maps_by_ccat{CC_SPAMMY.',1'} = ['junk'];
So in addition to your previous behaviour, the range of spam scores
between 8 and 13 will still pass on (with spam headers added), but will
also have recipient addresses modified to include a '+junk' at the
end of a local part, e.g.: [EMAIL PROTECTED] - [EMAIL PROTECTED]
Note that only recipients in local domains receive this treatment
(i.e. inbound and internal mail), so make sure to have local_domains
configured correctly.
The rest is up to a MTA to decide what to do with an address extension
'+junk' - to ignore it, or to deliver it to a user's dedicated mailbox,
or to rewrite it to some common junk mailbox such as [EMAIL PROTECTED]
To achieve the later with Postfix, tell it the extensions delimiter is a '+'
and add a virtual map which will rewrite [EMAIL PROTECTED]
into [EMAIL PROTECTED] For example:
main.cf:
recipient_delimiter = +
virtual_alias_maps =
cdb:/etc/postfix/virtual
pcre:/etc/postfix/virtual_mapping_pcre
/etc/postfix/virtual_mapping_pcre :
/^(.*)\+junk@(example\.com)$/ [EMAIL PROTECTED]
Followups (if any) to amavis-user mailing list please.
Mark
