RE: Rules List
For what its worth, the init.pre file is critical. The /root/.cpan/ Is were the source is downloaded and compiled by CPAN. The "make install" that CPAN automatically does puts all the user .cf files in the /etc/mail/spamassassin directory. This is where the init.pre if found. If its missing (I accidentally deleted mine), SURBL won't work. This is also where you can get several other plugins working such as SPF and RelayCountry. RelayCountry is for helping Bayes do a better job detecting Spam. The list I have in my /etc/mail/spamassassin is... 70_sare_adult.cf 70_sare_unsub.cf init.pre 70_sare_bayes_poison_nxm.cf 70_sare_uri.cf local.cf 70_sare_genlsubj0.cf 72_sare_bml_post25x.cf vmcrules.cf 70_sare_header0.cf 72_sare_redirect_post3.0.0.cf weeds.cf 70_sare_html0.cf 99_sare_fraud_post25x.cf tripwire.cf 70_sare_oem.cf bogus-virus-warnings.cfzzwhitelist.cf 70_sare_random.cfchickenpox.cf 70_sare_specific.cf evilnumbers.cf 70_sare_spoof.cf surblrules.cf Note: surblrules.cf is a personal rule set where I added Jeff's JP SURBL list, the vmcrules.cf are my personal rules (mostly negative scores of words that would apply to our business), and zzwhitelist.cf is where I put domains and addresses that are manually whitelisted. <> > -Original Message- > From: Anton Krall [mailto:[EMAIL PROTECTED] > Sent: Saturday, November 06, 2004 3:42 PM > To: 'Michele Neylon::Blacknight Solutions' > Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org > Subject: RE: Rules List > > Is this ok? > > /root/.cpan/build/Mail-SpamAssassin-3.0.1/rules/init.pre > > -Original Message- > From: Michele Neylon::Blacknight Solutions > [mailto:[EMAIL PROTECTED] > Sent: Sábado, 06 de Noviembre de 2004 02:03 p.m. > To: Anton Krall > Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org > Subject: RE: Rules List > > On Sat, 2004-11-06 at 13:57 -0600, Anton Krall wrote: > > Im using 3.0.. How do I get a hold of SURBLs ? Im still > getting a lot > > of the vicodin and medicine spam mail :( > > SURBL is a plugin. Look in your init.pre > > > -- > Mr. Michele Neylon > Blacknight Solutions > Hosting, Co-location & Domain Registration > http://www.blacknight.ie/ Tel. > +353 (0)59 9137101 > > > -- > Email scanned by Blacknight for viruses and dangerous content. > Visit http://www.blacknight.ie for more information > > >
Re: Rules List
On Tuesday, November 9, 2004, 11:53:13 AM, Greg Earle wrote: > I've got Mail::SpamAssassin::SpamCopURI installed on 2.63 now. > But, since 2.63 didn't come with 3.01's rules like 25_uribl.cf, > there's nothing in my 2.63 setup to utilize SpamCopURI, as far > as I can tell. [...] > This won't work under 2.63, right? There's no "ifplugin" stuff > in 2.63, is there? I haven't been following the list religiously > but I thought the plug-in stuff was a SpamAssassin 3-ism ... The rules for SpamCopURI under SpamAssassin 2.63 and 2.64 are not the same as the rules for urirhssub or urirhsbl under SpamAssassin 3. SpamCopURI should ship with sample rules, but I recommend that you use the updated rules at: http://www.surbl.org/spamcop_uri.cf.022-updated.txt which are mentioned at: http://www.surbl.org/ Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Rules List
[EMAIL PROTECTED] wrote: > On Tue, 09 Nov 2004 15:23:08 -0500, "Kris Deugau" <[EMAIL PROTECTED]> > said: > > Snag mine from http://www.deepnet.cx/~kdeugau/spamtools/ > > Nice meta rules (BAYES_vs_SURBL) -- I like those a lot!!! Yep. I added them after a few customers reported FPs on legit mailings with properly low Bayes scores, but multiple SURBL hits bumped them *just* over the threshold. Since stabilizing SURBL usage, I've had *far* fewer FNs reported, and I've rarely had FPs reported to begin with- there's one every other month or so. I don't have real accuracy stats overall, but my own account shows ~200-250 spams per day, and I see maybe two to three a week showing up in my inbox. I filter listmail with procmail before it hits SA, but whitelisting has proven equally effective in the past. Overall SA stats for that system have been pretty constant at around 9:1 spam:ham, around 13K messages/day, for close to a year now. Ugh. :/ -kgd -- Get your mouse off of there! You don't know where that email has been!
Re: Rules List
At 01:05 PM 11/9/2004, Greg Earle wrote: I still have production servers running 2.63 - how can I add SURBL to them? Just go to CPAN and install "Mail::SpamCopURI" on those machines? (Yes, they will be migrated to 3.0.1 once my Testbed machine is working properly) I don't know if it's on CPAN or not, but if it isn't you can always download the tarball and install it that way... The sourceforge project is linked in the "links" section on surbl.org.
Re: Rules List
On Tue, 09 Nov 2004 15:23:08 -0500, "Kris Deugau" <[EMAIL PROTECTED]> said: > Snag mine from http://www.deepnet.cx/~kdeugau/spamtools/ Nice meta rules (BAYES_vs_SURBL) -- I like those a lot!!! -- snowjack(a)fastmail.fm
Re: Rules List
Greg Earle wrote: > But, since 2.63 didn't come with 3.01's rules like 25_uribl.cf, > there's nothing in my 2.63 setup to utilize SpamCopURI, as far > as I can tell. There should have been (IIRC) a file "spamcop_uri.cf" installed in /etc/mail/spamassassin by default, although it may only have one rule in it, along with some other settings. > Ergo, are there 2.63-friendly .cf files out there with > SURBL/SpamCopURI functionality in them? Snag mine from http://www.deepnet.cx/~kdeugau/spamtools/ - this is the configuration I'm using both on my personal server and the systems I administer at work - all running 2.64. The scores have been lightly tweaked for the email traffic I see; to start with you might want to drop them all down to 1 and see which ones hit the most accurately. You should also upgrade to 2.64 due to a known DoS attack on 2.63. -kgd -- Get your mouse off of there! You don't know where that email has been!
Re: Rules List
On Tue, 9 Nov 2004 11:53:13 -0800, "Greg Earle"
<[EMAIL PROTECTED]> said:
> Ergo, are there 2.63-friendly .cf files out there with SURBL/SpamCopURI
> functionality in them?
Here's my surbl.cf. Edit the scores at the bottom to your taste.
# checks to do network lookups of URLs found within spam messages
# using the most excellent DNS database at surbl.org
uri SPAMCOP_URI_RBL
eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+2')
describe SPAMCOP_URI_RBL URI's domain appears in spamcop database at
sc.surbl.org
tflagsSPAMCOP_URI_RBL net
uri WS_URI_RBL
eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+4')
describe WS_URI_RBL URI's domain appears in ws.surbl.org
tflagsWS_URI_RBL net
uri PH_URI_RBL
eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+8')
describe PH_URI_RBL URI's domain appears in ph.surbl.org
tflagsPH_URI_RBL net
uri OB_URI_RBL
eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+16')
describe OB_URI_RBL URI's domain appears in ob.surbl.org
tflagsOB_URI_RBL net
uri AB_URI_RBL
eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+32')
describe AB_URI_RBL URI's domain appears in ab.surbl.org
tflagsAB_URI_RBL net
uri JP_URI_RBL
eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+64')
describe JP_URI_RBL URI's domain appears in jp.surbl.org
tflagsJP_URI_RBL net
score SPAMCOP_URI_RBL2.4
score WS_URI_RBL 2.0
score PH_URI_RBL 2.4
score OB_URI_RBL 2.0
score AB_URI_RBL 2.4
score JP_URI_RBL 2.4
--
snowjack(a)fastmail.fm
Re: Rules List
On Nov 9, 2004, at 8:39 AM, Matt Kettler wrote: Yes, SURBL IS included by default with 3.0. The "copy a file" bit has only to do with the SURBL implementation for 2.6x (Mail::SpamCopURI). 3.0 comes with it, installed by default, enabled by default. However, if you don't have Net::DNS, SURBL, nor any other RBL, will run. Also, spamassassin -D --lint does not enumerate each and every RBL queried. So your lack of response in grep is not evidence of anything. try this to see that the rules are installed by default: grep -i surbl /usr/share/spamassassin/*.cf Let me revise my earlier question: I've got Mail::SpamAssassin::SpamCopURI installed on 2.63 now. But, since 2.63 didn't come with 3.01's rules like 25_uribl.cf, there's nothing in my 2.63 setup to utilize SpamCopURI, as far as I can tell. I first thought I'd just copy the relevant (new) rules from my 3.01 installation to my 2.63 machine, but then I noticed that 25_uribl.cf says -- # Requires the Mail::SpamAssassin::Plugin::URIDNSBL plugin be loaded. # Note that this plugin defines a new config setting, 'uridnsbl', # which lists the zones to look up in advance. The rules will # not hit unless each rule has a corresponding 'uridnsbl' line. ifplugin Mail::SpamAssassin::Plugin::URIDNSBL -- This won't work under 2.63, right? There's no "ifplugin" stuff in 2.63, is there? I haven't been following the list religiously but I thought the plug-in stuff was a SpamAssassin 3-ism ... Ergo, are there 2.63-friendly .cf files out there with SURBL/SpamCopURI functionality in them? Thanks, - Greg
Re: Rules List
On Tuesday, November 9, 2004, 10:05:08 AM, Greg Earle wrote: > I still have production servers running 2.63 - how can I add SURBL to them? > Just go to CPAN and install "Mail::SpamCopURI" on those machines? (Yes, > they will be migrated to 3.0.1 once my Testbed machine is working properly) Yes, but see the 2.63/2.64 notes on the Quick Start page at: http://www.surbl.org/ Also you should probably upgrade to SA 2.64, and you will similarly need a recent Net::DNS, network tests enabled, etc. in order for RBLs or SURBLs to work. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Rules List
Matt Kettler wrote: At 11:18 AM 11/9/2004, Greg Earle wrote: I don't believe this is the case. I just upgraded from 2.63 via CPAN on Solaris 9, and this is what I get: solaris9box:1:52 [/] # spamassassin -D --lint < /dev/null |& grep -i sur solaris9box:1:53 [/] # No mention of SURBLs (or SAREs) anywhere. Yes, SURBL IS included by default with 3.0. The "copy a file" bit has only to do with the SURBL implementation for 2.6x (Mail::SpamCopURI). 3.0 comes with it, installed by default, enabled by default. OK, thanks for the clarification Matt. I still have production servers running 2.63 - how can I add SURBL to them? Just go to CPAN and install "Mail::SpamCopURI" on those machines? (Yes, they will be migrated to 3.0.1 once my Testbed machine is working properly) However, if you don't have Net::DNS, SURBL, nor any other RBL, will run. I do have Net::DNS installed: debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.48 Also, spamassassin -D --lint does not enumerate each and every RBL queried. So your lack of response in grep is not evidence of anything. OK. try this to see that the rules are installed by default: grep -i surbl /usr/share/spamassassin/*.cf I upgraded via CPAN, so now my rules have switched from /usr/share to /opt/perl/share/spamassasin/ - and I see the SURBL rules in the .cf's. Then look at your debug output without grep to see if DNS is being used. Then look for rule matches in mail. I see references to check_uridnsbl and Mail::SpamAssassin::Plugin::URIDNSBL as well. Thanks for the clarification. - Greg
Re: Rules List
At 11:18 AM 11/9/2004, Greg Earle wrote: I don't believe this is the case. I just upgraded from 2.63 via CPAN on Solaris 9, and this is what I get: solaris9box:1:52 [/] # spamassassin -D --lint < /dev/null |& grep -i sur solaris9box:1:53 [/] # No mention of SURBLs (or SAREs) anywhere. Yes, SURBL IS included by default with 3.0. The "copy a file" bit has only to do with the SURBL implementation for 2.6x (Mail::SpamCopURI). 3.0 comes with it, installed by default, enabled by default. However, if you don't have Net::DNS, SURBL, nor any other RBL, will run. Also, spamassassin -D --lint does not enumerate each and every RBL queried. So your lack of response in grep is not evidence of anything. try this to see that the rules are installed by default: grep -i surbl /usr/share/spamassassin/*.cf Then look at your debug output without grep to see if DNS is being used. Then look for rule matches in mail.
Re: Rules List
Jeff Chan <[EMAIL PROTECTED]> wrote:
On Saturday, November 6, 2004, 9:33:47 PM, Anton Krall wrote:
So SURBL will work even if no .cf files are on any of the site rules or
config dirs yet? How does SA know about URLs and where to check?
I see some files under cpan dirs and SA that show some rules about SURBL so I
thought they might need to be copied under /usr/share/spamassassin, where my
site rules are.
SURBLs are included in the default rules for SA 3. If you've
done a full, default install, then the rules and scores are
probably already installed. Hopefully a CPAN install does
that. If you see rules like URIBL_OB_SURBL being triggered
then SURBLs are working.
I don't believe this is the case. I just upgraded from 2.63 via CPAN on
Solaris 9, and this is what I get:
solaris9box:1:52 [/] # spamassassin -D --lint < /dev/null |& grep -i sur
solaris9box:1:53 [/] #
No mention of SURBLs (or SAREs) anywhere.
Full output attached.
- Greg
:1:44 [/] # spamassassin --lint --debug < /dev/null
debug: SpamAssassin version 3.0.1
debug: Score set 0 chosen.
debug: running in taint mode? yes
debug: Running in taint mode, removing unsafe env vars, and resetting PATH
debug: PATH included '/usr/bin', keeping.
debug: PATH included '/opt/perl/bin', keeping.
debug: PATH included '/usr/ccs/bin', keeping.
debug: PATH included '/usr/lang/bin', keeping.
debug: PATH included '/usr/sbin', keeping.
debug: PATH included '/usr/ucb', keeping.
debug: PATH included '/etc', keeping.
debug: PATH included '/usr/local/bin', keeping.
debug: PATH included '/usr/gnu/bin', keeping.
debug: Final PATH set to:
/usr/bin:/opt/perl/bin:/usr/ccs/bin:/usr/lang/bin:/usr/sbin:/usr/ucb:/etc:/usr/local/bin:/usr/gnu/bin
debug: diag: module not installed: DBI ('require' failed)
debug: diag: module installed: DB_File, version 1.809
debug: diag: module installed: Digest::SHA1, version 2.10
debug: diag: module installed: IO::Socket::UNIX, version 1.21
debug: diag: module installed: MIME::Base64, version 3.05
debug: diag: module installed: Net::DNS, version 0.48
debug: diag: module not installed: Net::LDAP ('require' failed)
debug: diag: module installed: Razor2::Client::Agent, version 2.61
debug: diag: module installed: Storable, version 2.13
debug: diag: module installed: URI, version 1.34
debug: ignore: using a test message to lint rules
debug: using "/etc/opt/mail/spamassassin/init.pre" for site rules init.pre
debug: config: read file /etc/opt/mail/spamassassin/init.pre
debug: using "/opt/perl/share/spamassassin" for default rules dir
debug: config: read file /opt/perl/share/spamassassin/10_misc.cf
debug: config: read file /opt/perl/share/spamassassin/20_anti_ratware.cf
debug: config: read file /opt/perl/share/spamassassin/20_body_tests.cf
debug: config: read file /opt/perl/share/spamassassin/20_compensate.cf
debug: config: read file /opt/perl/share/spamassassin/20_dnsbl_tests.cf
debug: config: read file /opt/perl/share/spamassassin/20_drugs.cf
debug: config: read file /opt/perl/share/spamassassin/20_fake_helo_tests.cf
debug: config: read file /opt/perl/share/spamassassin/20_head_tests.cf
debug: config: read file /opt/perl/share/spamassassin/20_html_tests.cf
debug: config: read file /opt/perl/share/spamassassin/20_meta_tests.cf
debug: config: read file /opt/perl/share/spamassassin/20_phrases.cf
debug: config: read file /opt/perl/share/spamassassin/20_porn.cf
debug: config: read file /opt/perl/share/spamassassin/20_ratware.cf
debug: config: read file /opt/perl/share/spamassassin/20_uri_tests.cf
debug: config: read file /opt/perl/share/spamassassin/23_bayes.cf
debug: config: read file /opt/perl/share/spamassassin/25_body_tests_es.cf
debug: config: read file /opt/perl/share/spamassassin/25_hashcash.cf
debug: config: read file /opt/perl/share/spamassassin/25_spf.cf
debug: config: read file /opt/perl/share/spamassassin/25_uribl.cf
debug: config: read file /opt/perl/share/spamassassin/30_text_de.cf
debug: config: read file /opt/perl/share/spamassassin/30_text_fr.cf
debug: config: read file /opt/perl/share/spamassassin/30_text_nl.cf
debug: config: read file /opt/perl/share/spamassassin/30_text_pl.cf
debug: config: read file /opt/perl/share/spamassassin/50_scores.cf
debug: config: read file /opt/perl/share/spamassassin/60_whitelist.cf
debug: using "/etc/opt/mail/spamassassin" for site rules dir
debug: config: read file /etc/opt/mail/spamassassin/local.cf
debug: using "//.spamassassin" for user state dir
debug: using "//.spamassassin/user_prefs" for user prefs file
debug: config: read file //.spamassassin/user_prefs
debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x53c1b4)
debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0xd83868)
debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0xd51318)
debug: plugin: Mail
RE: Rules List
I think I got SURBL working since I see a lot of mails triggered as spam with comments like URIBL_WS_SURBL What I did is do a cpan SA3 install and on /root/.cpan/SA3.0/rules, copy all the .cf files to my site rules dir, since it seems that SURBL is enabled and net tests is enabled too... I guess by copying the default rules to my site rules dir enabled the scores and everything else, here is a copy of the rules I have in place: 8 -rw-r--r--1 root root 6002 Nov 6 20:02 10_misc.cf 4 -rw-r--r--1 root root 1602 Nov 6 20:02 20_anti_ratware.cf 12 -rw-r--r--1 root root 8198 Nov 6 20:02 20_body_tests.cf 4 -rw-r--r--1 root root 1613 Nov 6 20:02 20_compensate.cf 12 -rw-r--r--1 root root12083 Nov 6 20:02 20_dnsbl_tests.cf 16 -rw-r--r--1 root root15700 Nov 6 20:02 20_drugs.cf 12 -rw-r--r--1 root root11268 Nov 6 20:02 20_fake_helo_tests.cf 28 -rw-r--r--1 root root27699 Nov 6 20:02 20_head_tests.cf 16 -rw-r--r--1 root root15487 Nov 6 20:02 20_html_tests.cf 12 -rw-r--r--1 root root10939 Nov 6 20:02 20_meta_tests.cf 24 -rw-r--r--1 root root22099 Nov 6 20:02 20_phrases.cf 8 -rw-r--r--1 root root 4966 Nov 6 20:02 20_porn.cf 16 -rw-r--r--1 root root14129 Nov 6 20:02 20_ratware.cf 8 -rw-r--r--1 root root 5014 Nov 6 20:02 20_uri_tests.cf 4 -rw-r--r--1 root root 2334 Nov 6 20:02 23_bayes.cf 12 -rw-r--r--1 root root 9114 Nov 6 20:02 25_body_tests_es.cf 4 -rw-r--r--1 root root 2735 Nov 6 20:02 25_hashcash.cf 4 -rw-r--r--1 root root 2301 Nov 6 20:02 25_spf.cf 8 -rw-r--r--1 root root 4700 Nov 6 20:02 25_uribl.cf 56 -rw-r--r--1 root root52290 Nov 6 20:02 30_text_de.cf 40 -rw-r--r--1 root root40682 Nov 6 20:02 30_text_fr.cf 64 -rw-r--r--1 root root57934 Nov 6 20:02 30_text_nl.cf 36 -rw-r--r--1 root root34800 Nov 6 20:02 30_text_pl.cf 32 -rw-r--r--1 root root29375 Nov 6 20:02 50_scores.cf 8 -rw-r--r--1 root root 6884 Nov 6 20:02 60_whitelist.cf 4 -rw-r--r--1 root root 342 Nov 6 20:02 local.cf 4 -rw-r--r--1 root root 2671 Nov 6 20:02 regression_tests.cf I only have the default rules in place, no other rules from rules_du_jour or anything... Looks ok to you guys? Should I also put some rules_du_jour in there? CPU load is very low and nice :) and seems to be catching a lot of spam... -Original Message- From: Jeff Chan [mailto:[EMAIL PROTECTED] Sent: Domingo, 07 de Noviembre de 2004 12:14 a.m. To: Anton Krall Cc: users@spamassassin.apache.org Subject: Re: Rules List On Saturday, November 6, 2004, 9:33:47 PM, Anton Krall wrote: > So SURBL will work even if no .cf files are on any of the site rules > or config dirs yet? How does SA know about URLs and where to check? > I see some files under cpan dirs and SA that show some rules about > SURBL so I thought they might need to be copied under > /usr/share/spamassassin, where my site rules are. SURBLs are included in the default rules for SA 3. If you've done a full, default install, then the rules and scores are probably already installed. Hopefully a CPAN install does that. If you see rules like URIBL_OB_SURBL being triggered then SURBLs are working. > Do you recommend still installing some rules like sare and such? > Also, do you know any rules that trap vicodin and some other drug spam? Some of the SARE rules are useful for these. To be honest, I don't have recommendations about which ones to use. But with SURBLs some are no longer needed. I'll let the SARE folks explain further, or you may want to search the list archives about this. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Rules List
On Saturday, November 6, 2004, 9:33:47 PM, Anton Krall wrote: > So SURBL will work even if no .cf files are on any of the site rules or > config dirs yet? How does SA know about URLs and where to check? > I see some files under cpan dirs and SA that show some rules about SURBL so > I thought they might need to be copied under /usr/share/spamassassin, where > my site rules are. SURBLs are included in the default rules for SA 3. If you've done a full, default install, then the rules and scores are probably already installed. Hopefully a CPAN install does that. If you see rules like URIBL_OB_SURBL being triggered then SURBLs are working. > Do you recommend still installing some rules like sare and such? > Also, do you know any rules that trap vicodin and some other drug spam? Some of the SARE rules are useful for these. To be honest, I don't have recommendations about which ones to use. But with SURBLs some are no longer needed. I'll let the SARE folks explain further, or you may want to search the list archives about this. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Rules List
> So SURBL will work even if no .cf files are on any of the site rules or > config dirs yet? How does SA know about URLs and where to check? SA comes with a pile of config files as part of the normal install. You should certainly have the default SA config files installed. Whether these are the ones you are referring to on CPAN I can't say. But I think you should find a bunch of cf files probably in etc/mail/spamassassin. The surbl stuff will be in these rule files. > Do you recommend still installing some rules like sare and such? Some of the SARE rules have been subsumed into 3.0, but most haven't. The general rule is, if spam is leaking through, look to see if there is an addon ruleset that can fix the problem. If spam isn't leaking through, generally don't bother. Quite likely the sare general header, general subject, bml, and fraud rules will help, as probably will some of the others. However, surbl does quite a good job all by itself. > Also, do you know any rules that trap vicodin and some other drug spam? Matt's antidrug rules are part of 3.0, so most of this stuff should be caught by default. Loren
Re: Rules List
> I just upgraded to 3.0 and using amavisd-new... I removed the old 2.6 rules Then you need to delete the pre25x, pre30 type rules. > enabled but I was wondering, since I upgraded using CPAN, should I copy the > rules on /root/.cpan/SA3.0/rules/*.cf to the site rules dir to enalble SURBL > rules? Can't help you there, I have no idea what those rules files would be. > How do I go about setting this up nicely? For surbl you need to make sure you have enough stuff installed that you can successfully do net tests. Then I believe you have to enable the surbl plugin in plugins.cf or some such. (I may be wrong, it may be enabled already.) I think you may also have to track down the surbl rules and enable them, but again I'm not sure. They will be in one of the stock 3.0 config files somewhere. But first make sure you have net tests working, or surbl won't do anything for you. This requires some optional pieces that you may not have installed. I believe spamassassin -D --lint will show you what you do and don't have installed and enabled. Loren
RE: Rules List
So SURBL will work even if no .cf files are on any of the site rules or
config dirs yet? How does SA know about URLs and where to check?
I see some files under cpan dirs and SA that show some rules about SURBL so
I thought they might need to be copied under /usr/share/spamassassin, where
my site rules are.
Do you recommend still installing some rules like sare and such?
Also, do you know any rules that trap vicodin and some other drug spam?
-Original Message-
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Sent: Sábado, 06 de Noviembre de 2004 11:23 p.m.
To: users@spamassassin.apache.org
Subject: Re: Rules List
On Saturday, November 6, 2004, 8:41:00 PM, Anton Krall wrote:
> I just upgraded to 3.0 and using amavisd-new... I removed the old 2.6
> rules and left only 3.0 .. Also, seems 3.0 has builtin support for
> SURBL and its enabled but I was wondering, since I upgraded using
> CPAN, should I copy the rules on /root/.cpan/SA3.0/rules/*.cf to the
> site rules dir to enalble SURBL rules?
> How do I go about setting this up nicely?
SURBLs are supported by default in 3.0. You don't need to copy
any rules or configs. All you need to do is have a current
Net::DNS and make sure network tests are enabled.
http://www.surbl.org/faq.html#nettest
You probably should add a rule for JP however:
urirhssub URIBL_JP_SURBL multi.surbl.org.A 64
body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html
tflagsURIBL_JP_SURBL net
score URIBL_JP_SURBL4.0
See:
http://www.surbl.org/
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Re: Rules List
On Saturday, November 6, 2004, 8:41:00 PM, Anton Krall wrote:
> I just upgraded to 3.0 and using amavisd-new... I removed the old 2.6 rules
> and left only 3.0 .. Also, seems 3.0 has builtin support for SURBL and its
> enabled but I was wondering, since I upgraded using CPAN, should I copy the
> rules on /root/.cpan/SA3.0/rules/*.cf to the site rules dir to enalble SURBL
> rules?
> How do I go about setting this up nicely?
SURBLs are supported by default in 3.0. You don't need to copy
any rules or configs. All you need to do is have a current
Net::DNS and make sure network tests are enabled.
http://www.surbl.org/faq.html#nettest
You probably should add a rule for JP however:
urirhssub URIBL_JP_SURBL multi.surbl.org.A 64
body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html
tflagsURIBL_JP_SURBL net
score URIBL_JP_SURBL4.0
See:
http://www.surbl.org/
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
RE: Rules List
Loren. I just upgraded to 3.0 and using amavisd-new... I removed the old 2.6 rules and left only 3.0 .. Also, seems 3.0 has builtin support for SURBL and its enabled but I was wondering, since I upgraded using CPAN, should I copy the rules on /root/.cpan/SA3.0/rules/*.cf to the site rules dir to enalble SURBL rules? How do I go about setting this up nicely? -Original Message- From: Loren Wilton [mailto:[EMAIL PROTECTED] Sent: Sábado, 06 de Noviembre de 2004 09:14 p.m. To: users@spamassassin.apache.org Subject: Re: Rules List > Im using 3.0.. How do I get a hold of SURBLs ? Im still getting a lot > of the vicodin and medicine spam mail :( > > 71_sare_bml_pre25x.cf > > 71_sare_redirect_pre3.0.0.cf > > 72_sare_redirect_post3.0.0.cf > 70_sare_html_x30.cf > > 99_sare_fraud_post25x.cf > > 70_sare_header_x264_x30.cf > > 99_sare_fraud_pre25x.cf > > 70_sare_header_x30.cf > > 70_sare_genlsubj_x30.cf Notice anything interesting about the file names I left in the list above? They all have SA version numbers, indicating which SA versions they apply to. I absolutely guarantee that no matter which SA version you are running, at least one of those files is inappropriate. Please go back to www.rulesemporium.com/rules and READ the descriptions of the rule files, and then select the ones that are and ARE NOT appropriate for your configuration. Delete those that ARE NOT appropriate, as a start. Loren
Re: Rules List
> Im using 3.0.. How do I get a hold of SURBLs ? Im still getting a lot of > the vicodin and medicine spam mail :( > > 71_sare_bml_pre25x.cf > > 71_sare_redirect_pre3.0.0.cf > > 72_sare_redirect_post3.0.0.cf > 70_sare_html_x30.cf > > 99_sare_fraud_post25x.cf > > 70_sare_header_x264_x30.cf > > 99_sare_fraud_pre25x.cf > > 70_sare_header_x30.cf > > 70_sare_genlsubj_x30.cf Notice anything interesting about the file names I left in the list above? They all have SA version numbers, indicating which SA versions they apply to. I absolutely guarantee that no matter which SA version you are running, at least one of those files is inappropriate. Please go back to www.rulesemporium.com/rules and READ the descriptions of the rule files, and then select the ones that are and ARE NOT appropriate for your configuration. Delete those that ARE NOT appropriate, as a start. Loren
RE: Rules List
Is this ok? /root/.cpan/build/Mail-SpamAssassin-3.0.1/rules/init.pre -Original Message- From: Michele Neylon::Blacknight Solutions [mailto:[EMAIL PROTECTED] Sent: Sábado, 06 de Noviembre de 2004 02:03 p.m. To: Anton Krall Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org Subject: RE: Rules List On Sat, 2004-11-06 at 13:57 -0600, Anton Krall wrote: > Im using 3.0.. How do I get a hold of SURBLs ? Im still getting a lot > of the vicodin and medicine spam mail :( SURBL is a plugin. Look in your init.pre -- Mr. Michele Neylon Blacknight Solutions Hosting, Co-location & Domain Registration http://www.blacknight.ie/ Tel. +353 (0)59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: Rules List
Hi! What can I use those instead of the lists Im using? Any urls for more info? Will using SURBL's sllow me to remove all the other cf and just use SURBL's ? What version SA are you using. I dont think you are using SURBL's right now. I think that will get you going a lot better then the gazillion lists you have loaded now. Also will cut down CPU and RAM usage on your machine a lit. You can use whatever you like, if its smart, thats a completely different question. If you run SURBL you can get out a lot of the seperate .cf files, for example bigevil. Bye, Raymond.
RE: Rules List
BTW I just upgraded to 3.0 and using rules_du_jour -Original Message- From: Raymond Dijkxhoorn [mailto:[EMAIL PROTECTED] Sent: Sábado, 06 de Noviembre de 2004 12:23 p.m. To: Anton Krall Cc: users@spamassassin.apache.org Subject: Re: Rules List Hi! > > I am using the following rules list but still a lot of spam is going thru.. > Any extra rules you recommend adding? > > 70_sare_adult.cf 70_sare_header1.cf 70_sare_html3.cf > 71_sare_bml_pre25x.cf > 70_sare_bayes_poison_nxm.cf 70_sare_header2.cf 70_sare_html4.cf > 71_sare_redirect_pre3.0.0.cf > 70_sare_genlsubj.cf 70_sare_header3.cf 70_sare_html_arc.cf > 72_sare_bml_post25x.cf > 70_sare_genlsubj0.cf 70_sare_header_arc.cf 70_sare_html_eng.cf > 72_sare_redirect_post3.0.0.cf > 70_sare_genlsubj1.cf 70_sare_header_eng.cf 70_sare_html_x30.cf > 99_sare_fraud_post25x.cf > 70_sare_genlsubj2.cf 70_sare_header_x264_x30.cf 70_sare_oem.cf > 99_sare_fraud_pre25x.cf > 70_sare_genlsubj3.cf 70_sare_header_x30.cf 70_sare_random.cf > RulesDuJour > 70_sare_genlsubj_arc.cf 70_sare_highrisk.cf 70_sare_specific.cf > antidrug.cf > 70_sare_genlsubj_eng.cf 70_sare_html.cf 70_sare_spoof.cf > bigevil.cf Bigevil? What version SA are you using. I dont think you are using SURBL's right now. I think that will get you going a lot better then the gazillion lists you have loaded now. Also will cut down CPU and RAM usage on your machine a lit. Bye, Raymond.
RE: Rules List
What can I use those instead of the lists Im using? Any urls for more info? Will using SURBL's sllow me to remove all the other cf and just use SURBL's ? -Original Message- From: Raymond Dijkxhoorn [mailto:[EMAIL PROTECTED] Sent: Sábado, 06 de Noviembre de 2004 12:23 p.m. To: Anton Krall Cc: users@spamassassin.apache.org Subject: Re: Rules List Hi! > > I am using the following rules list but still a lot of spam is going thru.. > Any extra rules you recommend adding? > > 70_sare_adult.cf 70_sare_header1.cf 70_sare_html3.cf > 71_sare_bml_pre25x.cf > 70_sare_bayes_poison_nxm.cf 70_sare_header2.cf 70_sare_html4.cf > 71_sare_redirect_pre3.0.0.cf > 70_sare_genlsubj.cf 70_sare_header3.cf 70_sare_html_arc.cf > 72_sare_bml_post25x.cf > 70_sare_genlsubj0.cf 70_sare_header_arc.cf 70_sare_html_eng.cf > 72_sare_redirect_post3.0.0.cf > 70_sare_genlsubj1.cf 70_sare_header_eng.cf 70_sare_html_x30.cf > 99_sare_fraud_post25x.cf > 70_sare_genlsubj2.cf 70_sare_header_x264_x30.cf 70_sare_oem.cf > 99_sare_fraud_pre25x.cf > 70_sare_genlsubj3.cf 70_sare_header_x30.cf 70_sare_random.cf > RulesDuJour > 70_sare_genlsubj_arc.cf 70_sare_highrisk.cf 70_sare_specific.cf > antidrug.cf > 70_sare_genlsubj_eng.cf 70_sare_html.cf 70_sare_spoof.cf > bigevil.cf Bigevil? What version SA are you using. I dont think you are using SURBL's right now. I think that will get you going a lot better then the gazillion lists you have loaded now. Also will cut down CPU and RAM usage on your machine a lit. Bye, Raymond.
RE: Rules List
On Sat, 2004-11-06 at 13:57 -0600, Anton Krall wrote: > Im using 3.0.. How do I get a hold of SURBLs ? Im still getting a lot of > the vicodin and medicine spam mail :( SURBL is a plugin. Look in your init.pre -- Mr. Michele Neylon Blacknight Solutions Hosting, Co-location & Domain Registration http://www.blacknight.ie/ Tel. +353 (0)59 9137101 -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
RE: Rules List
Im using 3.0.. How do I get a hold of SURBLs ? Im still getting a lot of the vicodin and medicine spam mail :( -Original Message- From: Rakesh [mailto:[EMAIL PROTECTED] Sent: Sábado, 06 de Noviembre de 2004 10:29 a.m. To: Anton Krall Cc: users@spamassassin.apache.org Subject: Re: Rules List hii, which version of spamassassin are you using ? I would recommend to remove uri rulesets like bigevil and sare URI and use SURBLs instead, tht will help you to get rid of great deal of spams. If you are using older version of spamassassin like 2.63 then you will have to install the SpamCop URI plugin or else upgrade to Spamassassin 3.x. Also try to use dcc and razor if you are not using tht. Rakesh On Sat, 2004-11-06 at 21:41, Anton Krall wrote: > Guys. > > I am using the following rules list but still a lot of spam is going thru.. > Any extra rules you recommend adding? > > 70_sare_adult.cf 70_sare_header1.cf 70_sare_html3.cf > 71_sare_bml_pre25x.cf > 70_sare_bayes_poison_nxm.cf 70_sare_header2.cf 70_sare_html4.cf > 71_sare_redirect_pre3.0.0.cf > 70_sare_genlsubj.cf 70_sare_header3.cf 70_sare_html_arc.cf > 72_sare_bml_post25x.cf > 70_sare_genlsubj0.cf 70_sare_header_arc.cf 70_sare_html_eng.cf > 72_sare_redirect_post3.0.0.cf > 70_sare_genlsubj1.cf 70_sare_header_eng.cf 70_sare_html_x30.cf > 99_sare_fraud_post25x.cf > 70_sare_genlsubj2.cf 70_sare_header_x264_x30.cf 70_sare_oem.cf > 99_sare_fraud_pre25x.cf > 70_sare_genlsubj3.cf 70_sare_header_x30.cf 70_sare_random.cf > RulesDuJour > 70_sare_genlsubj_arc.cf 70_sare_highrisk.cf 70_sare_specific.cf > antidrug.cf > 70_sare_genlsubj_eng.cf 70_sare_html.cf 70_sare_spoof.cf > bigevil.cf > 70_sare_genlsubj_x30.cf 70_sare_html0.cf70_sare_unsub.cf > bogus-virus-warnings.cf > 70_sare_header.cf70_sare_html1.cf70_sare_uri.cf > evilnumbers.cf > 70_sare_header0.cf 70_sare_html2.cf70_sc_top200.cf > rules_du_jour >
Re: Rules List
Hi! I am using the following rules list but still a lot of spam is going thru.. Any extra rules you recommend adding? 70_sare_adult.cf 70_sare_header1.cf 70_sare_html3.cf 71_sare_bml_pre25x.cf 70_sare_bayes_poison_nxm.cf 70_sare_header2.cf 70_sare_html4.cf 71_sare_redirect_pre3.0.0.cf 70_sare_genlsubj.cf 70_sare_header3.cf 70_sare_html_arc.cf 72_sare_bml_post25x.cf 70_sare_genlsubj0.cf 70_sare_header_arc.cf 70_sare_html_eng.cf 72_sare_redirect_post3.0.0.cf 70_sare_genlsubj1.cf 70_sare_header_eng.cf 70_sare_html_x30.cf 99_sare_fraud_post25x.cf 70_sare_genlsubj2.cf 70_sare_header_x264_x30.cf 70_sare_oem.cf 99_sare_fraud_pre25x.cf 70_sare_genlsubj3.cf 70_sare_header_x30.cf 70_sare_random.cf RulesDuJour 70_sare_genlsubj_arc.cf 70_sare_highrisk.cf 70_sare_specific.cf antidrug.cf 70_sare_genlsubj_eng.cf 70_sare_html.cf 70_sare_spoof.cf bigevil.cf Bigevil? What version SA are you using. I dont think you are using SURBL's right now. I think that will get you going a lot better then the gazillion lists you have loaded now. Also will cut down CPU and RAM usage on your machine a lit. Bye, Raymond.
RE: Rules List
Get rid of bigevil immediately!! It is no longer updated and kills servers
:)
If you are still running the 2.6* series use spamcop uri to add support for
SURBL
Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101
Proud sponsors of MM04 {http://www.mm04.net}
--
Email scanned by Blacknight for viruses and dangerous content.
Visit http://www.blacknight.ie for more information
Re: Rules List
hii, which version of spamassassin are you using ? I would recommend to remove uri rulesets like bigevil and sare URI and use SURBLs instead, tht will help you to get rid of great deal of spams. If you are using older version of spamassassin like 2.63 then you will have to install the SpamCop URI plugin or else upgrade to Spamassassin 3.x. Also try to use dcc and razor if you are not using tht. Rakesh On Sat, 2004-11-06 at 21:41, Anton Krall wrote: > Guys. > > I am using the following rules list but still a lot of spam is going thru.. > Any extra rules you recommend adding? > > 70_sare_adult.cf 70_sare_header1.cf 70_sare_html3.cf > 71_sare_bml_pre25x.cf > 70_sare_bayes_poison_nxm.cf 70_sare_header2.cf 70_sare_html4.cf > 71_sare_redirect_pre3.0.0.cf > 70_sare_genlsubj.cf 70_sare_header3.cf 70_sare_html_arc.cf > 72_sare_bml_post25x.cf > 70_sare_genlsubj0.cf 70_sare_header_arc.cf 70_sare_html_eng.cf > 72_sare_redirect_post3.0.0.cf > 70_sare_genlsubj1.cf 70_sare_header_eng.cf 70_sare_html_x30.cf > 99_sare_fraud_post25x.cf > 70_sare_genlsubj2.cf 70_sare_header_x264_x30.cf 70_sare_oem.cf > 99_sare_fraud_pre25x.cf > 70_sare_genlsubj3.cf 70_sare_header_x30.cf 70_sare_random.cf > RulesDuJour > 70_sare_genlsubj_arc.cf 70_sare_highrisk.cf 70_sare_specific.cf > antidrug.cf > 70_sare_genlsubj_eng.cf 70_sare_html.cf 70_sare_spoof.cf > bigevil.cf > 70_sare_genlsubj_x30.cf 70_sare_html0.cf70_sare_unsub.cf > bogus-virus-warnings.cf > 70_sare_header.cf70_sare_html1.cf70_sare_uri.cf > evilnumbers.cf > 70_sare_header0.cf 70_sare_html2.cf70_sc_top200.cf > rules_du_jour >
