Re: stackexchange.com in URIBL (false positive?)
On Sun, 29 Jul 2018, Daniele Duca wrote: On 29/07/2018 09:53, Yves Goergen wrote: No I can't because it's a locked system. I'd need an account for that. And I'm not going to register just for saving another admin's system. So either stackexchange admins repair their entry themselves, or the blacklist operator needs a review. -Yves A third option would be for you to use uridnsbl_skip_domain and don't bother anymore ;) As of right now URIBL does not report stackexchange.com as being listed. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Look at the people at the top of both efforts. Linus Torvalds is a university graduate with a CS degree. Bill Gates is a university dropout who bragged about dumpster-diving and using other peoples' garbage code as the basis for his code. Maybe that has something to do with the difference in quality/security between Linux and Windows. -- anytwofiveelevenis on Y! SCOX --- 6 days until the 283rd anniversary of John Peter Zenger's acquittal
Re: stackexchange.com in URIBL (false positive?)
On 29/07/2018 09:53, Yves Goergen wrote: No I can't because it's a locked system. I'd need an account for that. And I'm not going to register just for saving another admin's system. So either stackexchange admins repair their entry themselves, or the blacklist operator needs a review. -Yves A third option would be for you to use uridnsbl_skip_domain and don't bother anymore ;) Daniele
Re: stackexchange.com in URIBL (false positive?)
No I can't because it's a locked system. I'd need an account for that. And I'm not going to register just for saving another admin's system. So either stackexchange admins repair their entry themselves, or the blacklist operator needs a review. -Yves Von: Dave Wreski Gesendet: Sa, 2018-07-28 21:29 +0200 5.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: stackexchange.com] I guess that's not supposed to be like that. I can't change anything at it, just for information for somebody in the position to fix that. It is indeed listed, and listed for a reason. The default score for URIBL_BLACK is 1.7 with bayes. Why have you changed it? You can request that it be delisted here: https://admin.uribl.com/ Regards, Dave
Re: stackexchange.com in URIBL (false positive?) *** Spam 5.7
Oh I can surely change anything I want. But I don't want to weaken my spam filter. It's weak enough already. Spam is getting more and more through. It got to the point where I have to reconsider my complete mail receiving strategy with subaddresses, filters and a set of inbox subfolders to keep anything unknown away from me and only put in my inbox what I already know. -Yves Von: Reindl Harald Gesendet: Sa, 2018-07-28 21:23 +0200 Am 28.07.2018 um 21:20 schrieb Yves Goergen: I've received a notification e-mail from stackexchange.com (stackoverflow.com) with a high spam score. It has this line in its report: 5.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: stackexchange.com] I guess that's not supposed to be like that. I can't change anything at it, just for information for somebody in the position to fix that why in the world do you think you can't change anything as admin of your server? /etc/mail/spamassassin/local-06-uridnsbl-skip-domain.cf uridnsbl_skip_domain stackexchange.com
Re: stackexchange.com in URIBL (false positive?)
Yes, I have changed the value of this rule long ago. It seemed to be better. I may have to turn it down a little. And I am the admin myself but I'm no expert in spam fighting. Especially what the reason or source of that blacklisting is. I just see the rule matched and I consider that wrong because stackexchange is a service I use often and it never sent my anything unexpected. So what is the reason for this host being listed? -Yves Von: RW Gesendet: Sa, 2018-07-28 21:35 +0200 On Sat, 28 Jul 2018 21:20:49 +0200 Yves Goergen wrote: Hello, I've received a notification e-mail from stackexchange.com (stackoverflow.com) with a high spam score. It has this line in its report: 5.7 URIBL_BLACKContains an URL listed in the URIBL blacklist [URIs: stackexchange.com] I guess that's not supposed to be like that. The default is 1.7, 5.7 is extremely aggressive for that rule, particular when there's no BAYES_* result in the report. I can't change anything at it, just for information for somebody in the position to fix that. It's a very indirect way of getting to your local admin.
Re: stackexchange.com in URIBL (false positive?)
On Sat, 28 Jul 2018 21:20:49 +0200 Yves Goergen wrote: > Hello, > > I've received a notification e-mail from stackexchange.com > (stackoverflow.com) with a high spam score. It has this line in its > report: > >5.7 URIBL_BLACKContains an URL listed in the URIBL > blacklist [URIs: stackexchange.com] > > I guess that's not supposed to be like that. The default is 1.7, 5.7 is extremely aggressive for that rule, particular when there's no BAYES_* result in the report. > I can't change anything > at it, just for information for somebody in the position to fix that. It's a very indirect way of getting to your local admin.
Re: stackexchange.com in URIBL (false positive?)
5.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: stackexchange.com] I guess that's not supposed to be like that. I can't change anything at it, just for information for somebody in the position to fix that. It is indeed listed, and listed for a reason. The default score for URIBL_BLACK is 1.7 with bayes. Why have you changed it? You can request that it be delisted here: https://admin.uribl.com/ Regards, Dave
stackexchange.com in URIBL (false positive?)
Hello, I've received a notification e-mail from stackexchange.com (stackoverflow.com) with a high spam score. It has this line in its report: 5.7 URIBL_BLACKContains an URL listed in the URIBL blacklist [URIs: stackexchange.com] I guess that's not supposed to be like that. I can't change anything at it, just for information for somebody in the position to fix that. Here's the complete report: -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [198.252.206.125 listed in list.dnswl.org] 5.7 URIBL_BLACKContains an URL listed in the URIBL blacklist [URIs: stackexchange.com] -0.0 SPF_PASS SPF: Senderechner entspricht SPF-Datensatz 0.0 HTML_MESSAGE BODY: Nachricht enthält HTML -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNEDMessage has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -Yves
Re: URIBL False positive
On Tuesday, December 6, 2005, 1:26:32 PM, Brian Leyton wrote: I'm relatively new to SpamAssassin, but I've managed to get it working well in conjunction with MimeDefang. I'm having a strange problem though, which I hope someone can help me figure out. I'm on a hobby mailing list, and occasionally emails to this list are being tagged as spam by SpamAssassin, based on the website mentioned in the emails being on multiple URIBL lists. Strangely though, when I go to the SURBL checker at rulesemporium.com, the site is NOT shown as being listed on any of these lists. Bayes correctly considers these emails to NOT be spam, but the 4 URIBL positives are enough to put the score over the top. What version of SpamAssassin are you using? There is a bug in 3.0.x that can cause intermittent errors like this. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
RE: URIBL False positive
Jeff Chan wrote: What version of SpamAssassin are you using? There is a bug in 3.0.x that can cause intermittent errors like this. Spamassassin -V reports: SpamAssassin version 3.0.4 running on Perl version 5.8.6 Brian Leyton IT Manager Commercial Petroleum Equipment
Re: URIBL False positive
On Wednesday, December 7, 2005, 8:14:43 AM, Brian Leyton wrote: Jeff Chan wrote: What version of SpamAssassin are you using? There is a bug in 3.0.x that can cause intermittent errors like this. Spamassassin -V reports: SpamAssassin version 3.0.4 running on Perl version 5.8.6 Brian Leyton IT Manager Commercial Petroleum Equipment OK I can't remember if that one has the bug fix or not. 3.1 definitely does. What was the specific FP domain? Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
RE: URIBL False positive
Jeff Chan wrote: OK I can't remember if that one has the bug fix or not. 3.1 definitely does. What was the specific FP domain? Here's the scoring section of the SA report: Content analysis details: (5.5 points, 5.0 required) pts rule name description -- -- -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 2.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist [URIs: americanbroadcastdx.com] 0.4 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: americanbroadcastdx.com] 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: americanbroadcastdx.com] 4.3 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist [URIs: americanbroadcastdx.com] Brian Leyton IT Manager Commercial Petroleum Equipment
Re: URIBL False positive
On Wednesday, December 7, 2005, 8:31:06 AM, Brian Leyton wrote: Jeff Chan wrote: OK I can't remember if that one has the bug fix or not. 3.1 definitely does. What was the specific FP domain? Here's the scoring section of the SA report: Content analysis details: (5.5 points, 5.0 required) pts rule name description -- -- -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 2.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist [URIs: americanbroadcastdx.com] 0.4 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: americanbroadcastdx.com] 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: americanbroadcastdx.com] 4.3 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist [URIs: americanbroadcastdx.com] Brian Leyton IT Manager Commercial Petroleum Equipment Thanks. americanbroadcastdx.com was never on any SURBLs, so it's probably the bug. Please consider upgrading to 3.1 or possibly even 3.0.5 as this may fix the bug: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3997 The developers will know for sure about which versions the patch is in. Or you could perhaps apply the patch manually to 3.0.4. They would know that too. It may be worth asking if you have any unusual DNS arrangement such as proxying firewalls, etc. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
RE: URIBL False positive
Jeff Chan wrote: Thanks. americanbroadcastdx.com was never on any SURBLs, so it's probably the bug. Please consider upgrading to 3.1 or possibly even 3.0.5 as this may fix the bug: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3997 The developers will know for sure about which versions the patch is in. Or you could perhaps apply the patch manually to 3.0.4. They would know that too. It may be worth asking if you have any unusual DNS arrangement such as proxying firewalls, etc. Nothing unusual there. It uses the firewall (IPCop) as a caching DNS server, and the ISP's DNS as a fallback (not that that would help if the firewall were down). I'll see what I need to do to update. I think I used yum to install it in the first place, but something's hosed in the package dependencies. I'll get to work on that see if I can get a newer spamassassin installed. Thanks for your help! Brian Leyton IT Manager Commercial Petroleum Equipment
URIBL False positive
I'm relatively new to SpamAssassin, but I've managed to get it working well in conjunction with MimeDefang. I'm having a strange problem though, which I hope someone can help me figure out. I'm on a hobby mailing list, and occasionally emails to this list are being tagged as spam by SpamAssassin, based on the website mentioned in the emails being on multiple URIBL lists. Strangely though, when I go to the SURBL checker at rulesemporium.com, the site is NOT shown as being listed on any of these lists. Bayes correctly considers these emails to NOT be spam, but the 4 URIBL positives are enough to put the score over the top. I have included this domain in the whitelist in sa-mimedefang.cf, but that doesn't help. What might cause these lookups to return false positives? Brian Leyton IT Manager Commercial Petroleum Equipment
Re: URIBL False positive
Brian Leyton wrote: I'm relatively new to SpamAssassin, but I've managed to get it working well in conjunction with MimeDefang. I'm having a strange problem though, which I hope someone can help me figure out. I'm on a hobby mailing list, and occasionally emails to this list are being tagged as spam by SpamAssassin, based on the website mentioned in the emails being on multiple URIBL lists. Strangely though, when I go to the SURBL checker at rulesemporium.com, the site is NOT shown as being listed on any of these lists. Are you sure you are checking the right domain at the surbl website? There could be many domains checked, did you check them all? Have you tried pumping the message through the command-line SA? Bayes correctly considers these emails to NOT be spam, but the 4 URIBL positives are enough to put the score over the top. I have included this domain in the whitelist in sa-mimedefang.cf, but that doesn't help. How, exactly, did you do this? whitelist_from? whitelist_from_rcvd? Either of those, if set properly, should cause a -100 point bias to the message, clearly way beyond the reach of URIBL FPs. That suggests to me you used something else, or it's not working due using the wrong second parameter on a whitelist_from_rcvd. What might cause these lookups to return false positives? It could be a short-term listing that got pulled from SURBL shortly after being added. However, if it's persistent, that's unlikely.
