Re: blacklist-uri.cf
Jeff Chan wrote: On Sunday, December 10, 2006, 3:50:33 AM, Arthur CPTeam wrote: Howdy, As Matt says, SURBLs are included in the default configuration for SA since 3.0. Be sure to have a recent Net::DNS installed and to enable network tests with the appropriate flags: http://www.surbl.org/faq.html#nettest You should see lots of SURBL rules hitting, along with RBL rules. Jeff C. -- SA=3.1.7 How could I make sure that network tests are enabled if SA is invoked by MailScanner through perl API? Never could understand this... Don't know. Could be an appropriate question for the Mailscanner list. If you get an answer, please let us know here so I can add it to our FAQ above. Cheers, Jeff C. MailScanner --debug-sa -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **
Re: blacklist-uri.cf
On Sunday, December 10, 2006, 3:50:33 AM, Arthur CPTeam wrote: > Howdy, >> As Matt says, SURBLs are included in the default configuration >> for SA since 3.0. Be sure to have a recent Net::DNS installed >> and to enable network tests with the appropriate flags: >> >> http://www.surbl.org/faq.html#nettest >> >> You should see lots of SURBL rules hitting, along with RBL rules. >> >> Jeff C. >> -- > SA=3.1.7 > How could I make sure that network tests are enabled if SA is invoked by > MailScanner through perl API? Never could understand this... Don't know. Could be an appropriate question for the Mailscanner list. If you get an answer, please let us know here so I can add it to our FAQ above. Cheers, Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: blacklist-uri.cf
On 8-Dec-2006, at 19:25, Matt Kettler wrote: The 25_uribl.cf that comes with, and is automatically installed with, SpamAssassin 3.0.0 and higher has all the SURBL lists in it. Ah, there we go. It's been so long since I actually DID anything with SA's config I completely forgot about /usr/local/share/spamassassin never mind, nothing to see here :) -- Living is easy with eyes closed, misunderstanding all you see
Re: blacklist-uri.cf
LuKreme wrote:
> On 8-Dec-2006, at 16:11, Matt Kettler wrote:
>> It uses an *ABSURD* amount of memory, and is 100% redundant with the WS
>> list on surbl.org.
>
> The WS list? I don't think I'm setup for SURBL. I'm running RDJ with
SURBL is part of the standard SA ruleset, nothing to do with RDJ..
>
>
> and with the following plugins/modules
>
> # grep -e "^load" /usr/local/etc/mail/spamassassin/*.pre | awk {'print
> $2'}
> Mail::SpamAssassin::Plugin::URIDNSBL
You're set up for SURBL, including WS..
>
> so I guess SURBL is setup, but how do I feed it a specific list like WS?
It's already in there as a part of the stock ruleset, URIBL_WS_SURBL is
the rule.
> And should I replace EvilNumbers and SARE_SPAMCOP with
evilnumbers is completely unrelated. It detects phone numbers, not URI's.
SARE_SPAMCOP doesn't detect URI's either it detects blacklisted.
However, you should get rid of it too as it's redundant with
RCVD_IN_BL_SPAMCOP_NET from the standard ruleset. This ruleset is only
useful for people who have DNS disabled entirely. (ie: they use the
-Lcommand line parameter to disable all network checks)
> be.surbl.or and sc.surbl.org respectively?
be.surbl.org is *DEAD* it's data was originally derived from bigevil.cf
(not evilnumbers), but it has been rolled into ws.surbl.org, along with
blacklist_uri.cf.
> Or just use multi.surbl.org and be?
Just use multi.surbl.org as the default SA ruleset has it, you don't
need to do anything else other than get rid of blacklist_uri, and I'd
recomend getting rid of the spamcop ruleset too.
>> 2) the idea of adding 100ms of latency for a DNS lookup has kept you
>> form enabling the URIBL plugin.
>
> well, it looks like the PLUGIN is enabled, but I certainly am not
> seeing where to tell it what lists to use.
You don't need to tell it what lists to use necause the rules are
already there, all you need to do is load the plugin and the rules
spring into action on their own.
>
> It looks like I have to build my own rules/cf files in order to enable
> these checks?
Nope.
> Are there pre-rolled cf files for the various SURBLs?
The 25_uribl.cf that comes with, and is automatically installed with,
SpamAssassin 3.0.0 and higher has all the SURBL lists in it.
If you're using sa-update you've probably also picked up rules for
uribl.com's URIBL's too. Otherwise, if you feel the need to add on, you
can get rules for their URIBL at the website on www.uribl.com.
uribl.com's URIBL_BLACK tends to have a higher hitrate than the surbl
lists, but is also slightly more prone to false positives in my experience.
Re: blacklist-uri.cf
On 8-Dec-2006, at 16:11, Matt Kettler wrote:
It uses an *ABSURD* amount of memory, and is 100% redundant with
the WS
list on surbl.org.
The WS list? I don't think I'm setup for SURBL. I'm running RDJ with
TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS RANDOMVAL
BOGUSVIRUS SARE_ADULT SARE_FRAUD SARE_BML SARE_SPOOF
SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER_ABUSE
SARE_SPECIFIC SARE_CODING_HTML SARE_GENLSUBJ SARE_UNSUB SARE_URI0
SARE_REDIRECT_POST300 SARE_OBFU SARE_SPAMCOP_TOP200";
and with the following plugins/modules
# grep -e "^load" /usr/local/etc/mail/spamassassin/*.pre | awk
{'print $2'}
Mail::SpamAssassin::Plugin::URIDNSBL
Mail::SpamAssassin::Plugin::Hashcash
Mail::SpamAssassin::Plugin::SPF
Mail::SpamAssassin::Plugin::DCC
Mail::SpamAssassin::Plugin::Pyzor
Mail::SpamAssassin::Plugin::Razor2
Mail::SpamAssassin::Plugin::SpamCop
Mail::SpamAssassin::Plugin::AntiVirus
Mail::SpamAssassin::Plugin::AWL
Mail::SpamAssassin::Plugin::AutoLearnThreshold
Mail::SpamAssassin::Plugin::TextCat
Mail::SpamAssassin::Plugin::WhiteListSubject
Mail::SpamAssassin::Plugin::MIMEHeader
Mail::SpamAssassin::Plugin::ReplaceTags
Mail::SpamAssassin::Plugin::DKIM
so I guess SURBL is setup, but how do I feed it a specific list like
WS? And should I replace EvilNumbers and SARE_SPAMCOP with
be.surbl.or and sc.surbl.org respectively? Or just use
multi.surbl.org and be?
2) the idea of adding 100ms of latency for a DNS lookup has
kept you
form enabling the URIBL plugin.
well, it looks like the PLUGIN is enabled, but I certainly am not
seeing where to tell it what lists to use.
It looks like I have to build my own rules/cf files in order to
enable these checks? Are there pre-rolled cf files for the various
SURBLs?
--
Living is easy with eyes closed, misunderstanding all you see
Re: blacklist-uri.cf
LuKreme wrote: > > Is there something about > > blacklist-uri.cf > > That I should know? It uses an *ABSURD* amount of memory, and is 100% redundant with the WS list on surbl.org. Don't use it unless BOTH of the following are true: 1) the idea of increasing your mailserver memory load by a couple of gigs doesn't worry you. 2) the idea of adding 100ms of latency for a DNS lookup has kept you form enabling the URIBL plugin. > If I install it I seem to get lint errors in seemingly random > locations (usually when it reads $HOME/.spamassassin/user_pref but it > can be several other places as well) > > As a note, it WAS running for a long time on my mailserver without > issue, but recently RDJ has been giving me lint errors and after > testing each .cf file I found that one was the culprit.
blacklist-uri.cf
Is there something about blacklist-uri.cf That I should know? If I install it I seem to get lint errors in seemingly random locations (usually when it reads $HOME/.spamassassin/ user_pref but it can be several other places as well) As a note, it WAS running for a long time on my mailserver without issue, but recently RDJ has been giving me lint errors and after testing each .cf file I found that one was the culprit. -- You are responsible for your Rose Rule #5 Get Kirsten Dunst Wet
RE: Blacklist-uri.cf problem
Seems the maintainer has already fixed this issue in version 200512011033, so uhm.. Nevermind :) John Narron| "Sacrifice, they always say Network Administration | Is a sign of nobility CDS/CDSinet, LLC | But where does one draw the line http://www.cdsinet.net | In the face of injury?" (660) 886 4045 | - Queensryche > -Original Message- > From: Casey King [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 01, 2005 11:24 AM > To: [EMAIL PROTECTED]; users@spamassassin.apache.org > Subject: RE: Blacklist-uri.cf problem > > I will definitely do this, but what happens when the update comes in > tomorrow...will this be fixed by then? >
RE: Blacklist-uri.cf problem
...and I thank you for helping me, b/c I couldn't figure it out...I can admit that I am not too bright. I hope you didn't feel I was being spiteful...no reason for that...maybe all of the other events of the day here at work are starting to get to me a little. Sorry if I came off a bit jaded. -Original Message- From: John Narron [mailto:[EMAIL PROTECTED] Sent: Thursday, December 01, 2005 11:29 AM To: 'Casey King'; users@spamassassin.apache.org Subject: RE: Blacklist-uri.cf problem Dunno, I don't maintain it, just providing a workaround until it can be properly fixed by the maintainer :) John Narron| "Sacrifice, they always say Network Administration | Is a sign of nobility CDS/CDSinet, LLC | But where does one draw the line http://www.cdsinet.net | In the face of injury?" (660) 886 4045 | - Queensryche > -Original Message- > From: Casey King [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 01, 2005 11:24 AM > To: [EMAIL PROTECTED]; users@spamassassin.apache.org > Subject: RE: Blacklist-uri.cf problem > > I will definitely do this, but what happens when the update comes in > tomorrow...will this be fixed by then? >
RE: Blacklist-uri.cf problem
Dunno, I don't maintain it, just providing a workaround until it can be properly fixed by the maintainer :) John Narron| "Sacrifice, they always say Network Administration | Is a sign of nobility CDS/CDSinet, LLC | But where does one draw the line http://www.cdsinet.net | In the face of injury?" (660) 886 4045 | - Queensryche > -Original Message- > From: Casey King [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 01, 2005 11:24 AM > To: [EMAIL PROTECTED]; users@spamassassin.apache.org > Subject: RE: Blacklist-uri.cf problem > > I will definitely do this, but what happens when the update comes in > tomorrow...will this be fixed by then? >
RE: Blacklist-uri.cf problem
I will definitely do this, but what happens when the update comes in
tomorrow...will this be fixed by then?
-Original Message-
From: John Narron [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 01, 2005 11:15 AM
To: 'Casey King'; users@spamassassin.apache.org
Subject: RE: Blacklist-uri.cf problem
In sa-blacklist.current.uri.cf, edit line 16:
uri WLS_URI_OPT_0 m/\b//document-records.com\b/i
to look like:
uri WLS_URI_OPT_0 m/\b\/document-records.com\b/i
If you have any sa-blacklist.current.uri.cf. files, delete those
and re-run RDJ
John Narron| "Sacrifice, they always say
Network Administration | Is a sign of nobility
CDS/CDSinet, LLC | But where does one draw the line
http://www.cdsinet.net | In the face of injury?"
(660) 886 4045 | - Queensryche
From: Casey King [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 01, 2005 10:42 AM
To: 'SpamAssassin Users'
Subject: Blacklist-uri.cf problem
As of this morning (aproximately 6:30am up to now.) all three of
my systems have failed to update RDJ. This is what I am getting as an
error.
Rules Du Jour Run Summary:RulesDuJour Run Summary on wks-lin9:
William Stearn's URI blacklist has changed on wks-lin9.
Version line: #sa-blacklist.uri: 200512010914
***WARNING***: spamassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is: mv -f
/etc/mail/spamassassin/blacklist-uri.cf
/etc/mail/spamassassin/RulesDuJour/sa-blacklist.current.uri.cf.2; mv -f
/etc/mail/spamassassin/RulesDuJour/blacklist-uri.cf.20051201-1019
/etc/mail/spamassassin/blacklist-uri.cf;
Lint output: [2514] warn: Backslash found where operator
expected at (eval 3485) line 1, near "com\"
[2514] warn: config: invalid regexp for rule WLS_URI_OPT_0:
m//document-records.co/i: syntax error
[2514] warn: config: warning: description exists for
non-existent rule WLS_URI_OPT_0
[2514] warn: config: warning: score set for non-existent rule
WLS_URI_OPT_0
[2514] warn: lint: 3 issues detected, please rerun with debug
enabled for more information
RE: Blacklist-uri.cf problem
In sa-blacklist.current.uri.cf, edit line 16:
uri WLS_URI_OPT_0 m/\b//document-records.com\b/i
to look like:
uri WLS_URI_OPT_0 m/\b\/document-records.com\b/i
If you have any sa-blacklist.current.uri.cf. files, delete those and
re-run RDJ
John Narron| "Sacrifice, they always say
Network Administration | Is a sign of nobility
CDS/CDSinet, LLC | But where does one draw the line
http://www.cdsinet.net | In the face of injury?"
(660) 886 4045 | - Queensryche
From: Casey King [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 01, 2005 10:42 AM
To: 'SpamAssassin Users'
Subject: Blacklist-uri.cf problem
As of this morning (aproximately 6:30am up to now.) all three of my
systems have failed to update RDJ. This is what I am getting as an error.
Rules Du Jour Run Summary:RulesDuJour Run Summary on wks-lin9:
William Stearn's URI blacklist has changed on wks-lin9.
Version line: #sa-blacklist.uri: 200512010914
***WARNING***: spamassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is: mv -f /etc/mail/spamassassin/blacklist-uri.cf
/etc/mail/spamassassin/RulesDuJour/sa-blacklist.current.uri.cf.2; mv -f
/etc/mail/spamassassin/RulesDuJour/blacklist-uri.cf.20051201-1019
/etc/mail/spamassassin/blacklist-uri.cf;
Lint output: [2514] warn: Backslash found where operator expected at
(eval 3485) line 1, near "com\"
[2514] warn: config: invalid regexp for rule WLS_URI_OPT_0:
m//document-records.co/i: syntax error
[2514] warn: config: warning: description exists for non-existent
rule WLS_URI_OPT_0
[2514] warn: config: warning: score set for non-existent rule
WLS_URI_OPT_0
[2514] warn: lint: 3 issues detected, please rerun with debug
enabled for more information
Blacklist-uri.cf problem
Title: Blacklist-uri.cf problem
As of this morning (aproximately 6:30am up to now…) all three of my systems have failed to update RDJ. This is what I am getting as an error.
Rules Du Jour Run Summary:RulesDuJour Run Summary on wks-lin9:
William Stearn's URI blacklist has changed on wks-lin9.
Version line: #sa-blacklist.uri: 200512010914
***WARNING***: spamassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is: mv -f /etc/mail/spamassassin/blacklist-uri.cf /etc/mail/spamassassin/RulesDuJour/sa-blacklist.current.uri.cf.2; mv -f /etc/mail/spamassassin/RulesDuJour/blacklist-uri.cf.20051201-1019 /etc/mail/spamassassin/blacklist-uri.cf;
Lint output: [2514] warn: Backslash found where operator expected at (eval 3485) line 1, near "com\"
[2514] warn: config: invalid regexp for rule WLS_URI_OPT_0: m//document-records.co/i: syntax error
[2514] warn: config: warning: description exists for non-existent rule WLS_URI_OPT_0
[2514] warn: config: warning: score set for non-existent rule WLS_URI_OPT_0
[2514] warn: lint: 3 issues detected, please rerun with debug enabled for more information
###
Trying to figure out what the issue is. I opened the current blacklist-uri.cf, and searched for "document-records"…not too hard to find since it was at the top of the file. I commented those lines out and ran RDJ from the command line, and came up with the same problem. Seeing this didn't fix the problem, I ran spamassassin --lint, and it ran without errors.
My current configuration is as follows:
rules_du_jour file is v1.27, and I commented out
#ANTIDRUG=7;
# CF_URLS[7]="http://mywebpages.comcast.net/mkettler/sa/antidrug.cf"
# CF_FILES[7]="antidrug.cf";
# CF_NAMES[7]="Matt Kettler's AntiDrug";
#PARSE_NEW_VER_SCRIPTS[7]="${PERL} -ne 'print if /^\s*#.*(vers?|version|rev|revision)[:\.\s]*[0-9]/i;' | sort | ${TAIL}";
/etc/rulesdujour/config
# changed 2005.12.01 CLK
# modified: Removed ANTIDRUG
# Comes as part of SA 3.1
# TRUSTED_RULESETS="TRIPWIRE ANTIDRUG EVILNUMBERS BLACKLIST_URI RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_FRAUD SARE_BML SARE_RATWARE SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER_ABUSE SARE_SPECIFIC SARE_CODING_HTML SARE_GENLSUBJ SARE_UNSUB SARE_URI SARE_REDIRECT_POST300";
TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS BLACKLIST_URI RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_FRAUD SARE_BML SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER_ABUSE SARE_SPECIFIC SARE_CODING_HTML SARE_GENLSUBJ SARE_UNSUB SARE_URI0 SARE_REDIRECT_POST300 SARE_OBFU SARE_SPAMCOP_TOP200";
SA_DIR="/etc/mail/spamassassin";
SA_RESTART="/etc/init.d/MailScanner restart";
## I started adding to list after SARE_RANDOM
## Here is a list of the rulesets setup below ##
## TRIPWIRE
## EVILNUMBERS
## BLACKLIST_URI
## RANDOMVAL
## BOGUSVIRUS
## SARE_ADULT
## SARE_FRAUD
## SARE_BML
## SARE_SPOOF
## SARE_BAYES_POISON_NXM
## SARE_OEM
## SARE_RANDOM
## SARE_HEADER_ABUSE
## SARE_SPECIFIC
## SARE_CODING_HTML
## SARE_GENLSUBJ
## SARE_UNSUB
## SARE_URI0
## SARE_REDIRECT_POST300
## SARE_SPAMCOP_TOP200
## SARE_OBFU
##
# NON AUTO-UPDATED RULES #
## 2005.11.21
## BACKHAIR
## CHICKENPOX
## DIVSPELLRULES
## RCDIVOBS
## ANTIDRUG (part of SA 3.1)
##
