Benny Pedersen wrote on 21/05/21 4:59 am:
only place i find it https://spameatingmonkey.com/lookup/libehat
Spameatingmonkey lists it as "This domain was first registered within
the last 30 days Listings automatically expire in less than 30 days"
It was registered on April 23. Maybe see
John Hardin wrote on 21/05/21 2:28 am:
Odd, the URIBL website lookup tool says libera (.chat) is not listed,
and didn't yesterday when you first posted this.
https://admin.uribl.com/
Lookup Results (obfuscated just in case)
Domain Status
libera_chat NOT Listed on
listed on URIBL too:
http://lookup.uribl.com/?domain=libera.chat
Ot at least it is *now* , maybe it comes and goes for some reasons
...and now it's listed at https://admin.uribl.com/ as well.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impse
On 20/05/21 18:59, Benny Pedersen wrote:
Is that not working correctly?
only place i find it https://spameatingmonkey.com/lookup/libera.chat
Hi,
by checking: http://multirbl.valli.org/lookup/libera.chat.html
it looks like that is indeed listed on URIBL too:
http://lookup.uribl.com
On 2021-05-20 16:28, John Hardin wrote:
On Thu, 20 May 2021, Noel Butler wrote:
Odd, the URIBL website lookup tool says libera (.chat) is not listed,
and didn't yesterday when you first posted this.
Is that not working correctly?
only place i find it https://spameatingmonkey.com/l
URI
Domain Status Manage
libe.cxxx Listed on URIBL black
Odd, the URIBL website lookup tool says libera (.chat) is not listed,
and didn't yesterday when you first posted this.
https://admin.uribl.com/
Lookup Results (obfuscated just in case)
DomainStatus
libera_chat
Bill Cole wrote on 20/05/21 1:58 pm:
The new domain was NOT listed in any RHSBL at 13:55 UTC.
The first of its four ip addresses, 185.199.108.153, is on
sbl.spamhaus.org but not the domain name.
That is the only match that shows up in the list of RBLs checked at
ant-abuse.org Multi-RBL Chec
Listed on URIBL black
at 02:46 UTC
someone has made a delist request about 8 hours ago though
strange that a service that has a policy of not saying why they list is
included in default SA
(btw - I have no affiliation with either party - I'm just mentioning it
here since its where I f
On 2021-05-19 at 21:13:41 UTC-0400 (Thu, 20 May 2021 11:13:41 +1000)
Noel Butler
is rumored to have said:
By now most of you are aware of the hostile takeover of freenode and
the mass exodus that's currently underway (if not see kline.sh for
more) [1]
Interestingly it seems uribl.com has th
On 02/04/2021 13:46, Wolfgang Breyha wrote:
Hi!
It seems that 3.4.5 changed the behavior of URIBL lookups in a quite bad
way compared to 3.4.4.
Just as a pointer:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7897
Greetings,
Wolfgang
Hi!
It seems that 3.4.5 changed the behavior of URIBL lookups in a quite bad
way compared to 3.4.4.
I have I urirhs lookup defined like:
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
urirhssub URIBL_DENY uribl.local.A 8
bodyURIBL_DENY eval:check_uridnsbl
On 9/26/2018 10:59 AM, Pedro David Marco wrote:
>
> On Sunday, September 23, 2018, 12:55:28 AM GMT+2, Kevin A. McGrail
> wrote:
>
> >It's fractured. There are various lookups in various states in
> various plugins.
>
> >From, Reply-to, Received, nameservers, rdns, webmail server headers,
> >etc.
On Sunday, September 23, 2018, 12:55:28 AM GMT+2, Kevin A. McGrail
wrote:
>It's fractured. There are various lookups in various states in various
>plugins.
>From, Reply-to, Received, nameservers, rdns, webmail server headers,
>etc. are all enhancements I want to add for RBL lookups.
On 9/22/2018 5:55 PM, Michael Grant wrote:
The URIBL plugin looks for URLs in the subject and message body.
Is there some way to coax it to look in the other headers as well, for
example the From: Reply-to: or the Received headers?
Michael,
This reminds me of that saying, "just becaus
On Sun, 23 Sep 2018 20:37:48 +0100
Michael Grant wrote:
> I tried to read through the plugin. I'm not a spamassassin plugin
> developer, I didn't have much luck trying to figure out how to do it
> myself. I know this plugin only does subject and body but I saw
> nothing in the plugin itself tha
On Sat, 22 Sep 2018 at 23:55, Kevin A. McGrail wrote:
> On 9/22/2018 5:55 PM, Michael Grant wrote:
> > The URIBL plugin looks for URLs in the subject and message body.
> >
> > Is there some way to coax it to look in the other headers as well, for
> > example the From
On Sat, 22 Sep 2018 22:55:49 +0100
Michael Grant wrote:
> The URIBL plugin looks for URLs in the subject and message body.
>
> Is there some way to coax it to look in the other headers as well, for
> example the From: Reply-to: or the Received headers?
You can create individual rul
On 9/22/2018 5:55 PM, Michael Grant wrote:
> The URIBL plugin looks for URLs in the subject and message body.
>
> Is there some way to coax it to look in the other headers as well, for
> example the From: Reply-to: or the Received headers?
>
>
It's fractured. There are var
The URIBL plugin looks for URLs in the subject and message body.
Is there some way to coax it to look in the other headers as well, for
example the From: Reply-to: or the Received headers?
entry themselves, or the blacklist
operator needs a review.
-Yves
A third option would be for you to use uridnsbl_skip_domain and don't bother
anymore ;)
As of right now URIBL does not report stackexchange.com as being listed.
--
John Hardin KA7OHZhttp://
On 29/07/2018 09:53, Yves Goergen wrote:
No I can't because it's a locked system. I'd need an account for that.
And I'm not going to register just for saving another admin's system.
So either stackexchange admins repair their entry themselves, or the
blacklist operator needs a review.
-Yves
r needs a review.
-Yves
Von: Dave Wreski
Gesendet: Sa, 2018-07-28 21:29 +0200
5.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: stackexchange.com]
I guess that's not supposed to be like that. I can't change anyth
ackexchange.com
(stackoverflow.com) with a high spam score. It has this line in its report:
5.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: stackexchange.com]
I guess that's not supposed to be like that. I can't change anything at
Hello,
I've received a notification e-mail from stackexchange.com
(stackoverflow.com) with a high spam score. It has this line in its
report:
5.7 URIBL_BLACKContains an URL listed in the URIBL
blacklist [URIs: stackexchange.com]
I guess that's not supposed to be like that
On Sat, 28 Jul 2018 21:20:49 +0200
Yves Goergen wrote:
> Hello,
>
> I've received a notification e-mail from stackexchange.com
> (stackoverflow.com) with a high spam score. It has this line in its
> report:
>
>5.7 URIBL_BLACKContains an URL listed in t
5.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: stackexchange.com]
I guess that's not supposed to be like that. I can't change anything at
it, just for information for somebody in the position to fix that.
It is ind
Hello,
I've received a notification e-mail from stackexchange.com
(stackoverflow.com) with a high spam score. It has this line in its report:
5.7 URIBL_BLACKContains an URL listed in the URIBL blacklist
[URIs: stackexchange.com]
I guess that&
On 2/14/2017 10:01 AM, Emin Akbulut wrote:
-- Forwarded message --
From: *Bowie Bailey* mailto:bowie_bai...@buc.com>>
Date: Tue, Feb 14, 2017 at 5:44 PM
Subject: Re: Fwd: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to
URIBL was blocked.
To:
Emin Akbulut skrev den 2017-02-14 16:03:
It's Gmail. When I hit the reply button, it only sends the last
poster, -in this reply, it's you and I manually added users@-
gmail ignores List-* headers, leading to much more problems then users
using gmail
if you need more support on there broken g
Emin Akbulut skrev den 2017-02-14 15:27:
I'm confused a bit. Should I use forwarders or not?
no stop any forward dns
I was trying to follow that guide:
i do not care of windows problems here
use spamasassin docs on how to use specific ip as dns server, but not
global, only for spamassassi
;
>> Date: Tue, Feb 14, 2017 at 5:33 PM
>> Subject: Re: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL
>> was blocked.
>> To: "users@spamassassin.apache.org
>> <mailto:users@spamassassin.apache.org>"
>> mailto:users@spama
Emin Akbulut skrev den 2017-02-14 14:21:
How can I set the DNS conditional forwarders properly?
setup spamasassin to use 127.0.0.1 as dns server, not any remote ips
i dont know anything on how windows works :=)
> -- Forwarded message --
> From: Bowie Bailey
> Date: Tue, Feb 14, 2017 at 5:44 PM
> Subject: Re: Fwd: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL
> was blocked.
> To: users@spamassassin.apache.org
>
> That page is suggesting that you find the
On 2/14/2017 9:27 AM, Emin Akbulut wrote:
I'm confused a bit. Should I use forwarders or not?
I was trying to follow that guide:
-
As your issue with UTIBL_BLOCKED is a well-known one
I would like to point you the FAQ section of our homepage:
http
> -- Forwarded message --
> From: David Jones
> Date: Tue, Feb 14, 2017 at 5:33 PM
> Subject: Re: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
> blocked.
> To: "users@spamassassin.apache.org"
>
>
> Note that if your mail volum
>From: RW
>Sent: Tuesday, February 14, 2017 7:51 AM
>To: users@spamassassin.apache.org
>Subject: Re: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
>blocked.
>On Tue, 14 Feb 2017 16:21:04 +0300
>Emin Akbulut wrote:
>> Hi
>>
>> URIBL chec
I'm confused a bit. Should I use forwarders or not?
I was trying to follow that guide:
-
As your issue with UTIBL_BLOCKED is a well-known one
>
> I would like to point you the FAQ section of our homepage:
>
>
>
> http://www.jam-software.com/spamassassin_in_a_box/o
On Tue, 14 Feb 2017 16:21:04 +0300
Emin Akbulut wrote:
> Hi
>
> URIBL checks are blocked. I think bec. of so many queries. I'm
> advised to set up conditional forwarder on Windows DNS Server.
If you mean that you should *stop* forwarding this traffic than that
is correct. You
Hi
URIBL checks are blocked. I think bec. of so many queries. I'm advised to
set up conditional forwarder on Windows DNS Server.
I've added uribl.com as DNS zone and 54.149.125.143 as IP.
SA still tags the messages.
How can I set the DNS conditional forwarders properly?
Alex wrote:
> Hi,
>
> I've collected a bunch of URIs that I'd like to incorporate into my
> rulebase. I know how to create a DNSBL, but I don't specifically know
> how to create a URIBL. Can I use rbldnsd for this? Or would I have to
> extract the IP or hostn
On 10/18/2016 9:09 PM, Alex wrote:
How do you then enter ranges? For example, one of the rbldnsd zone
examples I've seen have entries such as:
1.168.160.0-255
That does not look to be in reverse order, as the host octet is still last.
while there may be a more complicated and unusual answer for
4tset
and ip4set for sending-IP blacklists.
Let me explain... but before I explain, let me say that I'm not arguing
for any of this. These standards were put in place long before my time
(and are followed by SURBL and URIBL, too). Or, at least I didn't set
these standards. I MIGHT h
On 10/19/2016 09:51 AM, Matus UHLAR - fantomas wrote:
On 18.10.16 20:03, Rob McEwen wrote:
So your three examples:
109 .73 .134 .241
would like like this:
.241 .134 .73 .109
NOTICE 2 things:
(2) the fact that the IP is in reverse order. The great part about
rbldnsd is that a lookup on
On 18.10.16 20:03, Rob McEwen wrote:
So your three examples:
109 .73 .134 .241
would like like this:
.241 .134 .73 .109
NOTICE 2 things:
(2) the fact that the IP is in reverse order. The great part about
rbldnsd is that a lookup on either
are you REALLY sure the IP has to be reversed
Hi,
> (2) the fact that the IP is in reverse order.
How do you then enter ranges? For example, one of the rbldnsd zone
examples I've seen have entries such as:
1.168.160.0-255
That does not look to be in reverse order, as the host octet is still last.
> foo.example.com:127.0.0.2:Blocked System
Alex,
here are some suggestions:
In your rbldnsd-formatted file, put a dot at the beginning, which serves
as a wildcard.
So your three examples:
109 .73 .134 .241
51steel1 .org
amessofblues1 .com
(I added spaces here to evade spam filtering, but those spaces shouldn't
actually be there)
On 10/18/2016 6:21 PM, Alex wrote:
Hi,
I've collected a bunch of URIs that I'd like to incorporate into my
rulebase. I know how to create a DNSBL, but I don't specifically know
how to create a URIBL. Can I use rbldnsd for this? Or would I have to
extract the IP or hostname fro
Hi,
I've collected a bunch of URIs that I'd like to incorporate into my
rulebase. I know how to create a DNSBL, but I don't specifically know
how to create a URIBL. Can I use rbldnsd for this? Or would I have to
extract the IP or hostname from the URL, then also use a bunch of u
On 2016-07-26 11:39, Reindl Harald wrote:
sadly it don't work as expected
https://bugzilla.redhat.com/show_bug.cgi?id=1360222
add forward-first: yes to forward zone
without you are qquery stale data in unbound
no i do not use bind9 now :=)
Am 06.07.2016 um 17:40 schrieb Reindl Harald:
Am 06.07.2016 um 17:35 schrieb John Hardin:
On Wed, 6 Jul 2016, Paul Stead wrote:
On 06/07/16 16:16, John Hardin wrote:
Does that cache-min-ttl also affect NXDOMAIN? Is it possible to
configure different TTL for NXDOMAIN (relatively low) and p
Am 06.07.2016 um 17:35 schrieb John Hardin:
On Wed, 6 Jul 2016, Paul Stead wrote:
On 06/07/16 16:16, John Hardin wrote:
Does that cache-min-ttl also affect NXDOMAIN? Is it possible to
configure different TTL for NXDOMAIN (relatively low) and positive
results (relatively high)?
For this
On Wed, 6 Jul 2016, Paul Stead wrote:
On 06/07/16 16:16, John Hardin wrote:
Does that cache-min-ttl also affect NXDOMAIN? Is it possible to
configure different TTL for NXDOMAIN (relatively low) and positive
results (relatively high)?
For this cache-max-negative-ttl exists :)
:) It's obvi
On Wed, 6 Jul 2016, Reindl Harald wrote:
Am 06.07.2016 um 14:36 schrieb RW:
On Tue, 5 Jul 2016 14:01:17 +0200
Reindl Harald wrote:
> since there is a local unbound-cache with
>
>cache-min-ttl: 300
thanks for the hint, but look at
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7
On 06/07/16 16:16, John Hardin wrote:
Does that cache-min-ttl also affect NXDOMAIN? Is it possible to
configure different TTL for NXDOMAIN (relatively low) and positive
results (relatively high)?
For this cache-max-negative-ttl exists :)
Paul
--
Paul Stead
Systems Engineer
Zen Internet
Am 06.07.2016 um 14:36 schrieb RW:
On Tue, 5 Jul 2016 14:01:17 +0200
Reindl Harald wrote:
since there is a local unbound-cache with
cache-min-ttl: 300
thanks for the hint, but look at
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7335#c8
reduce the value would make the problem even
On Tue, 5 Jul 2016 14:01:17 +0200
Reindl Harald wrote:
> since there is a local unbound-cache with
>
> cache-min-ttl: 300
You might want to review that. From http://uribl.com
July 8, 2015: Reduction in list time latency
The spam trend of late has been to use short lived, high-volume
ca
see also https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7335
BTW: the bugtracker has also a major bug - click on "My Bugs" leads to
the URL below listing a ton of bugreports back to the year 2011 and
pretends they are reported by me
https://bz.apache.org/SpamAssassin/buglist.cgi?bug_statu
Am 05.07.2016 um 14:01 schrieb Reindl Harald:
i have here a message with URIBL_ABUSE_SURBL Contains an URL listed in
the ABUSE SURBL blocklist
50% of all tries against spamd it does NOT hit while the scantime for
the whole message is arounnd 3 seconds - since there is a local
unbound-cache wit
i have here a message with URIBL_ABUSE_SURBL Contains an URL listed in
the ABUSE SURBL blocklist
50% of all tries against spamd it does NOT hit while the scantime for
the whole message is arounnd 3 seconds - since there is a local
unbound-cache with
cache-min-ttl: 300
cache-max-ttl: 10800
Am 14.06.2016 um 14:33 schrieb RW:
On Tue, 14 Jun 2016 12:40:34 +0200
Reindl Harald wrote:
when "uridnsbl" is wrong and don#t work the first paragraph just
needs to be removed
It's not wrong, uridnsbl and urirhsbl are different types of lookup. The
former targets spammer controlled web & dns
On Tue, 14 Jun 2016 12:40:34 +0200
Reindl Harald wrote:
> use
>
> urirhsbl BLAH uribl.thelounge.net. A
> or
> urirhssub BLAH uribl.thelounge.net. A 127.0.0.2
>
> instead of
> uridnsbl
>
> so no "as said the syntax seems to be correct" it is NOT
Am 14.06.2016 um 12:34 schrieb Tom Hendrikx:
On 14-06-16 11:47, Reindl Harald wrote:
Am 13.06.2016 um 22:53 schrieb Reindl Harald:
Am 13.06.2016 um 22:10 schrieb Axb:
HA! take a look into list and first thing you find is the moaner needing
help coz he so smart he looks at ANCIENT /3.2.x/d
On 14-06-16 11:47, Reindl Harald wrote:
>
> Am 13.06.2016 um 22:53 schrieb Reindl Harald:
>> Am 13.06.2016 um 22:10 schrieb Axb:
>>> HA! take a look into list and first thing you find is the moaner needing
>>> help coz he so smart he looks at ANCIENT /3.2.x/doc instead of
>>
>>> https://spamassa
Am 13.06.2016 um 22:53 schrieb Reindl Harald:
Am 13.06.2016 um 22:10 schrieb Axb:
HA! take a look into list and first thing you find is the moaner needing
help coz he so smart he looks at ANCIENT /3.2.x/doc instead of
https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Plugin_UR
< sample.eml 2> out.txt
* grep for the uribl don't show any call
uridnsbl URIBL_LOCAL uribl.thelounge.net. A
body URIBL_LOCAL eval:check_uridnsbl('URIBL_LOCAL')
describe URIBL_LOCAL Contains an URL listed in the URIBL blacklist
score URIBL_LOCAL 0.1
tflags
On 06/13/2016 09:12 PM, Reindl Harald wrote:
Am 13.06.2016 um 20:49 schrieb David B Funk:
On Mon, 13 Jun 2016, Reindl Harald wrote:
* the syntax seems to be correct
* domain listet and dig answers correctly on the sa-machine
* spamassassin -D < sample.eml 2> out.txt
* grep for the
Am 13.06.2016 um 20:49 schrieb David B Funk:
On Mon, 13 Jun 2016, Reindl Harald wrote:
* the syntax seems to be correct
* domain listet and dig answers correctly on the sa-machine
* spamassassin -D < sample.eml 2> out.txt
* grep for the uribl don't show any call
uridnsbl
On Mon, 13 Jun 2016, Reindl Harald wrote:
* the syntax seems to be correct
* domain listet and dig answers correctly on the sa-machine
* spamassassin -D < sample.eml 2> out.txt
* grep for the uribl don't show any call
uridnsbl URIBL_LOCAL uribl.thelounge.net. A
body
* the syntax seems to be correct
* domain listet and dig answers correctly on the sa-machine
* spamassassin -D < sample.eml 2> out.txt
* grep for the uribl don't show any call
uridnsbl URIBL_LOCAL uribl.thelounge.net. A
body URIBL_LOCAL eval:check_uridnsbl('URIBL_
SHORT_URIBL has
undefined dependency 'URIBL_SC_SURBL'
This is somewhat of a public service announcement for those of you who
may also be affected. It appears to me that the URIBL rules above that
are failing have all been replaced with the one URIBL_ABUSE_SURBL
rule.
Regards,
Alex
Hi,
>> Is there any reason to not use the bl.score.sendrescore.com with
>> postscreen? I don't understand the distinction
>
> why?
>
> postscreen is supposed to be configured with sensible scoring to reject most
> spam without false positives long before it reachs smtpd or even expesnive
> content
Am 03.03.2016 um 02:44 schrieb Alex:
Is there any reason to not use the bl.score.sendrescore.com with
postscreen? I don't understand the distinction
why?
postscreen is supposed to be configured with sensible scoring to reject
most spam without false positives long before it reachs smtpd or
Hi,
Some time ago, David Jones wrote:
> In a related note, I have found that using the senderscore.org score combined
> with postscreen's weighting is very effective in quickly catching new
> spammers.
>
> postscreen_dnsbl_sites =
> score.senderscore.com=127.0.4.[60..69]*2
> score.senderscore
On 16/02/2016 01:08, Shawn Bakhtiar wrote:
There are A LOT more people out there, far greater than just the
Googles and Yahoos of the world, and to block IP addresses/subnets
without an automated system using definable metric (that usually is
enterprise specific), invariably IT will be inundate
I use to spend a lot of time blocking hosts and subnets, using IP tables, of
malicious providers who would let any tom, dick, and Harry (no pun intended) to
host spam hosts/relays on their servers. What I ended up doing is also blocking
a lot SMB vendors from sending legitimate emails to users b
On 15/02/2016 09:02, Reindl Harald wrote:
Am 14.02.2016 um 23:34 schrieb Noel Butler:
On 14/02/2016 01:46, Alex wrote:
rejecting outright at the SMTP level for IPs reaching my honeypots
could be dangerous if not checked.
how so? if your honey pots use specific non human used (ever)
addresse
Am 14.02.2016 um 23:34 schrieb Noel Butler:
On 14/02/2016 01:46, Alex wrote:
rejecting outright at the SMTP level for IPs reaching my honeypots
could be dangerous if not checked.
how so? if your honey pots use specific non human used (ever) addresses,
then there should never ever be a genuin
On 14/02/2016 01:46, Alex wrote:
rejecting outright at the SMTP level for IPs reaching my honeypots
could be dangerous if not checked.
how so? if your honey pots use specific non human used (ever) addresses,
then there should never ever be a genuine mail destined for it.
I dont care who
On Sun, 14 Feb 2016, Allen Chen wrote:
On 2/12/2016 8:48 AM, Axb wrote:
On 02/12/2016 02:39 PM, Alex wrote:
> For some time now I've been cycling URLs and IPs through a mariadb
> database gathered from incoming mail on a honeypot I've created.
> Surprising how many are received ahead of sp
On 2/12/2016 8:48 AM, Axb wrote:
On 02/12/2016 02:39 PM, Alex wrote:
Hi,
For some time now I've been cycling URLs and IPs through a mariadb
database gathered from incoming mail on a honeypot I've created.
Surprising how many are received ahead of spamhaus/barracuda.
I'm looking for ideas on h
>> DNS is very effective to block at the MTA level. I setup my own private
>> RBL on the DNS servers my SA boxes point to. Dump your IPs into a
>> rbldnsd formatted zone file and setup your private RBL zone (doesn't
>> have to be a real zone on the Internet) to forward to rbldnsd. Rbldnsd
>> wil
On Sat, 13 Feb 2016, Alex wrote:
I've now got rbldnsd implemented. I've also known for a while it's
faster/better than bind, but bind has always been in place.
I have rbldnsd running on port 530, alongside bind on 53. How do I
specify a urirhsbl in spamassassin to query the DNS server running o
Am 13.02.2016 um 16:46 schrieb Alex:
DNS is very effective to block at the MTA level. I setup my own private
RBL on the DNS servers my SA boxes point to. Dump your IPs into a
rbldnsd formatted zone file and setup your private RBL zone (doesn't
have to be a real zone on the Internet) to forwar
Hi,
> DNS is very effective to block at the MTA level. I setup my own private
> RBL on the DNS servers my SA boxes point to. Dump your IPs into a
> rbldnsd formatted zone file and setup your private RBL zone (doesn't
> have to be a real zone on the Internet) to forward to rbldnsd. Rbldnsd
> wil
On Fri, 2016-02-12 at 07:30 -0800, Marc Perkel wrote:
> Yeah - unless you write your own SA module using DNS is the quick
> easy solution.
>
If Alex already has a set of scripts that populate and maintain the
database that he's happy with, then the quick and easy way may be to
make a custom SA mo
On Feb 12, 2016, at 5:39 AM, Alex
mailto:mysqlstud...@gmail.com>> wrote:
Hi,
For some time now I've been cycling URLs and IPs through a mariadb
database gathered from incoming mail on a honeypot I've created.
Surprising how many are received ahead of spamhaus/barracuda.
I'm looking for ideas
On 02/12/16 05:39, Alex wrote:
Hi,
For some time now I've been cycling URLs and IPs through a mariadb
database gathered from incoming mail on a honeypot I've created.
Surprising how many are received ahead of spamhaus/barracuda.
I'm looking for ideas on how to now make this information availa
On Fri, 2016-02-12 at 08:39 -0500, Alex wrote:
> Is it possible for spamassassin to query a database directly?
>
Yes, with a plugin.
I've been doing the opposite for some years now: I archive all my
outgoing mail and most of my non-spam incoming mail in a Postgres
database and use this as a whit
>
>From: Alex
>For some time now I've been cycling URLs and IPs through a mariadb
>database gathered from incoming mail on a honeypot I've created.
>Surprising how many are received ahead of spamhaus/barracuda.
Major RBLs like that keep up with lots of da
On 02/12/2016 02:39 PM, Alex wrote:
Hi,
For some time now I've been cycling URLs and IPs through a mariadb
database gathered from incoming mail on a honeypot I've created.
Surprising how many are received ahead of spamhaus/barracuda.
I'm looking for ideas on how to now make this information av
Hi,
For some time now I've been cycling URLs and IPs through a mariadb
database gathered from incoming mail on a honeypot I've created.
Surprising how many are received ahead of spamhaus/barracuda.
I'm looking for ideas on how to now make this information available to
spamassassin on my producti
On Wed, 03 Jun 2015 11:22:42 +0200
Reindl Harald wrote:
>
> Am 02.06.2015 um 16:30 schrieb RW:
> > On Tue, 02 Jun 2015 14:36:07 +0200
> > Reindl Harald wrote:
> >
> >> given that USER_IN_SPF_WHITELIST score with -100 here there is no
> >> real point to fire up all the other tests, it's clear anyw
Am 02.06.2015 um 16:30 schrieb RW:
On Tue, 02 Jun 2015 14:36:07 +0200
Reindl Harald wrote:
given that USER_IN_SPF_WHITELIST score with -100 here there is no
real point to fire up all the other tests, it's clear anyways that
this message will pass
As far as possible spamassassin does network
On Tue, 02 Jun 2015 14:36:07 +0200
Reindl Harald wrote:
> given that USER_IN_SPF_WHITELIST score with -100 here there is no
> real point to fire up all the other tests, it's clear anyways that
> this message will pass
As far as possible spamassassin does network test in parallel with each
other
is there a way to skip DNSBL/URIBL if a message hits the rule below, i
tried to define dnsbl-rules with "priority CUST_DNSBL -450" but that
don't change anything
given that USER_IN_SPF_WHITELIST score with -100 here there is no real
point to fire up all the other tests, it&
On 5/11/2015 9:46 AM, Reindl Harald wrote:
stripped down and anonymized sample attached
the real bad thing is that the part triggering the URIBL rules wrongly
is the quote of the signature from the message replied to
Am 11.05.2015 um 15:13 schrieb Reindl Harald:
i face false positives where
t;com" in front is indeed on both URIBL but it just
don#t exist in the messages at all - why does SA extract the domains
wrong from the mailsource when there is no "comfacebook" at all
besides the SA report?
URIBL_DBL_SPAM Contains a spam URL
[URIs: com__facebook.com]
URIBL_B
On 5/11/2015 9:13 AM, Reindl Harald wrote:
i face false positives where the links are just "facebook.com" with
the http-prefix in front and NOT "com" between the http-prefix and the
real facebook domain
the domain with "com" in front is indeed on both URIBL b
i face false positives where the links are just "facebook.com" with the
http-prefix in front and NOT "com" between the http-prefix and the real
facebook domain
the domain with "com" in front is indeed on both URIBL but it just don#t
exist in the messages at
On Sun, 2015-05-03 at 23:02 +0200, Adam Major wrote:
> Hello
>
> > Seeing this in most of the markups
> >
> > 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
> > blocked.
> >See
> > http://wiki.apache.
1 - 100 of 447 matches
Mail list logo