> -----Original Message-----
> From: Darren Coleman [mailto:[EMAIL PROTECTED]
> Sent: 12 January 2005 15:29
> To: Jack L. Stone; Loren Wilton; users@spamassassin.apache.org
> Subject: RE: Lots of spam being missed with SA 3.0.2 + lots of
RulesEmp
> rules
> 
> Hmm..
> 
> I got the following on that message (having reconfigured SURBL):
> 
> Content analysis details:   (8.0 points, 5.0 required)
>  0.3 RM_hm_EmtyMsgid        Message ID is empty, or just spaces -
> probable spamsign
>  0.3 SARE_WEOFFER           BODY: Offers Something
>  2.5 MANGLED_CIALIS         BODY: mangled Cialis
>  0.0 BAYES_50               BODY: Bayesian spam probability is 40 to
60%
>                             [score: 0.5170]
>  0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above
> 50%
>                             [cf: 100]
>  1.5 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
>  0.4 URIBL_AB_SURBL         Contains an URL listed in the AB SURBL
> blocklist
>                             [URIs: aujobs.net]
>  1.5 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL
> blocklist
>                             [URIs: aujobs.net]
>  4.3 URIBL_SC_SURBL         Contains an URL listed in the SC SURBL
> blocklist
>                             [URIs: aujobs.net]
>  1.0 DRUGS_ERECTILE         Refers to an erectile drug
> -3.8 AWL                    AWL: From: address is in the auto
white-list
> 
> (ignore AWL, mail was sent from another email account I own to test)
> 
> ..meaning I'm missing the URIBL_SBL_XBL, URIBL_SBL, URIBL_MP_RHSBL and
> URIBL_SS_RHSBL checks.
> 
> I notice from 25_uribl.cf that the "uridnsbl_timeout" is set to 2
> seconds, which seems pretty low - could this possibly be the cause of
> not all the tests being returned?
> 
> Also, I can't find any reference at all to URIBL_MP_RHSBL or
> URIBL_SS_RHSBL tests in any of the files I have in
> /usr/local/share/Spamassassin.  Where have these tests come from and
why
> would I be missing them? :(
> 
> Thanks,
> 
> Darren
> 
> 
> > -----Original Message-----
> > From: Jack L. Stone [mailto:[EMAIL PROTECTED]
> > Sent: 12 January 2005 14:55
> > To: Loren Wilton; users@spamassassin.apache.org
> > Subject: Re: Lots of spam being missed with SA 3.0.2 + lots of
> RulesEmp
> > rules
> >
> > At 04:36 AM 1.12.2005 -0800, Loren Wilton wrote:
> > >Well, just for grins I ran it here:
> > >
> > >Content analysis details:   (11.3 points, 4.6 required)
> > >
> > > pts rule name              description
> > >---- ----------------------
> ---------------------------------------------
> > ---
> > >--
> > > 2.6 LOCAL_OBFU_TADALAFIL_SUBJ Obfuscated 'TADALAFIL' in subject
> > > 0.3 SARE_WEOFFER           BODY: Offers Something
> > > 1.8 LOCAL_OBFU_VIAGRA      BODY: Obfuscated 'VIAGRA' in body
> > > 1.8 LOCAL_OBFU_TADALAFIL   BODY: Obfuscated 'TADALAFIL' in body
> > > 1.8 LOCAL_OBFU_CIALIS      BODY: Obfuscated 'CIALIS' in body
> > > 0.0 BAYES_50               BODY: Bayesian spam probability is 50
to
> 56%
> > >                            [score: 0.5418]
> > > 1.0 DRUGS_ERECTILE         Refers to an erectile drug
> > > 2.0 NOT_TO_ME              Mail is not addressed to me
> > >
> > >You wouldn't have the last one, so should have only gotten 9.3.
This
> is
> > on
> > >2.64.
> > >
> >
> > ....and, for laughs, here on sa-3.0.2 and got a very high score:
> >
> >
>
------------------------------------------------------------------------
> --
> > ----
> > Content analysis details:   (31.0 points, 4.5 required)
> >
> >  pts rule name              description
> > ---- ----------------------
> ----------------------------------------------
> > ----
> >  0.1 MISSING_HEADERS        Missing To: header
> >  0.0 BAYES_50               BODY: Bayesian spam probability is 40 to
> 60%
> >                             [score: 0.5000]
> >  0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level
above
> 50%
> >                             [cf: 100]
> >  1.5 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
> >  2.5 URIBL_CNKR             Contains a URL listed in China/Korea
> >                             [URIs: aujobs.net]
> >  0.5 URIBL_SBL_XBL          Contains a URL listed in the SBL-XBL
DNSBL
> >                             [URIs: aujobs.net]
> >  5.0 URIBL_SBL              Contains an URL listed in the SBL
> blocklist
> >                             [URIs: aujobs.net]
> >  5.0 URIBL_SC_SURBL         Contains an URL listed in the SC SURBL
> > blocklist
> >                             [URIs: aujobs.net]
> >  5.0 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL
> > blocklist
> >                             [URIs: aujobs.net]
> >  0.5 URIBL_MP_RHSBL         Contains a URL listed in the MP RHSBL
> >                             [URIs: aujobs.net]
> >  5.0 URIBL_AB_SURBL         Contains an URL listed in the AB SURBL
> > blocklist
> >                             [URIs: aujobs.net]
> >  0.5 URIBL_SS_RHSBL         Contains a URL listed in the SS RHSBL
> >                             [URIs: aujobs.net]
> >  1.2 MISSING_SUBJECT        Missing Subject: header
> >  0.2 DRUGS_ERECTILE         Refers to an erectile drug
> >  1.0 MURTY_BADWORDS2        Words ending with numbers
> >  1.2 MURTY_BADWORDS3        Words with numbers in the middle
> >  0.5 MURTY_BADWORDS4        Words with special symbols
> >  1.2 MURTY_BADCHARS         Single Characters
> >
> >
> > Happy trails,
> > Jack L. Stone
> >
> > System Admin
> > Sage-american

(Apologies for top-posting before, old habits die hard)

Bit odd of me to reply to my own email, but anyway..

Figured out why URIBL_SBL wasn't firing for me for that email - I can't
even resolve that domain!  Have tried resolving it on several machines I
have shell access to (including external machines who peer with
different providers), and none of them can do it.

Very odd.

Daz

Reply via email to