> -----Original Message----- > From: Darren Coleman [mailto:[EMAIL PROTECTED] > Sent: 12 January 2005 15:29 > To: Jack L. Stone; Loren Wilton; users@spamassassin.apache.org > Subject: RE: Lots of spam being missed with SA 3.0.2 + lots of RulesEmp > rules > > Hmm.. > > I got the following on that message (having reconfigured SURBL): > > Content analysis details: (8.0 points, 5.0 required) > 0.3 RM_hm_EmtyMsgid Message ID is empty, or just spaces - > probable spamsign > 0.3 SARE_WEOFFER BODY: Offers Something > 2.5 MANGLED_CIALIS BODY: mangled Cialis > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% > [score: 0.5170] > 0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above > 50% > [cf: 100] > 1.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) > 0.4 URIBL_AB_SURBL Contains an URL listed in the AB SURBL > blocklist > [URIs: aujobs.net] > 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL > blocklist > [URIs: aujobs.net] > 4.3 URIBL_SC_SURBL Contains an URL listed in the SC SURBL > blocklist > [URIs: aujobs.net] > 1.0 DRUGS_ERECTILE Refers to an erectile drug > -3.8 AWL AWL: From: address is in the auto white-list > > (ignore AWL, mail was sent from another email account I own to test) > > ..meaning I'm missing the URIBL_SBL_XBL, URIBL_SBL, URIBL_MP_RHSBL and > URIBL_SS_RHSBL checks. > > I notice from 25_uribl.cf that the "uridnsbl_timeout" is set to 2 > seconds, which seems pretty low - could this possibly be the cause of > not all the tests being returned? > > Also, I can't find any reference at all to URIBL_MP_RHSBL or > URIBL_SS_RHSBL tests in any of the files I have in > /usr/local/share/Spamassassin. Where have these tests come from and why > would I be missing them? :( > > Thanks, > > Darren > > > > -----Original Message----- > > From: Jack L. Stone [mailto:[EMAIL PROTECTED] > > Sent: 12 January 2005 14:55 > > To: Loren Wilton; users@spamassassin.apache.org > > Subject: Re: Lots of spam being missed with SA 3.0.2 + lots of > RulesEmp > > rules > > > > At 04:36 AM 1.12.2005 -0800, Loren Wilton wrote: > > >Well, just for grins I ran it here: > > > > > >Content analysis details: (11.3 points, 4.6 required) > > > > > > pts rule name description > > >---- ---------------------- > --------------------------------------------- > > --- > > >-- > > > 2.6 LOCAL_OBFU_TADALAFIL_SUBJ Obfuscated 'TADALAFIL' in subject > > > 0.3 SARE_WEOFFER BODY: Offers Something > > > 1.8 LOCAL_OBFU_VIAGRA BODY: Obfuscated 'VIAGRA' in body > > > 1.8 LOCAL_OBFU_TADALAFIL BODY: Obfuscated 'TADALAFIL' in body > > > 1.8 LOCAL_OBFU_CIALIS BODY: Obfuscated 'CIALIS' in body > > > 0.0 BAYES_50 BODY: Bayesian spam probability is 50 to > 56% > > > [score: 0.5418] > > > 1.0 DRUGS_ERECTILE Refers to an erectile drug > > > 2.0 NOT_TO_ME Mail is not addressed to me > > > > > >You wouldn't have the last one, so should have only gotten 9.3. This > is > > on > > >2.64. > > > > > > > ....and, for laughs, here on sa-3.0.2 and got a very high score: > > > > > ------------------------------------------------------------------------ > -- > > ---- > > Content analysis details: (31.0 points, 4.5 required) > > > > pts rule name description > > ---- ---------------------- > ---------------------------------------------- > > ---- > > 0.1 MISSING_HEADERS Missing To: header > > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to > 60% > > [score: 0.5000] > > 0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above > 50% > > [cf: 100] > > 1.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) > > 2.5 URIBL_CNKR Contains a URL listed in China/Korea > > [URIs: aujobs.net] > > 0.5 URIBL_SBL_XBL Contains a URL listed in the SBL-XBL DNSBL > > [URIs: aujobs.net] > > 5.0 URIBL_SBL Contains an URL listed in the SBL > blocklist > > [URIs: aujobs.net] > > 5.0 URIBL_SC_SURBL Contains an URL listed in the SC SURBL > > blocklist > > [URIs: aujobs.net] > > 5.0 URIBL_WS_SURBL Contains an URL listed in the WS SURBL > > blocklist > > [URIs: aujobs.net] > > 0.5 URIBL_MP_RHSBL Contains a URL listed in the MP RHSBL > > [URIs: aujobs.net] > > 5.0 URIBL_AB_SURBL Contains an URL listed in the AB SURBL > > blocklist > > [URIs: aujobs.net] > > 0.5 URIBL_SS_RHSBL Contains a URL listed in the SS RHSBL > > [URIs: aujobs.net] > > 1.2 MISSING_SUBJECT Missing Subject: header > > 0.2 DRUGS_ERECTILE Refers to an erectile drug > > 1.0 MURTY_BADWORDS2 Words ending with numbers > > 1.2 MURTY_BADWORDS3 Words with numbers in the middle > > 0.5 MURTY_BADWORDS4 Words with special symbols > > 1.2 MURTY_BADCHARS Single Characters > > > > > > Happy trails, > > Jack L. Stone > > > > System Admin > > Sage-american
(Apologies for top-posting before, old habits die hard) Bit odd of me to reply to my own email, but anyway.. Figured out why URIBL_SBL wasn't firing for me for that email - I can't even resolve that domain! Have tried resolving it on several machines I have shell access to (including external machines who peer with different providers), and none of them can do it. Very odd. Daz
