> -----Messaggio originale-----
> Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Inviato: lunedì 26 marzo 2007 16.48
> A: Giampaolo Tomassoni
> Cc: 'Chris St. Pierre'; 'Larry Ludwig'; users@spamassassin.apache.org
> Oggetto: Re: R: R: New method of spamming
>
>
> Giampaolo Tomassoni writes:
> > > -----Messaggio originale-----
> > > Da: Chris St. Pierre [mailto:[EMAIL PROTECTED]
> > >
> > > On Mon, 26 Mar 2007, Giampaolo Tomassoni wrote:
> > >
> > > > By "black-listing" URI's host IPs, one could easily score high
> this
> > > kind of
> > > > e-mails. Maybe there is also some RBL regarding web hosts, by the
> > > way. Is
> > > > it?
> > >
> > > You mean URIBL? Not only does it exist, it's included with SA. If
> > > the URIBL_* family of rules aren't among your top 5 most effective,
> > > something is seriously wrong with your SA installation.
> >
> > No, not URIBL: that would detect the URI (which always changes). I
> mean some
> > RBL thing which enlists suspicious web host IP address, since the IP
> address
> > of this spammer is always the same.
> >
> > One could alternatively have a similar check on the authoritative DNS
> > server(s) for the URI's domain: this too is always the same.
> >
> > A SA plugin which lets me score messages containing URI resolving to
> > suspicious web hosts and/or authoritative name servers would suffice.
> Being
> > out there even some RBL service about suspicious web hosts IP
> addresses
> > and/or the IP address of suspicious authoritative name servers would
> be
> > great for to stop him/she...
>
> The URIBL_SBL rule does this, looking up IPs of hosts against SBL. It's
> actually been part of SpamAssassin since before SURBL and URIBL were
> created, I think ;)
Hugh! So, it scores to low to me?
I got the default:
score URIBL_SBL 0 1.094 0 1.639
or maybe I don't get a reply within timeout (2 secs)...
Thanks, J. I'll give a look at it.
Giampaolo
> --j.
>
> > > FWIW, the OP's message scored 31.3 on my system, as it hit Razor2
> and
> > > two URIBL rules (the scores for which I crank up).
> >
> > Unfortunately, it seems I often get this crap before many others do.
> > Thereby, there is no Razor or Pyzor or DCC report about it. Sometimes
> there
> > is a URIBL report, however, which, helped by Bayes, rises the score
> to high
> > enough to mark it as "[SPAM?]". Not enough to be discarded, anyway.
> >
> >
> > > Chris St. Pierre
> > > Unix Systems Administrator
> > > Nebraska Wesleyan University
> > > ----------------------------
> > > Never send mail to [EMAIL PROTECTED]
> >
> > -------------------------------------
> > Giampaolo Tomassoni - I.T. Consultant
> > Piazza VIII Aprile 1948, 4
> > I-53043 Chiusi (SI) - Italy
> > Tel/Ph: +39-0578-21100
> >
> > MAI mandare un messaggio a:
> > NEVER send an e-mail to:
> >
> > [EMAIL PROTECTED]
