> -----Messaggio originale----- > Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Inviato: lunedì 26 marzo 2007 16.48 > A: Giampaolo Tomassoni > Cc: 'Chris St. Pierre'; 'Larry Ludwig'; users@spamassassin.apache.org > Oggetto: Re: R: R: New method of spamming > > > Giampaolo Tomassoni writes: > > > -----Messaggio originale----- > > > Da: Chris St. Pierre [mailto:[EMAIL PROTECTED] > > > > > > On Mon, 26 Mar 2007, Giampaolo Tomassoni wrote: > > > > > > > By "black-listing" URI's host IPs, one could easily score high > this > > > kind of > > > > e-mails. Maybe there is also some RBL regarding web hosts, by the > > > way. Is > > > > it? > > > > > > You mean URIBL? Not only does it exist, it's included with SA. If > > > the URIBL_* family of rules aren't among your top 5 most effective, > > > something is seriously wrong with your SA installation. > > > > No, not URIBL: that would detect the URI (which always changes). I > mean some > > RBL thing which enlists suspicious web host IP address, since the IP > address > > of this spammer is always the same. > > > > One could alternatively have a similar check on the authoritative DNS > > server(s) for the URI's domain: this too is always the same. > > > > A SA plugin which lets me score messages containing URI resolving to > > suspicious web hosts and/or authoritative name servers would suffice. > Being > > out there even some RBL service about suspicious web hosts IP > addresses > > and/or the IP address of suspicious authoritative name servers would > be > > great for to stop him/she... > > The URIBL_SBL rule does this, looking up IPs of hosts against SBL. It's > actually been part of SpamAssassin since before SURBL and URIBL were > created, I think ;)
Hugh! So, it scores to low to me? I got the default: score URIBL_SBL 0 1.094 0 1.639 or maybe I don't get a reply within timeout (2 secs)... Thanks, J. I'll give a look at it. Giampaolo > --j. > > > > FWIW, the OP's message scored 31.3 on my system, as it hit Razor2 > and > > > two URIBL rules (the scores for which I crank up). > > > > Unfortunately, it seems I often get this crap before many others do. > > Thereby, there is no Razor or Pyzor or DCC report about it. Sometimes > there > > is a URIBL report, however, which, helped by Bayes, rises the score > to high > > enough to mark it as "[SPAM?]". Not enough to be discarded, anyway. > > > > > > > Chris St. Pierre > > > Unix Systems Administrator > > > Nebraska Wesleyan University > > > ---------------------------- > > > Never send mail to [EMAIL PROTECTED] > > > > ------------------------------------- > > Giampaolo Tomassoni - I.T. Consultant > > Piazza VIII Aprile 1948, 4 > > I-53043 Chiusi (SI) - Italy > > Tel/Ph: +39-0578-21100 > > > > MAI mandare un messaggio a: > > NEVER send an e-mail to: > > > > [EMAIL PROTECTED]