Debugging SA SURBL

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Tue Sep 14 09:07:37 IST 2004 

<x-flowed>
Remco

would be better asking this on the SA-users or surb users lists???



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Remco Barendse wrote:
> Hi all!
>
> Received another one line + image spam mail. The header as created by
> MS+SA says this:
>
> X-gw-MailScanner-SpamCheck: spam, SpamAssassin (score=7.982, required 6,
>        BAYES_99 1.89, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30,
>        HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, MIME_BASE64_BLANKS
> 1.47,
>        MPART_ALT_DIFF 0.07, RCVD_IN_BL_SPAMCOP_NET 1.22)
>
> Which does not mention any SURBL.
>
> When I do a lookup on http://www.rulesemporium.com/cgi-bin/uribl.cgi
>
> I get this:
>
> peachcasino.com is 62.73.174.136 [  rbl lookup  ]
> domain registered: ..............: Mon, Jul 14, 2003 [ full whois ]
>
> * URIBL: ws.surbl.org: listed [Blocked, See:
> http://www.stearns.org/sa-blacklist/]
> * URIBL: sc.surbl.org: not listed
> * URIBL: ob.surbl.org: not listed
> * URIBL: multi.surbl.org: listed [Blocked, peachcasino.com on lists
> [ws], See: http://www.surbl.org/lists.html]
> * URIBL: ab.surbl.org: not listed
>
>
> I thought SA 3 (rc4) was using combined SURBL lists so this should have
> come up? Any ideas why this didn't come up blacklisted?
>
> (Extremely annoying btw that it is not possible to put the output of
> spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf though
> | less or more), I can never read the top bit....) URI is working on some
> mails.
>
>
> Thx!!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

More information about the MailScanner mailing list