SA Network Tests

Rodney Green rgreen at TRAYERPRODUCTS.COM
Tue Mar 15 15:53:04 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I guess I still don't have the full view of the "big picture" when it
comes to MS and SA. I just found where the URIBLs are configured; in
/usr/share/spamassassin/25_uribl.cf. I thought they had to be enabled in
spam.assassin.prefs.conf.

Rodney Green wrote:
> In looking through some spam headers I've noticed scores for URIBLs:
>
> URIBL_OB_SURBL 3.21,URIBL_SBL 1.00, URIBL_SC_SURBL 4.26, URIBL_WS_SURBL
> 1.46
>
> Where are these configured? I've been looking but cannot find where the
> scores are specified.
>
> Thanks
>
> Rodney Green wrote:
>
>> Ahh, I see. So they are on by default, unless set to zero.
>>
>> Thanks Martin!
>>
>> Martin Hepworth wrote:
>>
>>> Rodney
>>>
>>> A score of zero turns off the rule.
>>>
>>> I only want two of th RBL's the run, so I turn off all the others by
>>> ADDING the scores to the file.
>>>
>>> --
>>> Martin Hepworth
>>> Snr Systems Administrator
>>> Solid State Logic
>>> Tel: +44 (0)1865 842300
>>>
>>>
>>> Rodney Green wrote:
>>>
>>>> Martin,
>>>>
>>>> Thanks. Your list of scores only has those that are listed as 0 points.
>>>> I don't have any of the listed scores in my spam.assassin.prefs.conf
>>>> file.
>>>>
>>>> Rodney
>>>>
>>>> Martin Hepworth wrote:
>>>>
>>>>> Rodney
>>>>>
>>>>> don't so this here, do in in SA .
>>>>>
>>>>> edit spam.assassin.prefs.conf
>>>>>
>>>>> comment out the "skip_rbl_tests 1" line
>>>>>
>>>>> and turn off the RBL's you don't want by giving them a zero
>>>>> score...here's mine that only runs the xbl and orb ones..
>>>>>
>>>>> score __RCVD_IN_NJABL 0.0
>>>>> score RCVD_IN_NJABL_DUL 0.0
>>>>> score RCVD_IN_NJABL_MULTI 0.0
>>>>> score RCVD_IN_NJABL_PROXY 0.0
>>>>> score RCVD_IN_NJABL_RELAY 0.0
>>>>> score RCVD_IN_NJABL_SPAM 0.0
>>>>> score RCVD_IN_NJABL_CGI 0.0
>>>>> score __RCVD_IN_SORBS 0.0
>>>>> score RCVD_IN_SORBS_HTTP 0.0
>>>>> score RCVD_IN_SORBS_MISC 0.0
>>>>> score RCVD_IN_SORBS_SMTP 0.0
>>>>> score RCVD_IN_SORBS_SOCKS 0.0
>>>>> score RCVD_IN_SORBS_WEB 0.0
>>>>> score RCVD_IN_SORBS_BLOCK 0.0
>>>>> score RCVD_IN_SORBS_ZOMBIE 0.0
>>>>> score RCVD_IN_SORBS_DUL 0.0
>>>>> score __RFC_IGNORANT_ENVFROM 0.0
>>>>> score DNS_FROM_RFC_DSN 0.0
>>>>> score DNS_FROM_RFC_POST 0.0
>>>>> score DNS_FROM_RFC_ABUSE 0.0
>>>>> score DNS_FROM_RFC_WHOIS 0.0
>>>>> score DNS_FROM_RFC_BOGUSMX 0.0
>>>>> score RCVD_IN_DSBL 0.0
>>>>> score DNS_FROM_AHBL_RHSBL 0.0
>>>>> score HABEAS_INFRINGER 0.0
>>>>> score HABEAS_USER 0.0
>>>>> score RCVD_IN_BSP_TRUSTED 0.0
>>>>> score RCVD_IN_BSP_OTHER 0.0
>>>>> score __SENDERBASE 0.0
>>>>> score SB_NEW_BULK 0.0
>>>>> score SB_NSP_VOLUME_SPIKE 0.0
>>>>> score RCVD_IN_RSL 0.0
>>>>> score RCVD_IN_MAPS_RBL 0.0
>>>>> score RCVD_IN_MAPS_DUL 0.0
>>>>> score RCVD_IN_MAPS_RSS 0.0
>>>>> score RCVD_IN_MAPS_NML 0.0
>>>>>
>>>>>
>>>>> Also make sure you set the trusted_networks and internal_networks
>>>>> options properly or it's likely to misfire and start letting the spam
>>>>> through
>>>>> http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#network_test_options
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Martin Hepworth
>>>>> Snr Systems Administrator
>>>>> Solid State Logic
>>>>> Tel: +44 (0)1865 842300
>>>>>
>>>>>
>>>>> Rodney Green wrote:
>>>>>
>>>>>> For the "Spam List =" configuration option in MailScanner.conf, it
>>>>>> says
>>>>>> you can use a ruleset file. What format would you use to list the
>>>>>> RBLs?
>>>>>>
>>>>>>
>>>>>> Martin Hepworth wrote:
>>>>>>
>>>>>>> Ah I see
>>>>>>>
>>>>>>> well network tests cover RBL's, URI-RBL's from surbl.org and perhaps
>>>>>>> even things like pyzor/dcc etc.
>>>>>>>
>>>>>>> I run a couple of RBL's and the URI-RBL's which are truely great.
>>>>>>>
>>>>>>> Not sure they'll help with FP's, but if bayes is FP-ing then
>>>>>>> enableing
>>>>>>> the network tests will reduce the bayes scores in SA 3.x.
>>>>>>>
>>>>>>> --
>>>>>>> Martin Hepworth
>>>>>>> Snr Systems Administrator
>>>>>>> Solid State Logic
>>>>>>> Tel: +44 (0)1865 842300
>>>>>>>
>>>>>>>
>>>>>>> Rodney Green wrote:
>>>>>>>
>>>>>>>> Martin,
>>>>>>>>
>>>>>>>> Truthfully, I don't know yet. I'm not even sure of what's all
>>>>>>>> available.
>>>>>>>> I saw something stating that the network tests helped to reduce
>>>>>>>> false
>>>>>>>> negatives. So, something that would help with that would be great.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Rodney
>>>>>>>>
>>>>>>>> Martin Hepworth wrote:
>>>>>>>>
>>>>>>>>> Rodney
>>>>>>>>>
>>>>>>>>> what 'network tests' are you interested in?
>>>>>>>>>
>>>>>>>>> see the doccy at spamassassin.apache.org for the options you can
>>>>>>>>> put
>>>>>>>>> into spam.assassin.prefs.conf.
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Martin Hepworth
>>>>>>>>> Snr Systems Administrator
>>>>>>>>> Solid State Logic
>>>>>>>>> Tel: +44 (0)1865 842300
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Rodney Green wrote:
>>>>>>>>>
>>>>>>>>>> Martin,
>>>>>>>>>>
>>>>>>>>>> Thanks, I'll look into how to do that. :-) I'm not familiar with
>>>>>>>>>> spamd.
>>>>>>>>>>
>>>>>>>>>> Rodney
>>>>>>>>>>
>>>>>>>>>> Martin Hepworth wrote:
>>>>>>>>>>
>>>>>>>>>>> Rodney
>>>>>>>>>>>
>>>>>>>>>>> just put the spamd settings into spam.assassin.prefs.conf and MS
>>>>>>>>>>> will
>>>>>>>>>>> use them for the SA part.
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Martin Hepworth
>>>>>>>>>>> Snr Systems Administrator
>>>>>>>>>>> Solid State Logic
>>>>>>>>>>> Tel: +44 (0)1865 842300
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Rodney Green wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Is it possible to enable SA network tests when running it with
>>>>>>>>>>>> MS?
>>>>>>>>>>>> I've
>>>>>>>>>>>> searched and only found reference to it in relation to running
>>>>>>>>>>>> spamd,
>>>>>>>>>>>> which I'm not using.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks,
>>>>>>>>>>>> Rodney
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> This message has been scanned for viruses and
>>>>>>>>>>>> dangerous content by MailScanner, and is
>>>>>>>>>>>> believed to be clean.
>>>>>>>>>>>>
>>>>>>>>>>>> ------------------------ MailScanner list
>>>>>>>>>>>> ------------------------
>>>>>>>>>>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>>>>>>>>>> 'leave mailscanner' in the body of the email.
>>>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
>>>>>>>>>>>> and
>>>>>>>>>>>> the archives
>>>>>>>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>>>>>>>>>
>>>>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> **********************************************************************
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> This email and any files transmitted with it are confidential
>>>>>>>>>>> and
>>>>>>>>>>> intended solely for the use of the individual or entity to whom
>>>>>>>>>>> they
>>>>>>>>>>> are addressed. If you have received this email in error please
>>>>>>>>>>> notify
>>>>>>>>>>> the system manager.
>>>>>>>>>>>
>>>>>>>>>>> This footnote confirms that this email message has been swept
>>>>>>>>>>> for the presence of computer viruses and is believed to be
>>>>>>>>>>> clean.
>>>>>>>>>>>
>>>>>>>>>>> **********************************************************************
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ------------------------ MailScanner list
>>>>>>>>>>> ------------------------
>>>>>>>>>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>>>>>>>>> 'leave mailscanner' in the body of the email.
>>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
>>>>>>>>>>> and
>>>>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>>>>>>>>
>>>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Rodney Green
>>>>>>>>>> Network/Security Administrator
>>>>>>>>>> Trayer Products, Inc.
>>>>>>>>>> E-Mail: rgreen at trayerproducts.com
>>>>>>>>>> Phone: 607-734-8124 Ext. 343
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> This message has been scanned for viruses and
>>>>>>>>>> dangerous content by MailScanner, and is
>>>>>>>>>> believed to be clean.
>>>>>>>>>>
>>>>>>>>>> ------------------------ MailScanner list
>>>>>>>>>> ------------------------
>>>>>>>>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>>>>>>>> 'leave mailscanner' in the body of the email.
>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
>>>>>>>>>> and
>>>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>>>>>>>
>>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> **********************************************************************
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> This email and any files transmitted with it are confidential and
>>>>>>>>> intended solely for the use of the individual or entity to whom
>>>>>>>>> they
>>>>>>>>> are addressed. If you have received this email in error please
>>>>>>>>> notify
>>>>>>>>> the system manager.
>>>>>>>>>
>>>>>>>>> This footnote confirms that this email message has been swept
>>>>>>>>> for the presence of computer viruses and is believed to be clean.
>>>>>>>>>
>>>>>>>>> **********************************************************************
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ------------------------ MailScanner list ------------------------
>>>>>>>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>>>>>>> 'leave mailscanner' in the body of the email.
>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>>>>>>
>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Rodney Green
>>>>>>>> Network/Security Administrator
>>>>>>>> Trayer Products, Inc.
>>>>>>>> E-Mail: rgreen at trayerproducts.com
>>>>>>>> Phone: 607-734-8124 Ext. 343
>>>>>>>>
>>>>>>>> --
>>>>>>>> This message has been scanned for viruses and
>>>>>>>> dangerous content by MailScanner, and is
>>>>>>>> believed to be clean.
>>>>>>>>
>>>>>>>> ------------------------ MailScanner list ------------------------
>>>>>>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>>>>>> 'leave mailscanner' in the body of the email.
>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> **********************************************************************
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> This email and any files transmitted with it are confidential and
>>>>>>> intended solely for the use of the individual or entity to whom they
>>>>>>> are addressed. If you have received this email in error please
>>>>>>> notify
>>>>>>> the system manager.
>>>>>>>
>>>>>>> This footnote confirms that this email message has been swept
>>>>>>> for the presence of computer viruses and is believed to be clean.
>>>>>>>
>>>>>>> **********************************************************************
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ------------------------ MailScanner list ------------------------
>>>>>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>>>>> 'leave mailscanner' in the body of the email.
>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> Rodney Green
>>>>>> Network/Security Administrator
>>>>>> Trayer Products, Inc.
>>>>>> E-Mail: rgreen at trayerproducts.com
>>>>>> Phone: 607-734-8124 Ext. 343
>>>>>>
>>>>>> --
>>>>>> This message has been scanned for viruses and
>>>>>> dangerous content by MailScanner, and is
>>>>>> believed to be clean.
>>>>>>
>>>>>> ------------------------ MailScanner list ------------------------
>>>>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>>>> 'leave mailscanner' in the body of the email.
>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> **********************************************************************
>>>>>
>>>>> This email and any files transmitted with it are confidential and
>>>>> intended solely for the use of the individual or entity to whom they
>>>>> are addressed. If you have received this email in error please notify
>>>>> the system manager.
>>>>>
>>>>> This footnote confirms that this email message has been swept
>>>>> for the presence of computer viruses and is believed to be clean.
>>>>>
>>>>> **********************************************************************
>>>>>
>>>>> ------------------------ MailScanner list ------------------------
>>>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>>> 'leave mailscanner' in the body of the email.
>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>
>>>> --
>>>> Rodney Green
>>>> Network/Security Administrator
>>>> Trayer Products, Inc.
>>>> E-Mail: rgreen at trayerproducts.com
>>>> Phone: 607-734-8124 Ext. 343
>>>>
>>>> --
>>>> This message has been scanned for viruses and
>>>> dangerous content by MailScanner, and is
>>>> believed to be clean.
>>>>
>>>> ------------------------ MailScanner list ------------------------
>>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>> 'leave mailscanner' in the body of the email.
>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>>
>>>
>>> **********************************************************************
>>>
>>> This email and any files transmitted with it are confidential and
>>> intended solely for the use of the individual or entity to whom they
>>> are addressed. If you have received this email in error please notify
>>> the system manager.
>>>
>>> This footnote confirms that this email message has been swept
>>> for the presence of computer viruses and is believed to be clean.
>>>
>>> **********************************************************************
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>
>> --
>> Rodney Green
>> Network/Security Administrator
>> Trayer Products, Inc.
>> E-Mail: rgreen at trayerproducts.com
>> Phone: 607-734-8124 Ext. 343
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> --
> Rodney Green
> Network/Security Administrator
> Trayer Products, Inc.
> E-Mail: rgreen at trayerproducts.com
> Phone: 607-734-8124 Ext. 343
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

--
Rodney Green
Network/Security Administrator
Trayer Products, Inc.
E-Mail: rgreen at trayerproducts.com
Phone: 607-734-8124 Ext. 343

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list