Lots ne wmedical related spam...

Rob rob at THEHOSTMASTERS.COM
Fri Nov 4 14:13:23 GMT 2005 

    [ The following text is in the "Windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I uncomment this in mailscanner.conf

Spam List =  ORDB-RBL SBL+XBL

Also added this to spam.assassin.prefs.conf

# JP data was taken out of the WS and SC SURBL zone files
# JP will be a separate list in SA 3.1

urirhssub URIBL_JP_SURBL  multi.surbl.org.        A   64
body      URIBL_JP_SURBL  eval:check_uridnsbl('URIBL_JP_SURBL')
describe  URIBL_JP_SURBL  Has URI in JP at http://www.surbl.org/lists.html
tflags    URIBL_JP_SURBL  net

score URIBL_JP_SURBL    4.0

Restarted mailscanner and SA

Have not see any notciable increase in system load yet...

Rob...


----- Original Message ----- 
From: "Pete Russell" <pete at ENITECH.COM.AU>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Thursday, November 03, 2005 8:58 PM
Subject: Re: Lots ne wmedical related spam...


> How do I find out which URIBL i have enabled? Or turn on more of the ones 
> that are built in? Because i dont see all of those in my reports.
> Thanks
> Pete
>
> Matt Kettler wrote:
>> Rob wrote:
>>
>>>The source as form MS outlook express...
>>>
>>
>>
>> <snip>
>>
>> Well, you're not set up to generate spamcheck headers for nonspam.. 
>> That's such
>> a horridly lame default in MailScanner.
>>
>> Unless you're ready/willing to grep your maillogs for the SMTP ID to find 
>> the
>> actual spam check results I would *STRONGLY* suggest changing your
>> MailScanner.conf to include:
>>
>> Always Include SpamAssassin Report = yes
>>
>>
>> That aside, are you using DNS checks and URIBLs?
>>
>> I got a LOT of hits on that message when I tested it locally. I'm using 
>> SA
>> 3.1.0, but most of these tests apply to SA 3.0.4 as well.
>>
>> Relevant optional features:
>> I'm using DNS checks (RBLs responsible for 10.1 points)
>> I'm using URIBLs with uribl.com lists added on (8.2 points)
>> I'm using Razor (1.7 points)
>> I'm using DCC (2.2 points)
>> I'm using 70_sare_specific.cf from rulesemporium.com (0.2 points)
>> I'm using bayes (1.0 points)
>>
>> Content analysis details:   (26.1 points, 5.0 required)
>>
>>  pts rule name              description
>> ---- ---------------------- --------------------------------------------------
>>  1.0 BAYES_60               BODY: Bayesian spam probability is 60 to 80%
>>                             [score: 0.6448]
>>  0.0 HTML_MESSAGE           BODY: HTML included in message
>>  0.2 SARE_SPEC_LEO_LINE03f  RAW: common Leo body text
>>  1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
>>                             above 50%
>>                             [cf: 100]
>>  0.5 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
>>  1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
>>                             above 50%
>>                             [cf: 100]
>>  0.2 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
>>                             [cf: 100]
>>  2.2 DCC_CHECK              Listed in DCC 
>> (http://rhyolite.com/anti-spam/dcc/)
>>  2.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP 
>> address
>>                             [216.230.157.133 listed in dnsbl.sorbs.net]
>>  2.6 RCVD_IN_DSBL           RBL: Received via a relay in list.dsbl.org
>>                             [<http://dsbl.org/listing?216.230.157.133>]
>>  1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
>>              [Blocked - see 
>> <http://www.spamcop.net/bl.shtml?216.230.157.133>]
>>  3.9 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
>>                             [216.230.157.133 listed in 
>> sbl-xbl.spamhaus.org]
>>  1.6 URIBL_SBL              Contains an URL listed in the SBL blocklist
>>                             [URIs: artistisen.com]
>>  2.5 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
>>                             [URIs: artistisen.com]
>>  4.1 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL 
>> blocklist
>>                             [URIs: artistisen.com]
>>  0.8 DIGEST_MULTIPLE        Message hits more than one network digest 
>> check
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website! 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list