URIBL support

Discussion in 'Feature Requests' started by maxx, Jun 10, 2006.

  1. maxx

    maxx New Member

    Check uribl.com

    http://www.uribl.com/usage.shtml

    How to implement it to spamassasin. Its great! It checks url of message and it is in blacklist. It will make spamassassin more effective!

    - M
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You can add this to the ISPConfig spamassassin by adding the uribl configuration in the spamassassin config file in the directory /home/admispconfig/ispconfig/tools/spamassassin/etc/
     
  3. maxx

    maxx New Member

    You mean:

    /home/admispconfig/ispconfig/tools/spamassassin/etc/mail/spamassassin/local.cf

    - J

    BTW: I found this from init.pre directory above.


    # URIDNSBL - look up URLs found in the message against several DNS
    # blocklists.
    #
    loadplugin Mail::SpamAssassin::plugin::URIDNSBL
     
    Last edited: Jun 12, 2006
  4. falko

    falko Super Moderator Howtoforge Staff

    Yes, correct.
     
  5. maxx

    maxx New Member

    It's working perfectly.

    It's working perfectly. You really should add this to ISPconfig by default.
    Here is a sample:

    Spam detection software, running on the system "XXX.XXX.fi", has
    identified this incoming email as possible spam. The original message
    has been attached to this so you can view it (if it isn't spam) or label
    similar future email. If you have any questions, see
    [email protected] for details.

    Content preview: gW1nPkyrtBhoaBDTQgcH [...]

    Content analysis details: (33.2 points, 4.5 required)

    pts rule name description
    ---- ---------------------- --------------------------------------------------
    0.4 X_PRIORITY_HIGH Sent with 'X-Priority' set to high
    2.9 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters
    0.1 HTML_90_100 BODY: Message is 90% to 100% HTML
    0.0 HTML_MESSAGE BODY: HTML included in message
    3.1 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
    3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
    [score: 0.9994]
    0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
    0.2 MIME_BASE64_NO_NAME RAW: base64 attachment does not have a file name
    2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
    [71.79.130.183 listed in dnsbl.sorbs.net]
    1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
    [Blocked - see <http://www.spamcop.net/bl.shtml?71.79.130.183>]
    1.6 URIBL_SBL Contains an URL listed in the SBL blocklist
    [URIs: admityolk.com]
    4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
    [URIs: admityolk.com]
    3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
    [URIs: admityolk.com]
    2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
    [URIs: admityolk.com]
    3.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
    [URIs: admityolk.com]
    4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
    [URIs: admityolk.com]
    0.9 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image

    The original message was not completely plain text, and may be unsafe to
    open with some email clients; in particular, it may contain a virus,
    or confirm that your address can receive spam. If you wish to view
    it, it may be safer to save it to a file and open it with an editor.
     
  6. z33k3r

    z33k3r New Member

    I have added the URIBL code to the local.cf file, but am I missing something? Do I need to restart something? Just doesn't seem to be working... I searched on the forum and everybody says that there is no Daemon running, and I verified that, but besides writing the code to the .cf, is there a step I am missing? :confused:
     
  7. falko

    falko Super Moderator Howtoforge Staff

    What does your /home/admispconfig/ispconfig/tools/spamassassin/etc/mail/spamassassin/local.cf look like now?
     
  8. z33k3r

    z33k3r New Member

    Code:
    # This is the right place to customize your installation of SpamAssassin.
    #
    # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
    # tweaked.
    #
    # Only a small subset of options are listed below
    #
    ###########################################################################
    
    #   Add *****SPAM***** to the Subject header of spam e-mails
    #
    # rewrite_header Subject *****SPAM*****
    
    
    #   Save spam messages as a message/rfc822 MIME attachment instead of
    #   modifying the original message (0: off, 2: use text/plain instead)
    #
    # report_safe 1
    
    
    #   Set which networks or hosts are considered 'trusted' by your mail
    #   server (i.e. not spammers)
    #
    # trusted_networks 212.17.35.
    
    
    #   Set file-locking method (flock is not safe over NFS, but is faster)
    #
    # lock_method flock
    
    
    #   Set the threshold at which a message is considered spam (default: 5.0)
    #
    # required_score 5.0
    
    
    #   Use Bayesian classifier (default: 1)
    #
    # use_bayes 1
    
    
    #   Bayesian classifier auto-learning (default: 1)
    #
    # bayes_auto_learn 1
    
    
    #   Set headers which may provide inappropriate cues to the Bayesian
    #   classifier
    #
    # bayes_ignore_header X-Bogosity
    # bayes_ignore_header X-Spam-Flag
    # bayes_ignore_header X-Spam-Status
    
    urirhssub       URIBL_BLACK  multi.uribl.com.        A   2
    body            URIBL_BLACK  eval:check_uridnsbl('URIBL_BLACK')
    describe        URIBL_BLACK  Contains an URL listed in the URIBL blacklist
    tflags          URIBL_BLACK  net
    score           URIBL_BLACK  3.0
    
    urirhssub       URIBL_GREY  multi.uribl.com.        A   4
    body            URIBL_GREY  eval:check_uridnsbl('URIBL_GREY')
    describe        URIBL_GREY  Contains an URL listed in the URIBL greylist
    tflags          URIBL_GREY  net
    score           URIBL_GREY  0.25
    
     
  9. the_spy

    the_spy New Member

    it looks great, would this feature be added by default in future ISPConfig versions ?
     
  10. z33k3r

    z33k3r New Member

    I posted my file; have any ideas Falko?
     
  11. falko

    falko Super Moderator Howtoforge Staff

    What does
    Code:
    /home/admispconfig/ispconfig/tools/spamassassin/usr/bin/spamassassin --lint 
    show?
     
  12. falko

    falko Super Moderator Howtoforge Staff

    Blacklisting is already part of ISPConfig.
     
  13. z33k3r

    z33k3r New Member

    Code:
    usr@srv:~$ /home/admispconfig/ispconfig/tools/spamassassin/usr/bin/spamassassin --lint
    usr@srv:~$
    
     
  14. falko

    falko Super Moderator Howtoforge Staff

    This means the syntax is ok. It should work then.
     
  15. z33k3r

    z33k3r New Member

    So how can i test this?
     

Share This Page