ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

mail from my server is gettting caught by spamasssin URIBL_SBL

https://mail.forum.configserver.com/viewtopic.php?t=77

Page 1 of 1

mail from my server is gettting caught by spamasssin URIBL_SBL

Posted: 18 Dec 2006, 01:59
by silver_2000
mail from my server is getting caught by spamasssin URIBL_SBL but in checking the ip address is not listed on ANY spam or relay site

http://www.completewhois.com/cgi-bin/rb ... eWhois+CGI

Any ideas on where else to look for cause of this false positive ?
Its ironic that this email in question was private message notice from site on my server to me
X-XXX-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=5.4,
required 5, BAYES_00 -2.60, NO_RELAYS -0.00, URIBL_BLACK 3.00,
URIBL_SBL 5.00)
X-XXXX-MailScanner-SpamScore: sssss

Posted: 18 Dec 2006, 08:44
by Sarah
The URIBL_SBL rule hits when the message body contains a URL that is listed in the SBL blocklist, it's nothing to do with the IP address that the message was sent from. :)

Posted: 21 Dec 2006, 16:11
by silver_2000
More info would be helpful

when I google URIBL_SBL the pages ALL talk about entering IPS to se if they are blocked

I cant find ANY reference to the IP or the domain on ANY BL

The domain is mercurymarauder.net

Posted: 21 Dec 2006, 16:44
by Sarah
Is that the only URL that is present in the email? As you have mentioned, that domain or its IP address does not appear to be in any block lists currently. If that's the only URL in the email, then I'm afraid I can't really offer any other suggestions or more information.

Are these emails being blocked by other servers using spamassassin, or is your concern just that it is being blocked on your own server? If the latter, then you can modify the score for that SA rule by editing /etc/mail/spamassassin/configserver.cf (if present) and giving that rule a 0 score. If that file is not present, edit /etc/mail/spamassassin/local.cf and add the line:

score URIBL_SBL 0.0

Posted: 21 Dec 2006, 17:16
by silver_2000
the email in question was a vbulletiin private message notification that was from a VB install on the server to a mail account on the server

the vb private message email only contains one url similar to this
http://www.mercurymarader.net/forum/private.php

I dont want to prevent SA from scanning for other badurls - but I couldn't even find a rbl list that lists urls - they all list IPs - in my servers case there are over 50 urls associated with one ip

Doug

Posted: 21 Dec 2006, 22:18
by Sarah
You could try manually running the mail through spamassassin in debug mode to see exactly what it is hitting on in the email. Save the email in a text file, i.e. email.txt, and do:

spamassassin -t -D < email.txt
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited