[Mimedefang] eval:check_rbl issue with SA 2.63
Danny Jensen
Dannyj at Magtek.com
Tue Dec 7 20:56:00 EST 2004
I inserted these lines in /etc/mail/spamassassin and restarted canit-pro (mime-defang)
[root at spamassassin]# more 90_local_magtek.cf
# Custom rules for magtek
# 041117 by Danny
#
# rbl-srbl section
header LOCAL_SPAMHAUS_RBLXBL eval:check_rbl('sblxbl', 'sbl-xbl.spamhaus.org.')
tflags LOCAL_SPAMHAUS_RBLXBL net
score LOCAL_SPAMHAUS_RBLXBL 3.0
describe LOCAL_SPAMHAUS_RBLXBL MagTek rule rbl sbl-xbl check on spamhaus.org
...
And I can't get the above rule to fire. My other local rules work.
Spam Analysis Report (Score = 23.2):
0.4 RATWR19_MESSID Message-ID has ratware pattern (XXXXXXXXXXXX[.xxxxxx]@)
0.4 SUBJ_BUY 'Subject' starts with Buy, Buying
0.6 J_CHICKENPOX_22 BODY: {2}Letter - punctuation - {2}Letter
0.6 J_CHICKENPOX_23 BODY: {2}Letter - punctuation - {3}Letter
0.6 J_CHICKENPOX_35 BODY: {3}Letter - punctuation - {5}Letter
0.2 HTML_MESSAGE BODY: HTML included in message
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.3 HTML_90_100 BODY: Message is 90% to 100% HTML
2.8 HTML_IMAGE_ONLY_02 BODY: HTML: images with 0-200 bytes of words
1.0 unsub34 BODY: SARE Unsub 34
3.0 SPAMCOP_URI_RBL URI's domain appears in database at sc.surbl.org
[a6.skate6arched.com is blacklisted in URI RBL at]
[sc.surbl.org]
3.0 WS_URI_RBL URI's domain appears in database at ws.surbl.org
[a6.skate6arched.com is blacklisted in URI RBL at]
[ws.surbl.org]
2.7 FORGED_RCVD_NET_HELO Host HELO'd using the wrong IP network
2.6 SUSPICIOUS_RECIPS Similar addresses in recipient list
1.1 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
0.6 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
1.3 SARE_URI_LET_DIG_PIC Suspicious file name for graphic
0.1 MISSING_OUTLOOK_NAME Message looks like Outlook, but isn't
I am using canit-pro v2.1a and SA v2.63 .
More information about the MIMEDefang
mailing list