Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
Re: User Blacklist False Positives?
mkettler at evi-inc
Mar 9, 2004, 11:07 AM
Post #1 of 4 (487 views)
Permalink
At 12:30 PM 3/9/2004, Raquel Rice wrote:
>During the past week I've begun getting a great number of false
>positives saying that the address is in the user's (my) blacklist.
>I'll include my "blacklist" and a sample email. What's going on
>with this?

Weird.. I can't reproduce it using your sample mail and your blacklist.

Try running it through your spamassassin -D and look in the debug output.
In particular, look at the all from address line of the debug out.

I get this:
debug: all '*From' addrs: thericehouse.net@httpd.apache.org
Re: User Blacklist False Positives? [ In reply to ]
mailings02 at ttlexceeded
Mar 9, 2004, 6:40 PM
Post #2 of 4 (480 views)
Permalink
Raquel Rice wrote:

> [...]
> From: "Jason Davidson" <jdavidson@zworg.com>

Are you using William Stearns' blacklist.cf?

$ grep zworg *
blacklist-uri.cf:describe WLS_URI_6859 URI contains zworg.com
blacklist-uri.cf:uri WLS_URI_6859 /\bzworg\.com\b/i
blacklist.cf:blacklist_from *@zworg.com

Check the other sender domains. I applaud Mr. Stearns' efforts, but I'm
finding blacklists too heavy a hammer because of such problems. Keep in
mind that even if you delete those entries, the AWL for any users
running AWL will have been tainted. You'll need to remove those AWL
entries for each.

- Bob
Re: User Blacklist False Positives? [ In reply to ]
mailings02 at ttlexceeded
Mar 9, 2004, 6:47 PM
Post #3 of 4 (478 views)
Permalink
Raquel Rice wrote:

> During the past week I've begun getting a great number of false
> positives saying that the address is in the user's (my) blacklist.
> I'll include my "blacklist" and a sample email. What's going on
> with this?
>
> # BLACKLIST
> blacklist_from *@rinet.ru
> blacklist_from *@wordofmouth*
> blacklist_from *@word-of-mouth-connection.org
> blacklist_from *@womexch.info
> blacklist_from *@wominfo.net

Just checking blacklists. Some do hit. Are you using these?

$ egrep "(rinet|wordofmouth|word-of-mouth-connection|womexch|wominfo)" *

blacklist-uri.cf:describe WLS_URI_6618 URI contains
word-of-mouth-connection.com
blacklist-uri.cf:uri WLS_URI_6618 /\bword-of-mouth-connection\.com\b/i
blacklist-uri.cf:describe WLS_URI_6620 URI contains
wordofmouthconnection.com
blacklist-uri.cf:uri WLS_URI_6620 /\bwordofmouthconnection\.com\b/i
blacklist-uri.cf:describe WLS_URI_6621 URI contains
wordofmouthinformation.com
blacklist-uri.cf:uri WLS_URI_6621 /\bwordofmouthinformation\.com\b/i
blacklist.cf:blacklist_from *@www.word-of-mouth-connection.com
blacklist.cf:blacklist_from *@*.word-of-mouth-connection.com
blacklist.cf:blacklist_from *@word-of-mouth-connection.com
blacklist.cf:blacklist_from *@wordofmouthconnection.com
blacklist.cf:blacklist_from *@www.wordofmouthinformation.com
blacklist.cf:blacklist_from *@*.wordofmouthinformation.com
blacklist.cf:blacklist_from *@wordofmouthinformation.com

Again, entries will need to be removed from AWL databases for affected
users if you're using AWL.

- Bob
Re: User Blacklist False Positives? [ In reply to ]
mailings02 at ttlexceeded
Mar 9, 2004, 8:17 PM
Post #4 of 4 (479 views)
Permalink
Bob George wrote:

> [...]
> Just checking blacklists. Some do hit. Are you using these?

Rather, are you using a "master blacklist" _like_ this (blacklist.cf)
that might hit some of 'em?

- Bob

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal