Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - zen - not just a MAPS list
  FAQ FAQ  Forum Search   Register Register  Login Login

zen - not just a MAPS list

 Post Reply Post Reply
Author
sgeorge View Drop Down
Senior Member
Senior Member


Joined: 23 August 2005
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote sgeorge Quote  Post ReplyReply Direct Link To This Post Topic: zen - not just a MAPS list
    Posted: 09 August 2007 at 2:01pm
I found something interesting today some may already know and just thought I'd share...

spamhaus.org provides various lists you can use as MAPS blacklists.  But I just noticed this blurb on their site which indicates that you can also use one of their lists as a SURBL blacklist within SpamFilter as well:

Quote from http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20Ho w%20To%20Use#203

Not just for connection queries...
    In addition to checking the IP addresses of the connecting servers against the SBL/XBL/PBL (or Zen), you can significantly boost your spam catch rate by also scanning the email body of any mails, that get past this first check, looking for host names of URLs (web sites) advertised in spams, and checking the IP addresses of those hosts, and their name servers, against the SBL. This is because the SBL lists the IP addresses of spammers' websites in addition to their mail servers. This feature ("URIBL_SBL") is available in SpamAssassin 3.0 on, and code to do this is also available as a sendmail milter from here.


I've just added zen.spamhaus.org to my SURBL list, and verified that it's working.  However, I haven't run it long enough to have a solid report on how effective and accurate it is (though it seems to use the same exact data as it's equivalent spamhaus MAPS list, which I find to be very accurate).  I'll let you all know if my results are postivie or negative.

To satisfy the curious, here are my current SURBL lists in SpamFilter:

multi.surbl.org
multi.uribl.com
zen.spamhaus.org

Happy spam-bobbing,

Stephen
Back to Top
sgeorge View Drop Down
Senior Member
Senior Member


Joined: 23 August 2005
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote sgeorge Quote  Post ReplyReply Direct Link To This Post Posted: 09 August 2007 at 2:30pm
An observation...

If an i.p. address is listed on zen.spamhaus.org, you can expect the equivalent http://i.p.-address to make a match on the zen.spamhaus.or SURBL.  However, if you do a reverse-dns on that i.p., don't expect that URL to be matched on the SURBL. :(

Stephen
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 10 August 2007 at 10:55am

Stephen,

I actually use the following:
black.uribl.com  (I find "multi to be false prone)
multi.surbl.org  (Do this second 'cause uribl has most)
zen.spamhaus.org (Started using this about a month ago)

The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
sgeorge View Drop Down
Senior Member
Senior Member


Joined: 23 August 2005
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote sgeorge Quote  Post ReplyReply Direct Link To This Post Posted: 10 August 2007 at 12:31pm
Thanks Dan.  I agree that multi.uribl.com is a bit aggressive, which gives me some thought about whether or not to switch to black.

After our first 24-hours with the zen on our SURBL lists, it hasn't caught anything that our other two SURBL entries didn't catch.  However, we are not an ISP, and process much less email compared to many other SF customers.

The other factor is that I'm noticing that the SURBL list is alphabetically sorted.  With MAPS, I can put zen on top and I can read our quarantine to see effective zen is.  But with zen on the bottom, it can't get the "credit" for blocking a message if the message is first blocked by one of the other SUBRL lists.  But it's a very minor detail that in all, is not that important (in other words, not a feature request).

Dan, what's your experience been with zen as a SURBL in the past month?  Have your noticed it catching anything that the others could not?

Thanks,

Stephen
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 10 August 2007 at 12:42pm

Stephen,

Jeezzze!  You read my mind.  I just emailed Logsat on the sorting issue!   On the zen list ... VERY few but as you say, the sort forces it to the end so it is not a "fair" test.  I am still trying to judge if the extra lookup is worth the blocking gain.

On the DNSBL's,  I added psbl.surriel.com.  This seems to be a good list and will accept nearly instant de-listings in the case of false blocks which is nice.  I have it last in my list and it catches a fair amount that my other 3 do not.

The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
sgeorge View Drop Down
Senior Member
Senior Member


Joined: 23 August 2005
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote sgeorge Quote  Post ReplyReply Direct Link To This Post Posted: 10 August 2007 at 5:06pm
Thanks Dan. :)

And thanks for the heads-up on psbl.surriel.com.  Nice to see a list admin who really "gets it".  Even people who want to block spam don't want hoops of flame for senders to jump through to get unblocked.

A person's tolerance level for spam, while low, is always 10 times higher than then they have for false-positives.

Have a good weekend,

-S
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.164 seconds.