On Sun, 2008-04-06 at 20:00 -0400, Juan Miscaro wrote:
> Hi, I recently activated URIDNSBL and my scores went through the roof.

You mean you activated the plugin? What's your SA version? These checks
are enabled by default and actually are quite effective. As you noticed.
And as the plugin doc [1] states.

> I'm a little worried about it.


Seriously, I know that feeling -- changing your mail processing
"slightly", and noticing some massive changes. However...

> So first, is this method a recommended in the SA community?

Yes. It is enabled by default.

> And secondly, how can I mod down the (high) scores I'm seeing? I
> tried this in my local.cf file but it was ignored:
> score URIBL_SBL 1.0

That will *only* change the score for the URIBL_SBL test, the URI
Blacklist by Spamhaus, which defaults to a score of about 1.5 in SA.
This indeed doesn't make much of a difference -- even more so, since
there are other blacklists queried [2]. URIBL_BLACK for example is
highly efficient, and will trigger on a lot of (read: most) spam
containing URIs.

If you really want to lower the scores for the tests you just enabled,
you will need to do so in your local.cf for other rules, too. See
25_uribl.cf and 50_scores.cf for the default score. Lint check and
restart spamd after modifying anything in local.cf.

IMHO, the high scores are justified. The scoring process prior to a
release carefully set these scores, based on the reliability and
effectiveness of the various BLs, while minimizing FPs.


[1] http://spamassassin.apache.org/full/..._URIDNSBL.html
[2] see 25_uribl.cf

char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a \x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}