SURBL installation with SA 2.63 on Win32

(Last updated: 2004-07-01 03:54 PM)

****DISCLAIMER*****

Some rules & code implemented by these instructions are in beta (i.e. Mail-SpamAssassin-SpamCopURI-0.09.tar.gz).

This is NOT guaranteed to work on ANY system under ANY circumstances. All I can say is that it works in MY environment!

My environment consists of:

·        Guinevere Box:

Guinevere 2.0.14 and SpamAssassin 2.63 running on MS Windows 2000 SP4 w/ 512 MB ram.

Bayesian enabled

Heath and James modification enabled

ActivePerl 5.6.1 Build 635

Microsoft NetWare client

·        Mailserver:

GroupWise 6.0.2 running on NetWare 5.1 SP5

**NOTE** Guinevere and SpamAssassin were installed by following Michael Bell’s instructions VERBAITIM! (Therefore, nmake version 15 and the like are all installed and assumed to be where they should be).

(Some Unix/Linux users have reported problems with existing rules after installing SURBL—even after disabling SURBL rules. BE CAREFUL! I performed a complete backup of the Guinevere/SA box before I proceeded).

 

DON’T SAY YOU HAVEN’T BEEN WARNED!!!

 

****END OF DISCLAIMER*****

 

For information about SURBL, go to http://www.surbl.org/

 

  1. BACKUP – see the disclaimer

 

  1. PREINSTALLATION TEST – (Highly recommended)
    1. Open a dos window at c: and run “spamassassin --lint” (without the quotes)

                                                               i.      If any errors are reported, fix them or research them before proceeding!

 

  1. INSTALL URI-1.30
    The SURBL queries require an additional module that will likely not be installed on most Win32 Perl installations. This module is called URI::QueryParam. If you already have this, then I guess you can skip to step 3. J If not, continue on:
    1. Download URI-1.30 module from http://search.cpan.org/~gaas/URI-1.30/
    2. Extract URI-1.30.tar.gz to the root of C:
    3. Open a dos window and cd to URI-1.30 and type

                                                               i.      perl makefile.pl

                                                             ii.      nmake

                                                            iii.      nmake install

 

  1. INSTALL SpamCopURI-0.??
    (.?? Should be replaced with the current version of SpamCopURI. For instance SpamCopURI-0.18)
    1. Download the latest Mail-SpamAssassin-SpamCopURI-0.??.tar.gz from: http://sourceforge.net/projects/spamcopuri/
    2. Extract Mail-SpamAssassin-SpamCopURI-0.??.tar.gz to the root of C:
    3. Open a dos window and cd to Mail-SpamAssassin-SpamCopURI-0.?? and type

                                                               i.      perl makefile.pl

                                                             ii.      nmake

                                                            iii.      nmake install

 

  1. COPY THE .CF FILE TO YOUR RULES FOLDER
    1. Finally copy C:Mail-SpamAssassin-SpamCopURI-0.??rulesspamcop_uri.cf to your SA rules folder. (should be perlsharespamassassin)

 

  1. POSTINSTALLATION TEST
    1. Open a dos window and run: “spamassassin --lint” from the command line (without the quotes).

                                                               i.      If any errors are reported, fix them or research them before enabling the rule for production! (Since you ran a --lint before installing SURBL and it came out clean, you can assume that any errors here are related to the SURBL or URI-1.30 installation. YOU DID run the --lint in step two, right???)

    1. Send yourself a message from an external email account and include the URI http://test.surbl.org in the email.

                                                               i.      The rule “SPAMCOP_URI_RBL” should trigger on your test message.

 

  1. MODIFY SCORES
    The default score for spamcop_uri is 3.0. Adjust to your own tastes via changing spamcop_uri.cf or adding a line to your local.cf such as:
    score SPAMCOP_URI_RBL 1.0

SURBL Data Feed Request

SURBL Data Feeds offer higher performance for professional users through faster updates and resulting fresher data. Freshness matters since the threat behavior is often highly dynamic, so Data Feed users can expect higher detection rates and lower false negatives.

The main data set is available in different formats:

Rsync and DNS are typically used for mail filtering and RPZ for web filtering. High-volume systems and non-filter uses such as security research should use rsync.

For more information, please contact your SURBL reseller or see the references in Links.

Sign up for SURBL Data Feed Access.

  • Sign up for data feed access

    Direct data feed access offers better filtering performance with fresher data than is available on the public mirrors. Sign up for SURBL Data Feed Access.

  • Applications supporting SURBL

  • Learn about SURBL lists