[SAtalk] adding a DNSBL to local.cf

Tue, 22 Jul 2003 11:22:14 -0700 

I'm looking at adding a local DNSBL, served out of one of the 
nameservers here. 

Let's say that I want to look up an IP address, a.b.c.d, on 
my server bl.odot.org, and want to add 5 points for entries 
that map to 127.0.0.4. 

Here:

#==========================================
header ODOT_RCVD_BL_LISTED      rbleval:check_rbl('ODOT_BL', 'bl.odot.org')
describe ODOT_RCVD_BL_LISTED    (LOCAL RULE) Check Received chain for open proxy or 
other bad stuff
tflags ODOT_RCVD_BL_LISTED net
#==========================================
header ODOT_BL_ENTRY    rbleval:check_rbl_results_for('ODOT_BL','127.0.0.4')
describe ODOT_BL_ENTRY  A host in the Received headers is listed in BL as open proxy 
or other severe problem
score ODOT_BL_ENTRY     5 5 5 5
#==========================================

is what I've got in /etc/mail/spamassassin/local.cf. 

I know the rules there are being seen, because other rules in that    
file are being used in scoring.                                       

There doesn't seem to be much in the perldoc on building rulesets for
checking DNSbls and scoring the results. What I have, above, is based
on lots of inference and examination of the rules in 20_headers..

I _think_ that the rules are constructed like this in the general 
case, but would really appreciate guidance: 

#==========================================
header CHECK_DNSBL_NAME rbleval:check_rbl('RESULT_NAME', 'DNSBL_SERVER_NAME')
describe CHECK_DNSBL_NAME       Insert CHECK_DNSBL_NAME description here
tflags CHECK_DNSBL_NAME net
#==========================================
header CHECK_RESULTS    rbleval:check_rbl_results_for('RESULT_NAME', '127.0.0.4')
describe CHECK_RESULTS  Insert CHECK_RESULTS description here 
score CHECK_RESULTS     5 5 5 5
#==========================================

and that the result of the check in "header CHECK_DNSBL_NAME" is
saved in RESULT_NAME for comparison with 127.0.0.4 in "header
CHECK_RESULTS", with a match causing the score to be increased by 5.

Am I close? I ask because I don't see any DNS lookups to cbl.odot.org.

Anyone?

-- 
Mike Andrews
[EMAIL PROTECTED]
Tired old sysadmin since 1964


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to