mikea writes: >A-*Ha*! And then each header is checked against the DNSbl named >'zone', I take it, with IP addresses of the form a.b.c.d being >reversed to d.c.b.a first, so that the lookup is done against >d.c.b.a.zone. > >TYVM. My search for doc on this apparently sidestepped something >important. Got a pointer?
Probably not ;) the Mail::SpamAssassin::Conf manpage is the best documentation on that. =item header SYMBOLIC_TEST_NAME rbleval:check_rbl('set', 'zone') Check a DNSBL (DNS blacklist), also known as RBLs (realtime blacklists). This will retrieve Received headers from the mail, parse the IP addresses, select which ones are 'untrusted' based on the C<trusted_networks> logic, and query that blacklist. There's a few things to note: =over 4 =item Duplicated or reserved IPs These are stripped, and the DNSBLs will not be queried for them. Reserved IPs are those listed in <http://www.iana.org/assignments/ipv4-address-space>, <http://duxcw.com/faq/network/privip.htm>, or <http://duxcw.com/faq/network/autoip.htm>. =item The first argument, 'set' This is used as a 'zone ID'. If you want to look up a multi-meaning zone like relays.osirusoft.com, you can then query the results from that zone using it; but all check_rbl_sub() calls must use that zone ID. Also, if an IP gets a hit in one lookup in a zone using that ID, any further hits in other rules using that zone ID will *not* be added to the score. =item Selecting all IPs except for the originating one This is accomplished by naming the set 'foo-notfirsthop'. Useful for querying against DNS lists which list dialup IP addresses; the first hop may be a dialup, but as long as there is at least one more hop, via their outgoing SMTP server, that's legitimate, and so should not gain points. If there is only one hop, that will be queried anyway, as it should be relaying via its outgoing SMTP server instead of sending directly to your MX. =item Selecting just the most recent untrusted Received header When checking a 'nice' DNSBL (a DNS whitelist?), you cannot trust Received headers further back than the very first 'untrusted' one. This is accomplished by naming the set 'foo-lastuntrusted'. =back --j. ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk