mikea writes:
>A-*Ha*! And then each header is checked against the DNSbl named
>'zone', I take it, with IP addresses of the form a.b.c.d being
>reversed to d.c.b.a first, so that the lookup is done against
>d.c.b.a.zone.
>
>TYVM. My search for doc on this apparently sidestepped something
>important. Got a pointer?
Probably not ;) the Mail::SpamAssassin::Conf manpage is the
best documentation on that.
=item header SYMBOLIC_TEST_NAME rbleval:check_rbl('set', 'zone')
Check a DNSBL (DNS blacklist), also known as RBLs (realtime blacklists). This
will retrieve Received headers from the mail, parse the IP addresses, select
which ones are 'untrusted' based on the C<trusted_networks> logic, and query
that blacklist. There's a few things to note:
=over 4
=item Duplicated or reserved IPs
These are stripped, and the DNSBLs will not be queried for them. Reserved IPs
are those listed in <http://www.iana.org/assignments/ipv4-address-space>,
<http://duxcw.com/faq/network/privip.htm>, or
<http://duxcw.com/faq/network/autoip.htm>.
=item The first argument, 'set'
This is used as a 'zone ID'. If you want to look up a multi-meaning zone like
relays.osirusoft.com, you can then query the results from that zone using it;
but all check_rbl_sub() calls must use that zone ID.
Also, if an IP gets a hit in one lookup in a zone using that ID, any further
hits in other rules using that zone ID will *not* be added to the score.
=item Selecting all IPs except for the originating one
This is accomplished by naming the set 'foo-notfirsthop'. Useful for querying
against DNS lists which list dialup IP addresses; the first hop may be a
dialup, but as long as there is at least one more hop, via their outgoing
SMTP server, that's legitimate, and so should not gain points. If there
is only one hop, that will be queried anyway, as it should be relaying
via its outgoing SMTP server instead of sending directly to your MX.
=item Selecting just the most recent untrusted Received header
When checking a 'nice' DNSBL (a DNS whitelist?), you cannot trust
Received headers further back than the very first 'untrusted' one.
This is accomplished by naming the set 'foo-lastuntrusted'.
=back
--j.
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
