Matt Kettler wrote: >> SA skips the "first hop" for dialup RBLs.. however, this guy was listed in >> real blacklists, and those don't have any "notfirsthop" restrictions. >> > RCVD_IN_DSBL (2.6 points) RBL: Received via a relay in > list.dsbl.org [RBL check: found 8.228.142.80.list.dsbl.org.] > RCVD_IN_NJABL (0.9 points) RBL: Received via a relay in > dnsbl.njabl.org [RBL check: found > 8.228.142.80.dnsbl.njabl.org.,] [type: 127.0.0.3] > >> See the notes at DSBL: http://dsbl.org/listing?80.142.228.8 They report >> it as a verified singlehop relay. >>
Since the 80.142.228.8 is definitely a dialup-host from a big german ISP for customers with dynamic IPs it should not be listed as singlehop in the RBLs. I am sure, the spammer is up-and-away from that IP. But that is more an RBL-issue than a issue of SA. > Upgrade your SA to fix the NJABL score problem. I think I will do that... >> but I think SA must >> do the check on the mailserver fmrl11.sul.t-online.com which is the >> first one appearing after "by ..." in the received-trail. > > Why on earth would it do that???? > Of course it's going to check the hosts in the "from" half of Received trail. Ok, I understand. You are right!
