> In trying to setup RBL's with SA, I wanted to make sure the proper way
> to do it.
> I have seen some samples like this
> header RCVD_IN_BARRACUDACEN eval:check_rbl('bbarracuda-lastexternal',
> 'b.barracudacentral.org.')
> describe RCVD_IN_BARRACUDACEN Relay is listed in b.barracudacentral.org
> <http://b.barracudacentral.org>
> tflags RCVD_IN_BARRACUDACEN net
> score RCVD_IN_BARRACUDACEN 4.0
Maybe add/choose the value?
header RCVD_IN_EXAMPLE_RBL eval:check_rbl('example', 'rbl.example.com.',
'127.0.0.1')
I have always had issues with barracuda's false positives, are you sure you
want to use them?
>
> Is this actually going out and doing a DNS query or reading from the
> header of the message?
> I think I want to actually do the DNS query and I will cache locally to
> avoid issues and increase performance.
That is what dns servers do, cache. If you have your local dns, these requests
are probably faster than spamassassin rule processing.
>
>
> The last part of my question is, here we score and then based on scoring
> the next part can either quarantine the message or deliver it, but is
> there a way from SA to simply say reject it right there?
Why not use the dns blacklist at the mta? And reject the messages even before
they are using spamassassin. Imho you should apply simple/basic/fast checks
first and at the end use resource intensive tasks like spamassassin.
I also believe there is an advantage in rejecting messages, compared to just
marking them. Rejecting messages will train spam systems not to try more.
If they know you allow messages through, they will only send you more.
