Hi,
I have written the following ruleset for our local RBL server :-
header __RCVD_IN_LRBL
eval:check_rbl('LRBL','dnsrbl.local.com.')
tflags __RCVD_IN_LRBL net
header __RCVD_IN_LRBL_B eval:check_rbl_sub('LRBL', '127.0.0.2')
tflags __RCVD_IN_LRBL_B net
header __RCVD_IN_LRBL_W eval:check_rbl_sub('LRBL', '127.0.0.3')
tflags __RCVD_IN_LRBL_W net
meta RCVD_IN_LRBL_W (__RCVD_IN_LRBL_W + __RCVD_IN_LRBL_B =
1)
describe RCVD_IN_LRBL_W Local RBL Whitelist
tflags RCVD_IN_LRBL_W net
score RCVD_IN_LRBL_W -7
meta RCVD_IN_LRBL_B (__RCVD_IN_LRBL_W + __RCVD_IN_LRBL_B =
1)
describe RCVD_IN_LRBL_B Local RBL Blacklist
tflags RCVD_IN_LRBL_B net
score RCVD_IN_LRBL_B 7
meta RCVD_IN_LRBL_Y (__RCVD_IN_LRBL_W + __RCVD_IN_LRBL_B =
2)
describe RCVD_IN_LRBL_Y Local RBL Yellowlist
tflags RCVD_IN_LRBL_Y net
score RCVD_IN_LRBL_Y -3
But obviously it will score the whitelist and blacklist the same if the IP
address appears in both lists. How can I say on the meta rule that if it
*only* appears in blacklist score -7, and 7 if in whitelist, and if in both use
the yellowlist ?
Regards,
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
