Hi there,
Why dont you perform those checks at the pre-data level, within postfix?
It's faster and cuts a lot of treatment for the data analysis.
The way you are doing is the way I would do, but someone on the list might
have a better way.
Alex, from N7.
Hello list,
I'm a relatively new user of Spamassassin.
My setup is a postfix + amavisd-new + spamassassin stack, with amavisd-new
acting as before-queue filter. My use case is filtering submissions by
untrusted users (customers of the company I work for); sasl authentication
is mandatory.
I'm trying to set URIDNSBL rules in such a way that only certain dns lists
are queried (Spamhaus DBL and SURBL; we have a datafeed subscription with
them).
What I did was to look at
/var/lib/spamassassin/3.003002/updates_spamassassin_org/25_uribl.cf and set
my local.cf as follows:
[...]
score URIBL_SBL 0
score URIBL_SBL_A 0
score URIBL_DBL_SPAM 0
score URIBL_DBL_REDIR 0
score URIBL_DBL_ERROR 0
score URIBL_SC_SURBL 0
score URIBL_WS_SURBL 0
score URIBL_PH_SURBL 0
score URIBL_AB_SURBL 0
score URIBL_JP_SURBL 0
score URIBL_BLACK 0
score URIBL_GREY 0
score URIBL_RED 0
score URIBL_BLOCKED 0
urirhsbl URIBL_SURBL multi.surbl.org. A
body URIBL_SURBL eval:check_uridnsbl('URIBL_SURBL')
describe URIBL_SURBL Contains an URL listed in the SURBL
blocklist
tflags URIBL_SURBL net
reuse URIBL_SURBL
score URIBL_SURBL 3
urirhsbl URIBL_DBL_SPAM dbl.spamhaus.org. A
body URIBL_DBL_SPAM eval:check_uridnsbl('URIBL_DBL_SPAM')
describe URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
tflags URIBL_DBL_SPAM net domains_only
score URIBL_DBL_SPAM 3
[...]
I *intentionally* want to check aggregate lists instead of single ones and
reassign scores.
Everything works ok, except for the fact that queries are performed to
dob.sibl.support-intelligence.net as well. The matching rule is obviously
URIBL_RHS_DOB in 72_active.cf, and adding "score URIBL_RHS_DOB 0" to
local.cf solved the issue.
So my problem is: if I understand correctly the process of
72_active.cfrule generation, new URIBL_* rules could end up appearing
in
72_active.cf at any time through sa-update.
How can I configure Spamassassin to permanently use just the URIBL_* rules
I want? Do I have to check from time to time 72_ac tive.cf and see if
something has been added? That would be quite painful!
Thanks a lot for your support!
Fabio
