Hi there, Why dont you perform those checks at the pre-data level, within postfix?
It's faster and cuts a lot of treatment for the data analysis. The way you are doing is the way I would do, but someone on the list might have a better way. Alex, from N7. Hello list, I'm a relatively new user of Spamassassin. My setup is a postfix + amavisd-new + spamassassin stack, with amavisd-new acting as before-queue filter. My use case is filtering submissions by untrusted users (customers of the company I work for); sasl authentication is mandatory. I'm trying to set URIDNSBL rules in such a way that only certain dns lists are queried (Spamhaus DBL and SURBL; we have a datafeed subscription with them). What I did was to look at /var/lib/spamassassin/3.003002/updates_spamassassin_org/25_uribl.cf and set my local.cf as follows: [...] score URIBL_SBL 0 score URIBL_SBL_A 0 score URIBL_DBL_SPAM 0 score URIBL_DBL_REDIR 0 score URIBL_DBL_ERROR 0 score URIBL_SC_SURBL 0 score URIBL_WS_SURBL 0 score URIBL_PH_SURBL 0 score URIBL_AB_SURBL 0 score URIBL_JP_SURBL 0 score URIBL_BLACK 0 score URIBL_GREY 0 score URIBL_RED 0 score URIBL_BLOCKED 0 urirhsbl URIBL_SURBL multi.surbl.org. A body URIBL_SURBL eval:check_uridnsbl('URIBL_SURBL') describe URIBL_SURBL Contains an URL listed in the SURBL blocklist tflags URIBL_SURBL net reuse URIBL_SURBL score URIBL_SURBL 3 urirhsbl URIBL_DBL_SPAM dbl.spamhaus.org. A body URIBL_DBL_SPAM eval:check_uridnsbl('URIBL_DBL_SPAM') describe URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist tflags URIBL_DBL_SPAM net domains_only score URIBL_DBL_SPAM 3 [...] I *intentionally* want to check aggregate lists instead of single ones and reassign scores. Everything works ok, except for the fact that queries are performed to dob.sibl.support-intelligence.net as well. The matching rule is obviously URIBL_RHS_DOB in 72_active.cf, and adding "score URIBL_RHS_DOB 0" to local.cf solved the issue. So my problem is: if I understand correctly the process of 72_active.cfrule generation, new URIBL_* rules could end up appearing in 72_active.cf at any time through sa-update. How can I configure Spamassassin to permanently use just the URIBL_* rules I want? Do I have to check from time to time 72_ac tive.cf and see if something has been added? That would be quite painful! Thanks a lot for your support! Fabio