On 08/14/2013 05:02 PM, Nigel Smith wrote:
Nigel sent me the headers and the listed IP is NOT a private IP, but a legitimately PBL listing, a mobile ISP :)I wonder whether you should have chosen an RFC5737 address rather than an RFC1918 address for your obfuscation purposes...Because I forgot about RFC5737. ;-( As I said, happy to give full un-munged headers off-list.
His problem is his homebrew single "do it all" SA rule which does deep header checks against PBL instead of last-external.