On 08/14/2013 05:15 PM, Nigel Smith wrote:
That's a rotten idea when asking questions about RBLs... In this
case, asking about X.X. would have been less confusing.
Yes, I'm sorry and I've already given myself 30 lashings ! ;-(
Se we have two problems here: parsing IP addresses from
inappropriate headers, and (potentially) the RBL code doing lookups
of RFC1918 addresses.
That's the point I'm trying to make here. SA is parsing from parts
it should not be !! The whole Zen or no Zen thing that some
others are going on about is not really relevant. SA should **NOT**
be reading the parts it is !
SA is doing it right - your rules are wrong.
pls try this - watch out for line MUA breaks!!!!!
header __ITS_RCVD_IN_ZEN eval:check_rbl('zen', 'zen.dnsbl.')
describe __ITS_RCVD_IN_ZEN Received via a relay in Spamhaus Zen
tflags __ITS_RCVD_IN_ZEN net
reuse __ITS_RCVD_IN_ZEN
header ITS_RCVD_IN_SBL eval:check_rbl_sub('zen', '127.0.0.2')
describe ITS_RCVD_IN_SBL Received via a relay in Spamhaus SBL
tflags ITS_RCVD_IN_SBL net
reuse ITS_RCVD_IN_SBL
# XBL is the Exploits Block List: http://www.spamhaus.org/xbl/
header ITS_RCVD_IN_XBL eval:check_rbl('zen-lastexternal', 'zen.dnsbl.',
'^127\.0\.0\.[45678]$')
describe ITS_RCVD_IN_XBL Received via a relay in Spamhaus XBL
tflags ITS_RCVD_IN_XBL net
reuse ITS_RCVD_IN_XBL
# PBL is the Policy Block List: http://www.spamhaus.org/pbl/
header ITS_RCVD_IN_PBL eval:check_rbl('zen-lastexternal', 'zen.dnsbl.',
'^127\.0\.0\.1[01]$')
describe ITS_RCVD_IN_PBL Received via a relay in Spamhaus PBL
tflags ITS_RCVD_IN_PBL net
reuse ITS_RCVD_IN_PBL
As I posted previously, the safer way to do it is to tell your recursor
to forward all spamhaus queries to you local rblsnd and NOT to tinker
with SA rules but then...