On 8/14/2013 11:31 AM, Nigel Smith wrote:
Actually Axb, these are my current rules, so I might not be as wrong
as you think......
# ITS Local
header ITS_RCVD_IN_ZEN eval:check_rbl('zen', 'zen.dnsbl.')
describe ITS_RCVD_IN_ZEN Received via a relay in Spamhaus Zen
tflags ITS_RCVD_IN_ZEN net
reuse ITS_RCVD_IN_ZEN
scoreITS_RCVD_IN_ZEN30.0
This should not be scored at all. Just use the others instead. The
only things you'll catch with this vs the separate rules below are false
positives. You can either change this to __ITS_RCVD_IN_ZEN, or set the
score to 0.001.
#
header ITS_RCVD_IN_SBL eval:check_rbl_sub('zen',
'^127\.0\.0\.[23]$')
describe ITS_RCVD_IN_SBL Received via a relay in Spamhaus SBL
tflags ITS_RCVD_IN_SBL net
reuse ITS_RCVD_IN_SBL
scoreITS_RCVD_IN_SBL30.0
#
header ITS_RCVD_IN_XBL eval:check_rbl('zen-lastexternal',
'zen.dnsbl.', '^127\.0\.0\.[4567]$')
describe ITS_RCVD_IN_XBL Received via a relay in Spamhaus XBL
tflags ITS_RCVD_IN_XBL net
reuse ITS_RCVD_IN_XBL
scoreITS_RCVD_IN_XBL30.0
#
header ITS_RCVD_IN_PBL eval:check_rbl('zen-lastexternal',
'zen.dnsbl.', '^127\.0\.0\.1[01]$')
describe ITS_RCVD_IN_PBL Received via a relay in Spamhaus PBL
tflags ITS_RCVD_IN_PBL net
reuse ITS_RCVD_IN_PBL ITS_RCVD_IN_PBL
T_RCVD_IN_PBL_WITH_NJABL_DUL RCVD_IN_NJABL_DUL
scoreITS_RCVD_IN_PBL30.0
#
uridnssub ITS_URIBL_SBL zen.dnsbl. A 127.0.0.2
body ITS_URIBL_SBL eval:check_uridnsbl('ITS_URIBL_SBL')
describe ITS_URIBL_SBL Contains an URL listed in the SBL blocklist
tflags ITS_URIBL_SBL net
reuse ITS_URIBL_SBL
scoreITS_URIBL_SBL30.0
#
# DBL, http://www.spamhaus.org/dbl/
if can(Mail::SpamAssassin::Plugin::URIDNSBL::has_tflags_domains_only)
urirhssub ITS_URIBL_DBL_SPAM dbl.dnsbl. A 127.0.1.2
body ITS_URIBL_DBL_SPAM eval:check_uridnsbl('ITS_URIBL_DBL_SPAM')
describe ITS_URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
tflags ITS_URIBL_DBL_SPAM net domains_only
scoreITS_URIBL_DBL_SPAM 30.0
# this indicates that IP-address queries were sent to DBL, and should
# never appear; if it does, something is wrong with SpamAssassin
urirhssub ITS_URIBL_DBL_ERROR dbl.dnsbl. A 127.0.1.255
body ITS_URIBL_DBL_ERROR eval:check_uridnsbl('ITS_URIBL_DBL_ERROR')
describe ITS_URIBL_DBL_ERROR Error: queried the DBL blocklist for an IP
tflags ITS_URIBL_DBL_ERROR net domains_only
endif
#
The rest should be fine.
--
Bowie