Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)

Wed, 14 Aug 2013 08:40:31 -0700 

On 8/14/2013 11:31 AM, Nigel Smith wrote:
Actually Axb, these are my current rules, so I might not be as wrong as you think...... 

# ITS Local
header ITS_RCVD_IN_ZEN            eval:check_rbl('zen', 'zen.dnsbl.')
describe ITS_RCVD_IN_ZEN          Received via a relay in Spamhaus Zen
tflags ITS_RCVD_IN_ZEN            net
reuse  ITS_RCVD_IN_ZEN
scoreITS_RCVD_IN_ZEN30.0



This should not be scored at all.  Just use the others instead.  The 
only things you'll catch with this vs the separate rules below are false 
positives.  You can either change this to __ITS_RCVD_IN_ZEN, or set the 
score to 0.001.



#

header ITS_RCVD_IN_SBL              eval:check_rbl_sub('zen', 
'^127\.0\.0\.[23]$')

describe ITS_RCVD_IN_SBL            Received via a relay in Spamhaus SBL
tflags ITS_RCVD_IN_SBL              net
reuse  ITS_RCVD_IN_SBL
scoreITS_RCVD_IN_SBL30.0
#

header ITS_RCVD_IN_XBL  eval:check_rbl('zen-lastexternal', 
'zen.dnsbl.', '^127\.0\.0\.[4567]$')

describe ITS_RCVD_IN_XBL            Received via a relay in Spamhaus XBL
tflags ITS_RCVD_IN_XBL              net
reuse  ITS_RCVD_IN_XBL
scoreITS_RCVD_IN_XBL30.0
#

header ITS_RCVD_IN_PBL  eval:check_rbl('zen-lastexternal', 
'zen.dnsbl.', '^127\.0\.0\.1[01]$')

describe ITS_RCVD_IN_PBL            Received via a relay in Spamhaus PBL
tflags ITS_RCVD_IN_PBL              net

reuse  ITS_RCVD_IN_PBL              ITS_RCVD_IN_PBL 
T_RCVD_IN_PBL_WITH_NJABL_DUL RCVD_IN_NJABL_DUL

scoreITS_RCVD_IN_PBL30.0
#
uridnssub ITS_URIBL_SBL        zen.dnsbl.       A   127.0.0.2
body  ITS_URIBL_SBL        eval:check_uridnsbl('ITS_URIBL_SBL')
describe  ITS_URIBL_SBL        Contains an URL listed in the SBL blocklist
tflags  ITS_URIBL_SBL        net
reuse ITS_URIBL_SBL
scoreITS_URIBL_SBL30.0
#
# DBL, http://www.spamhaus.org/dbl/
if can(Mail::SpamAssassin::Plugin::URIDNSBL::has_tflags_domains_only)
urirhssub ITS_URIBL_DBL_SPAM   dbl.dnsbl.       A   127.0.1.2
body  ITS_URIBL_DBL_SPAM eval:check_uridnsbl('ITS_URIBL_DBL_SPAM')
describe  ITS_URIBL_DBL_SPAM   Contains an URL listed in the DBL blocklist
tflags  ITS_URIBL_DBL_SPAM   net domains_only
scoreITS_URIBL_DBL_SPAM   30.0
# this indicates that IP-address queries were sent to DBL, and should
# never appear; if it does, something is wrong with SpamAssassin
urirhssub ITS_URIBL_DBL_ERROR  dbl.dnsbl.       A   127.0.1.255
body  ITS_URIBL_DBL_ERROR  eval:check_uridnsbl('ITS_URIBL_DBL_ERROR')
describe  ITS_URIBL_DBL_ERROR  Error: queried the DBL blocklist for an IP
tflags  ITS_URIBL_DBL_ERROR  net domains_only
endif
#



The rest should be fine.

--
Bowie
























					Reply via email to