>As I posted previously, the safer way to do it is to tell your recursor
>to forward all spamhaus queries to you local rblsnd and NOT to tinker >with SA rules but then... My local recursor does forward to rbldnsd, as per their instructions... zone "dnsbl" { type forward; forward only; forwarders { XXXXXXX port 10099; }; }; Just checked the documentation Spamhaus provide..... they suggest the following in the local.cf...... which is very similar to what I've been doing, is it not ? (admittedly the below was not in the documentation a the time, so my local.cf additions were home-brew). header __RCVD_IN_ZEN eval:check_rbl('zen','zen.dnsbl.') header RCVD_IN_XBL eval:check_rbl('zen-lastexternal', 'zen.dnsbl.','127.0.0.[45678]') header RCVD_IN_PBL eval:check_rbl('zen-lastexternal', 'zen.dnsbl.', '127.0.0.1[01]') uridnssub URIBL_SBL zen.dnsbl. A 127.0.0.2 urirhssub URIBL_DBL_SPAM dbl.dnsbl. A 127.0.1.2 urirhssub URIBL_DBL_REDIR dbl.dnsbl. A 127.0.1.3 urirhssub URIBL_DBL_ERROR dbl.dnsbl. A 127.0.1.255