Nigel Smith wrote:
>
> On 08/14/2013 05:31 PM, Nigel Smith wrote:
>> Actually Axb, these are my current rules, so I might not be as wrong
> as you think......
>>
>> # ITS Local
>> header ITS_RCVD_IN_ZEN eval:check_rbl('zen', 'zen.dnsbl.')
>> describe ITS_RCVD_IN_ZEN Received via a relay in Spamhaus Zen
>> tflags ITS_RCVD_IN_ZEN net
>> reuse ITS_RCVD_IN_ZEN
>> scoreITS_RCVD_IN_ZEN30.0
>
>>THIS rules is wrong!
>>see the difference to what i posted and Bowie's comment
>>you DON'T want deep header check on all of ZEN
>
>
> Well, I guess that's a fairly convincing argument. ;-)
>
> I'll roll out fresh configs this evening and see how things go.
The other thing that may cause issues down the road is accidentally
checking both your local datafeed copy *and* the public-DNS Spamhaus
data, because you've added new rules for your datafeed lookup with
different names than the stock rules.
When we switched to a datafeed subscription here, I just took the stock
rules and placed them (with the change of DNS zone name as necessary) in
my local rules without renaming them, so that they overwrote the stock
rule definitions. This made sure that we really were using the datafeed
data in our rbldnsd instances instead of the public DNS data.
-kgd
