Re: writing own rbl rules

Tue, 26 Aug 2014 08:43:26 -0700 

Am 26.08.2014 um 17:30 schrieb Axb:
> On 08/26/2014 05:25 PM, Reindl Harald wrote:
>> Am 26.08.2014 um 17:18 schrieb Axb:
>>> On 08/26/2014 04:28 PM, Reindl Harald wrote:
>>>> header   RCVD_IN_RP_TLDNS1 eval:check_rbl('tldns1-lastexternal', 
>>>> 'dnswl.thelounge.net.')
>>>> describe RCVD_IN_RP_TLDNS1 Custom DNSBL/DNSWL
>>>> tflags   RCVD_IN_RP_TLDNS1 net
>>>> score    RCVD_IN_RP_TLDNS1 -5
>>>>
>>> assuming your using rbldnsd,  do you have the resolver forwarding to the 
>>> dnswl.thelounge.net zone?
>>> does dnswl.thelounge.net have an A record
>>> have you configured a testpoint in dnswl.thelounge.net? if yes, can you 
>>> resolve it with dig?
>>
>> Arrrrgh - that rules are skipped in case of hosts from the
>> same network as the server - is there some way to disable
>> that behavior?
>>
>> in case of blacklists that may make sense
>> in case of DNSWL containing the own subnet a substract a large score not so
>>
>> i just added my public home-ip to the dnswl and made
>> a copy of the test-formmailer there pointing to the
>> mail-gateway running SA and now it works
> 
> if you have your host IPs in internal/trusted networks
> what's the point of doing BL/WL lookups on those?

the most important point it that hidden magic makes
it hard to implement and test things - without that
i would have *hours ago* finished the backend and
cronjobs

we have for different weighted whitelists, i am about
write SA-rules for them to substract a different
score and the LAN is an all 4 of them

in fact the combined negative score would override much
more than the skip of RBL/DNSBL and the implicit trust
and even at testing with one DNSWL that would have
allowed a tagged testmessage which was blocked otherwise
until raise the threshold

> if that bothers you remove them from internal/trusted  networks

they are *not* i sepecially added the following lines
to prevent the automatic adding to "trusted_networks"
since the IP range is outside

clear_trusted_networks
trusted_networks 192.168.168.0/24

there was no trust at all in the headers and no
hint why the DNSWL was skipped at all

ADVANCE_FEE_4_NEW
ADVANCE_FEE_4_NEW_MONEY
ADVANCE_FEE_5_NEW
ADVANCE_FEE_5_NEW_MONEY
BAYES_99
BAYES_999
DEAR_SOMETHING
DKIM_ADSP_CUSTOM_MED
FREEMAIL_FROM
LOTS_OF_MONEY
SPF_SOFTFAIL
T_MONEY_PERCENT
URG_BIZ

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to