Am 26.08.2014 um 17:30 schrieb Axb: > On 08/26/2014 05:25 PM, Reindl Harald wrote: >> Am 26.08.2014 um 17:18 schrieb Axb: >>> On 08/26/2014 04:28 PM, Reindl Harald wrote: >>>> header RCVD_IN_RP_TLDNS1 eval:check_rbl('tldns1-lastexternal', >>>> 'dnswl.thelounge.net.') >>>> describe RCVD_IN_RP_TLDNS1 Custom DNSBL/DNSWL >>>> tflags RCVD_IN_RP_TLDNS1 net >>>> score RCVD_IN_RP_TLDNS1 -5 >>>> >>> assuming your using rbldnsd, do you have the resolver forwarding to the >>> dnswl.thelounge.net zone? >>> does dnswl.thelounge.net have an A record >>> have you configured a testpoint in dnswl.thelounge.net? if yes, can you >>> resolve it with dig? >> >> Arrrrgh - that rules are skipped in case of hosts from the >> same network as the server - is there some way to disable >> that behavior? >> >> in case of blacklists that may make sense >> in case of DNSWL containing the own subnet a substract a large score not so >> >> i just added my public home-ip to the dnswl and made >> a copy of the test-formmailer there pointing to the >> mail-gateway running SA and now it works > > if you have your host IPs in internal/trusted networks > what's the point of doing BL/WL lookups on those?
the most important point it that hidden magic makes it hard to implement and test things - without that i would have *hours ago* finished the backend and cronjobs we have for different weighted whitelists, i am about write SA-rules for them to substract a different score and the LAN is an all 4 of them in fact the combined negative score would override much more than the skip of RBL/DNSBL and the implicit trust and even at testing with one DNSWL that would have allowed a tagged testmessage which was blocked otherwise until raise the threshold > if that bothers you remove them from internal/trusted networks they are *not* i sepecially added the following lines to prevent the automatic adding to "trusted_networks" since the IP range is outside clear_trusted_networks trusted_networks 192.168.168.0/24 there was no trust at all in the headers and no hint why the DNSWL was skipped at all ADVANCE_FEE_4_NEW ADVANCE_FEE_4_NEW_MONEY ADVANCE_FEE_5_NEW ADVANCE_FEE_5_NEW_MONEY BAYES_99 BAYES_999 DEAR_SOMETHING DKIM_ADSP_CUSTOM_MED FREEMAIL_FROM LOTS_OF_MONEY SPF_SOFTFAIL T_MONEY_PERCENT URG_BIZ
signature.asc
Description: OpenPGP digital signature