Hi,
On Wed, Nov 2, 2016 at 10:36 AM, Kris Deugau <kdeu...@vianet.ca> wrote:
> Alex wrote:
>> I've had to lower the score on my header XBL check because it was
>> triggering on so many dynamic IPs that were clearly reassigned to new
>> users, then being blacklisted. I'd appreciate it if anyone could
>> provide additional input on how they might use something like this.
>>
>> header RCVD_IN_XBL_ALL eval:check_rbl_sub('zen', '127.0.0.[45678]')
>> describe RCVD_IN_XBL_ALL Received via a relay in Spamhaus SBL-XBL
>> tflags RCVD_IN_XBL_ALL net
>> score RCVD_IN_XBL_ALL 0.01
>
> If this is really hitting on lots of legitimate mail, you probably have
> a trust path issue. This should only check the IP that handed the
> message to your mail server. It should NOT be checking the IP that the
> message originated from unless you really want to refuse mail from any
> IP that has recently had an infected PC on or behind it.
>
> You shouldn't need to (re)define this in any case, and I'm not certain
> without rereading the man page if or how this will behave somewhat
> differently to the stock RCVD_IN_XBL rule - that could be the problem
> all on its own.
Yes, as the rule currently stands, it was hitting on any Received
header, including the origin IP from which the message was sent.
Should there be some sort of "last-external" to signify which IP to
check?
Thanks,
Alex
