On Mon, 2003-06-02 at 00:32, Justin Shore wrote: > I noticed a problem just now that I really hadn't though about before. I > recently added a number of DNSBLs to my sa-mimedefang.cf that weren't in > the stock SA (2.6.0-cvs). > > proxy.relays.osirusoft.com > socks.relays.osirusoft.com > all of blackholes.us's country zones, not providers > 7 SORBS BLs > proxies.relays.monkeys.com > proxies.blackholes.easynet.nl > dynablock.blackholes.easynet.nl > multihop.dsbl.org > dialups.visi.com > > I noticed a reply that was apparently sent to a reply someone sent me on > the Procmail list. I couldn't seem to find that reply for some reason. > I checked my >= spambox and found it. That message received a score of > 5.787. It received .6 for being in the ORSS, 1 for being in the NJABL, > and 1 for being in dialups.visi (1 is the score I used for all the BLs I > added). His IP was listed in those lists as a dialin IP. He effectively > received a score of 2.6 just for being a dialin user and not SmartHosting > to his provider's MTA. He also received 3.3 for a Forged Outlook MUA rule > which I haven't sorted out yet (stock rule and score). > > This got me wondering. Is it a bad idea to call more than 1 DNSBL of a > given type? For example, would it be wise querying 4 direct-to-MX BLs, 4 > proxy lists, 5 open relay lists, etc? I'm wondering if there's a better > way to handle this. For example, group all direct-to-mx lists together. > Query the first. If it matches, skip the rest. If it doesn't match, > query the next. So on and so forth for the rest of the lists until the > end. Is that a more logical way to handle it? >
Call them all and use a meta || rule for the score, or call and score them all then use a meta && rule to subtract some score back off, that's what I'm doing here meta Z_OPEN_PROXY (X_OSIRU_OPEN_PROXY || X_OSIRU_OPEN_SOCKS || X_MONKEYS_OPEN_PROXY) describe Z_OPEN_PROXY Host is an open proxy server score Z_OPEN_PROXY 1.4 Of course I could be totally wrong, but it works for me. Yet again I could be totally wrong about this, but I think you're wasting a lookup by querying proxies.relays.osirusoft.com, spamassassin already did RCVD_IN_OSIRUSOFT_COM for you so all you need to do is rbleval:check_rbl_results_for('osirusoft', '127.0.0.9') I can't get to osirusoft website right now to check but istr something like:- 127.0.0.2 = open relay 127.0.0.3 = dialup 127.0.0.4 = spam source 127.0.0.5 = smart host 127.0.0.6 = mirror of spamhaus.org/spamsites.org 127.0.0.7 = non-confirm mailing lists 127.0.0.8 = insecure formmail 127.0.0.9 = open proxy as I said, I could be wrong, shouldn't be difficult to check when the website comes back up. Dave > Justin > > > > ------------------------------------------------------- > This SF.net email is sponsored by: eBay > Get office equipment for less on eBay! > http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 > _______________________________________________ > Spamassassin-talk mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk -- Scanned by MailScanner at wot.no-ip.com ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk