With the recent run of Habeas impersonators, I wanted to use Habeas as a whitelist rather than a blacklist. I think the following ruleset basically accomplishes that:
header HABEAS_SWE X-Habeas-SWE-3 =~ /like Habeas SWE \(tm\)/
describe HABEAS_SWE Sender Warranted Email, see www.habeas.com
# assume it's not legit
score HABEAS_SWE 100
# check for it
header __HABEAS_HIL rbleval:check_rbl('hil', 'hil.habeas.com.')
describe __HABEAS_HIL Sender is on www.habeas.com Habeas Infringer List
meta COM.BFCCOMPUTING_HABEAS_LEGIT (! __HABEAS_HIL && HABEAS_SWE)
describe COM.BFCCOMPUTING_HABEAS_LEGIT A legit Habeas message
score COM.BFCCOMPUTING_HABEAS_LEGIT -105This is based on their page: http://www.habeas.com/configurationPages/spamassassin.htm
The problem with this ruleset, and theirs, I believe, is that the rbl check is done whether or not HABEAS_SWE matches. That's alot of unnecessary work for their system and mine.
I'd like to only do the rbl if HABEAS_SWE gets a hit. Is there a syntax to do this?
This is my first foray into SA rules, if that explains anything. ;)
Thanks, -Bill
