On Mar 15, 2004, at 11:05 PM, Theo Van Dinter wrote:
Is there some reason the standard rules don't work for you?
Yeah, at least if I'm understanding it right. Perhaps I should annotate how I think it's working:
header HABEAS_SWE X-Habeas-SWE-3 =~ /like Habeas SWE \(tm\)/ describe HABEAS_SWE Sender Warranted Email, see www.habeas.com score HABEAS_SWE -100
at this point a message claiming to be Habeas is scored -100
it it's legit, great. If it's a spam....header HABEAS_HIL rbleval:check_rbl('hil', 'hil.habeas.com.')
describe HABEAS_HIL Sender is on www.habeas.com Habeas Infringer List
score HABEAS_HIL 105.0so now if the spammer is on their Infringer List (rbl) the spam is scored +5, great
if it's legit, the message is still scored -100, great
if it's a spammer using zombies and random senders, it's not on the infringer list, so it's still -100
I was trying to avoid the last situation, but I see now that my rule really doesn't do that, it's just the same thing as the stock rule done in a more obtuse way. :P
I think what I would really need is Habeas to setup a different rbl server with _legit_ senders, and then my rule would be OK. As an aside, what stops spammers from forging legit Habeas senders?
I'd like to only do the rbl if HABEAS_SWE gets a hit. Is there a syntax to do this?
Yep, the standard version does that.
So I'm guessing there's some code behind
rbleval:check_rbl('hil', 'hil.habeas.com.')
that does that? The rules themselves don't express this behavior, right?
Thanks again, -Bill
