From: "Bill McGonigle" <[EMAIL PROTECTED]>
> [note: in the process of writing this I realized my rule is useless.
> I'll continue in hopes there's another solution.]
>
> On Mar 15, 2004, at 11:05 PM, Theo Van Dinter wrote:
> > Is there some reason the standard rules don't work for you?
>
> Yeah, at least if I'm understanding it right. Perhaps I should
> annotate how I think it's working:
>
> header HABEAS_SWE X-Habeas-SWE-3 =~ /like Habeas SWE \(tm\)/
> describe HABEAS_SWE Sender Warranted Email, see www.habeas.com
> score HABEAS_SWE -100
>
> at this point a message claiming to be Habeas is scored -100
> it it's legit, great. If it's a spam....
>
> header HABEAS_HIL rbleval:check_rbl('hil', 'hil.habeas.com.')
> describe HABEAS_HIL Sender is on www.habeas.com Habeas Infringer List
> score HABEAS_HIL 105.0
>
> so now if the spammer is on their Infringer List (rbl) the spam is
> scored +5, great
> if it's legit, the message is still scored -100, great
> if it's a spammer using zombies and random senders, it's not on the
> infringer list, so it's still -100
>
> I was trying to avoid the last situation, but I see now that my rule
> really doesn't do that, it's just the same thing as the stock rule done
> in a more obtuse way. :P
>
> I think what I would really need is Habeas to setup a different rbl
> server with _legit_ senders, and then my rule would be OK. As an
> aside, what stops spammers from forging legit Habeas senders?
>
> >> I'd like to only do the rbl if HABEAS_SWE gets a hit. Is there a
> >> syntax to do this?
> >
> > Yep, the standard version does that.
>
> So I'm guessing there's some code behind
> rbleval:check_rbl('hil', 'hil.habeas.com.')
> that does that? The rules themselves don't express this behavior,
> right?
Check out "meta" rules in the WIKI. They may be your best friends.
{^_^}
