So this should do:
header RCVD_IN_VIRBL eval:check_rbl('virbl-notfirsthop','virbl.dnsbl.bit.nl')
describe RCVD_IN_VIRBL VIRBL: Received from a virus infected host
tflags RCVD_IN_VIRBL net
score RCVD_IN_VIRBL 0 3.0 0 3.0
BTW, Matt... I sent a question a few days ago about trusted_networks and it
went unanswered...
Is there any documentation about this setting, besides what's in
http://www.spamassassin.org/doc/Mail_SpamAssassin_Conf.html
I'd like to understand what it does rather than see a couple of trivial
examples...
My particular problem is described in
http://marc.theaimsgroup.com/?l=spamassassin-users&m=108705223721279&w=2
In short, is there a way (using trusted_networks or anything else) to avoid
EVERY RBL checking from a message coming from a specific IP?
Note that I don't want to prevent the rest of the checks for these messages,
only RBLs.
And there are no user settings. Everything is global.
TIA
El 17 Jun 2004 a las 9:24, Matt Kettler escribi�:
> At 09:25 AM 6/17/04 -0300, Mariano Absatz wrote:
> >I wanted to start using http://virbl.bit.nl/ but it is only meaningfull if
> >the host connecting directly to you (or your trusted_networks if I understand
> >that correctly).
> >
> >That is, if an infected machine is properly relaying thru its ISP's mail
> >server, I don't want to mark it.
> >
> >Can check_rbl() work only on the 'last hop'?
>
> Well the "notfirsthop" specifier used in rbl_check rules, despite it's
> name, is in actuality implemented as "only those IPs that connected to
> hosts in trusted_networks" in the 2.6x series.
>
> Thus, notfirsthop should do what you want, provided your trusted_networks
> is working.
>
> (The name notfirsthop is a bit of a legacy to the days when it really was
> "all hops excluding the first", but trusted_networks changed that)
--
Mariano Absatz
El Baby
----------------------------------------------------------
The Internet is mightier than the pen.
