Maybe I don't see your point clearly ;-) But I don't want to whitelist
Have this two rules now
urirhssub URIBL_DOMAIN my.rbl.tld. A 127.0.0.16
body URIBL_DOMAIN eval:check_uridnsbl('MY_URIBL_DOMAIN')
askdns URIBL_HOST _URIHOSTS_.my.rbl.tld. A 127.0.0.24
my.rbl.tld is based on mysql data which gets feeded more or less
automatically from different sources (like my own traps or external data
like phishtank etc ppt).
And I have a third rule
urirhssub URIBL_DOMAIN_FU my.rbl.tld. A 127.0.0.32
body URIBL_DOMAIN_FU eval:check_uridnsbl('URIBL_DOMAIN_FU')
score URIBL_DOMAIN_FU 200
where domains will be listed after too many entries in fullhost table.
Am 19.02.2018 um 16:14 schrieb Benny Pedersen:
> Tobi skrev den 2018-02-19 14:43:
>> no need for this as that case is covered by sa urirhssub queries.
>> I needed a way to perform www.sub.domain.tld AND domain.tld queries of
>> the uri www.sub.domain.tld
> would you like to test?
> blacklist _URIDOMAINS_
> whitelist _URIHOSTS_
> if you score whitelist 50% of blacklist score there could be nice
> that way spammers have higther burdon to jump over
> and you dont need random listning of next subdomain spammer