Maybe I don't see your point clearly ;-) But I don't want to whitelist
Have this two rules now

urirhssub       URIBL_DOMAIN   my.rbl.tld. A
body            URIBL_DOMAIN   eval:check_uridnsbl('MY_URIBL_DOMAIN')

askdns          URIBL_HOST A

my.rbl.tld is based on mysql data which gets feeded more or less
automatically from different sources (like my own traps or external data
like phishtank etc ppt).

And I have a third rule

urirhssub       URIBL_DOMAIN_FU   my.rbl.tld. A
body            URIBL_DOMAIN_FU   eval:check_uridnsbl('URIBL_DOMAIN_FU')
score           URIBL_DOMAIN_FU   200

where domains will be listed after too many entries in fullhost table.



Am 19.02.2018 um 16:14 schrieb Benny Pedersen:
> Tobi skrev den 2018-02-19 14:43:
>> no need for this as that case is covered by sa urirhssub queries.
>> I needed a way to perform www.sub.domain.tld AND domain.tld queries of
>> the uri www.sub.domain.tld
> would you like to test?
> blacklist _URIDOMAINS_
> whitelist _URIHOSTS_
> :=)
> if you score whitelist 50% of blacklist score there could be nice
> that way spammers have higther burdon to jump over
> and you dont need random listning of next subdomain spammer

Reply via email to