On Thu, 2008-06-26 at 19:48 -0400, Matt Kettler wrote: > ram wrote: > > Hi > > > > In my local.cf I have > > > > -------------- > > score USER_IN_SPF_WHITELIST -100 > > > > priority USER_IN_SPF_WHITELIST -1000 > > priority RCVD_IN_XBL -800 > > > > > > shortcircuit USER_IN_SPF_WHITELIST on > > shortcircuit RCVD_IN_XBL spam > > ---------- > > > > > > > > So I expect RCVD_IN_XBL to be evaluated after USER_IN_SPF_WHITELIST , > > but this does not happen > > If a mail hits RCVD_IN_XBL it is immediately marked spam even if it were > > to hit USER_IN_SPF_WHITELIST > > I disable short circuit plugin and it works fine > > > > > > How do I enforce SA to wait for results negative short circuited rules > > of higher priority before shorcicuiting mail as spam due to positive > > ones > > > You can't apply priority to DNS based checks this way and be 100% sure > of never getting a match. > > DNS queries are launched before any other rules start running. It then > runs the rules, and collects the results later on. This way, the DNS > queries run in parallel with the message scan. > > A shortcircuit will cause SA to cut-short any waiting for answers on the > DNS tests, but IIRC, any that did complete already will still match. > Technically, SA waits until something like priority 500 before it starts > waiting for all the DNS tests to complete. > > In general, shortcircuit isn't intended to be a rule-bypassing measure, > it's a speed measure. You'd have to use a non DNS test to be sure that > shortcircuit is working.
So would you suggest I remove all shortcircuit on DNS Rules. Is there anyway I can get USER_IN_SPF_WHITELIST evaluated before All other tests Thanks Ram
