On 8/14/2013 10:56 AM, Nigel Smith wrote:
>YOu're rule sort of dangerous as it may list PBL stuff on non
>last-external, etc,
Sort of dangerous ? It works beautifully for us ! Until the recent
issues with Bigfish we've had zero false positives and many many many
good catches !
I'm only following the guidelines
at http://www.spamhaus.org/whitepapers/effective_filtering/ where
they state "The first stage is to install the Spamhaus Zen
<http://www.spamhaus.org/zen/> blocklist on your incoming mail
relay(s). Zen, which is a combination of Spamhaus's SBL, XBL and PBL
blocklists"
Right ... "On your incoming mail relays" ...
This is referring to using it as a blacklist for incoming connections
where it is only checking the IP address of the system making the
connection. If you use it in SA where it can check other IP addresses
in the headers, it can be dangerous.
Entries in the PBL should not be connecting directly to your server,
however there is no problem with them being in the other received headers.
--
Bowie
