On Fri, 2014-08-29 at 01:59 +0200, Reindl Harald wrote:
> Am 29.08.2014 um 01:51 schrieb Karsten Bräckelmann:
> > On Fri, 2014-08-29 at 01:06 +0200, Reindl Harald wrote:
> > > the question was just "how can i enforce RBL tests inside the own LAN"
> >
> > RBL tests cannot be enforced. Internal and trusted networks settings
> > need to be configured correctly to match the RBL test's scope, in your
> > case last-external.
> >
> > If there are trusted relays found in the Received headers, and the first
> > trusted one's connecting relay is external (not in the internal_networks
> > set), then an RBL test for last-external will be run.
> >
> > This is entirely unrelated to "own LAN" or "network range"
>
> that may all be true for blacklists and default RBL rules
>
> it is no longer true in case of 4 internal WHITELISTS which you
> want to use to LOWER scores to reduce false positives while
> otherwise bayes may hit - such traffic can also come from
> the internal network
There is absolutely no difference between black and whitelists. With the
only, obvious exception of the rule's score.
So, yes, it still is true in the case of (internal) whitelists.
Besides that, you are (still) confusing SA *_networks settings with the
local network topology. They are loosely related, but don't have to
match.
You can easily run RBL tests against IPs from within the local network
and treat them like any other sending SMTP client, by (a) excluding
them from the appropriate *_networks settings, and (b) define the RBL
test accordingly. If you want to query for the last-external, it has to
be the last external relay according to the configuration.
BTW, unless the set of IPs to whitelist is permanently changing, it is
much easier to write a negative score rule based on the X-Spam-Relays-*
pseudo-headers. This also has the benefit of being highly flexible, not
depend on trust borders and allow to maintain internal_networks matching
the LAN topology.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
