>> On Thu, 2016-06-02 at 12:28 +0200, Matus UHLAR - fantomas wrote: >> > > Therefore I agree that there could be better way of noticing admins >> > > of a [URIBL_BLOCKED] issue. >> >> create and install a logwatch service that scans /var/log/maillog >> for lines containing "URIBL_BLOCKED" - this involves a two line config >> file and a scanner (a few lines of Perl). > > The problem I see with this, though, is that you have to know that > URIBL_BLOCKED is something sinister, and needs to be flagged as a problem, > to > bother doing this. > > It's probably less effort to actually set up a recursive local name > server, so > anyone who knows about URIBL_BLOCKED will simply do this instead.
I agree, if you have not seen this problem before, then URIBL_BLOCKED just looks like some disabled URIBL hitting the message. At some point I would google it, but probably not as the first thing, because it looks like a normal rule hit, and with low points (so disarmed). So only if I would see it again and again I might get suspicious.
