spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Hardin <jhar...@impsec.org>
Subject Re: check_rbl digging too deep
Date Tue, 25 Jun 2019 21:55:08 GMT
On Tue, 25 Jun 2019, Matus UHLAR - fantomas wrote:

>> On Mon, 24 Jun 2019, John Schmerold wrote:
>> 
>>> We had an inbound message get rejected because it was sent from a cell 
>>> phone, shouldn't SA be checking the most recent hop? Is there a way to 
>>> make this the default?
>>> 
>>> I have this in local.cf:
>>> header    RCVD_IN_rbl2spamhausz   eval:check_rbl('spamhausz', 
>>> 'zen.spamhaus.org.')
>>> score     RCVD_IN_rbl2spamhausz   3.5
>
> On 25.06.19 07:52, John Hardin wrote:
>> I'll let others address SA issues with this, I just want to point out an 
>> alternative:
>> 
>> Many sites consider Zen reliable enough for it to be used at the SMTP level 
>> as a poison-pill DNSBL.
>> 
>> That would avoid any chance of it being used "too deeply"...
>
> no.  Many people consider Zen reliable enough to reject connections from
> listed IP.  Deep header scanning is something very different.

Yes, I'm aware of that.

Rejecting up front based on the other guy's IP address is *not* deep 
scanning, so there's no risk of looking *too* deeply when you're doing 
that.

What I was trying to suggest is "maybe you want to use Zen as an MTA-level 
DNSBL rather than as part of the SA scan." I apologize if I didn't word it 
clearly.

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   The ["assault weapons"] ban is the moral equivalent of banning red
   cars because they look too fast.  -- Steve Chapman, Chicago Tribune
-----------------------------------------------------------------------
  9 days until the 243rd anniversary of the Declaration of Independence
Mime
  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message