checking against RBLs - SpamAssassin

This is a discussion on checking against RBLs - SpamAssassin ; Hello, Is it possible to configure SA to check only last Received address against RBL tests ??? I would like to avoid checking ALL Received addresses, because they can possible have DSL/cable addresses that can be blacklisted somewhere. I would ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: checking against RBLs

  1. checking against RBLs


    Hello,

    Is it possible to configure SA to check only last Received address
    against RBL tests ??? I would like to avoid checking ALL Received
    addresses, because they can possible have DSL/cable addresses that can
    be blacklisted somewhere.

    I would like, if possible, to check only last Received one, which
    would be the last ip address who contacted my server ...

    can that be done ?

    Thanks !

    --


    Atenciosamente / Sincerily,
    Leonardo Rodrigues
    Solutti Tecnologia
    http://www.solutti.com.br

    Minha armadilha de SPAM, NÃO mandem email
    gertrudes@solutti.com.br
    My SPAMTRAP, do not email it


  2. Re: checking against RBLs

    Leonardo Rodrigues Magalhães wrote:
    >
    > Hello,
    >
    > Is it possible to configure SA to check only last Received address
    > against RBL tests ??? I would like to avoid checking ALL Received
    > addresses, because they can possible have DSL/cable addresses that can
    > be blacklisted somewhere.
    >
    > I would like, if possible, to check only last Received one, which
    > would be the last ip address who contacted my server ...
    >
    > can that be done ?
    >
    > Thanks !
    >


    Most of the RBLs are correctly configured to only check the appropriate
    received addresses. For some of the lists, that's last external, for
    other lists it is valid to check every single one. If those DSL's are
    sending out spam, they should be marked as such. However, they should
    not be penalized for being DSLs. The default configuration handles these
    cases just fine.

    However, if you look at the configuration for the lists, you'll see some
    with lastexternal or something similar. That's how you tell SA to check
    the one that contacted your system.

    Richard


  3. Re: checking against RBLs



    Richard Frovarp escreveu:
    > Leonardo Rodrigues Magalhães wrote:
    >>
    >> Hello,
    >>
    >> Is it possible to configure SA to check only last Received address
    >> against RBL tests ??? I would like to avoid checking ALL Received
    >> addresses, because they can possible have DSL/cable addresses that
    >> can be blacklisted somewhere.
    >>
    >> I would like, if possible, to check only last Received one, which
    >> would be the last ip address who contacted my server ...
    >>
    >> can that be done ?
    >>
    >> Thanks !
    >>

    >
    > Most of the RBLs are correctly configured to only check the
    > appropriate received addresses. For some of the lists, that's last
    > external, for other lists it is valid to check every single one. If
    > those DSL's are sending out spam, they should be marked as such.
    > However, they should not be penalized for being DSLs. The default
    > configuration handles these cases just fine.
    >
    > However, if you look at the configuration for the lists, you'll see
    > some with lastexternal or something similar. That's how you tell SA to
    > check the one that contacted your system.
    >


    i was checking spamassassin definition files, which are updated
    daily in my site, and could find some interesting entries with
    'lastexternal'.

    20_dnsbl_tests.cf:header RCVD_IN_XBL
    eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '127.0.0.[45678]')
    20_dnsbl_tests.cf:header RCVD_IN_PBL
    eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '127.0.0.1[01]')
    20_dnsbl_tests.cf:header RCVD_IN_DSBL
    eval:check_rbl_txt('dsbl-lastexternal', 'list.dsbl.org.', '(?i:dsbl)')
    20_dnsbl_tests.cf:header RCVD_IN_MAPS_DUL
    eval:check_rbl('dialup-lastexternal', 'dialups.mail-abuse.org.')


    but ..... the RBL that is giving me headaches, which is spamcop,
    seems to NOT have the lastexternal entry:


    20_dnsbl_tests.cf:header RCVD_IN_BL_SPAMCOP_NET
    eval:check_rbl_txt('spamcop', 'bl.spamcop.net.', '(?i:spamcop)')

    question 1 is ..... can i redefine this rule in my local.cf for
    example ???

    question 2 is ..... shouldnt this rule have the 'lastexternal' as
    several other RBL rules seems to have ???


    as i told, i'm running sa-update daily and i seem to have latest
    published definitions:

    [25320] dbg: channel: metadata version = 668092
    [25320] dbg: dns: 4.2.3.updates.spamassassin.org => 668092, parsed as 668092
    [25320] dbg: channel: current version is 668092, new version is 668092,
    skipping channel
    [25320] dbg: diag: updates complete, exiting with code 1


    --


    Atenciosamente / Sincerily,
    Leonardo Rodrigues
    Solutti Tecnologia
    http://www.solutti.com.br

    Minha armadilha de SPAM, NÃO mandem email
    gertrudes@solutti.com.br
    My SPAMTRAP, do not email it


  4. Re: checking against RBLs

    Leonardo Rodrigues Magalhães wrote:
    > i was checking spamassassin definition files, which are updated
    > daily in my site, and could find some interesting entries with
    > 'lastexternal'.
    >
    > 20_dnsbl_tests.cf:header RCVD_IN_XBL
    > eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.',
    > '127.0.0.[45678]')
    > 20_dnsbl_tests.cf:header RCVD_IN_PBL
    > eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '127.0.0.1[01]')
    > 20_dnsbl_tests.cf:header RCVD_IN_DSBL
    > eval:check_rbl_txt('dsbl-lastexternal', 'list.dsbl.org.', '(?i:dsbl)')
    > 20_dnsbl_tests.cf:header RCVD_IN_MAPS_DUL
    > eval:check_rbl('dialup-lastexternal', 'dialups.mail-abuse.org.')
    >

    These make sense. Those last three are lists based on IP type (I don't
    remember XBL's definition exactly). A user shouldn't be penalized for
    having a dynamic when they are sending through a proper relay.

    >
    > but ..... the RBL that is giving me headaches, which is spamcop,
    > seems to NOT have the lastexternal entry:
    >
    >
    > 20_dnsbl_tests.cf:header RCVD_IN_BL_SPAMCOP_NET
    > eval:check_rbl_txt('spamcop', 'bl.spamcop.net.', '(?i:spamcop)')
    >
    > question 1 is ..... can i redefine this rule in my local.cf for
    > example ???
    >

    Yes you can.

    > question 2 is ..... shouldnt this rule have the 'lastexternal' as
    > several other RBL rules seems to have ???


    No, spamcop is for spam sources, not sources based on the type of their
    connection. If one of the hosts in the list is a spam originator,
    chances are that piece of mail is probably spam as well. Spam sources do
    send through relays, so this information is quite valuable.

    Richard


+ Reply to Thread