On Thu, Oct 17, 2002 at 01:16:51PM -0500, [EMAIL PROTECTED] wrote: > Or a spammers adds a Received line that makes it appears as if the message > was relayed through bondedsender.com. Easily done. To the best of my > knowledge, I think DNSBl lookups are only done on the IP communicating > with your MTA. That's what I've always experienced with the DNSBls I use > from Sendmail. SA could very well look back through a couple Received > lines though. Can't say for certain. Seems unlikely to me though.
How many received lines to look at is part of the SA config:
num_check_received { integer } (default: 2)
How many received lines from and including the original mail
relay do we check in RBLs (you'd want at least 1 or 2).
Note that for checking against dialup lists, you can call
check_rbl with a special set name of "set-firsthop" and this
rule will only be matched against the first hop if there is
more than one hop, so that you can set a negative score to
not penalize people who properly relayed through their ISP.
See dialup_codes for more details and an example
and bondedsender looks like a standard rbl rule:
rbleval:check_rbl('relay', 'query.bondedsender.org.')
So I would say 2.
--
Randomly Generated Tagline:
"Marriage is a three ring circus: engagement ring, wedding ring, and
suffering." - Unknown
msg09179/pgp00000.pgp
Description: PGP signature
