I have some questions about defining my own rules.  I'm creating rules for
DNSBLs that aren't listed in 20_dnsbl_tests.cf.  For the record I'm
compiling and installing 2.60 from CVS nightly and I'm calling SA from
MIMEDefang.

First off, can someone give me a quick explanation of the various rbleval
options?  I can't seem to find any docs on them.  check_rbl and
check_rbl_sub seem to be fairly self-explanitory, unless there are things
to watch out for when using them.  Actually, since I'm mentioning them,
how does declaring one rule to be a sub affect the results?

check_rbl_txt to me implies that it check for a given string in the TXT
records return with a lookup.  I'm not certain about this though because
if that's how it works then the RCVD_IN_DSBL check isn't going to work.  
The TXT records in list.dsbl.org contain a URL for someone to lookup more
information about that listing on their site.  It doesn't contain
"list.dsbl.org."  I'm adding a rule for the multihop.dsbl.org zone and
noticed this discrepency.

I noticed that RCVD_IN_NJABL_DIALUP had 3 arguements in parenthesis.  
What's the extra one for?  Is there docs on that as well?  The first 
appears to be a generic name for the zone.  The last looks to be the 
response code or sometimes the DNS zone.  RCVD_IN_NJABL_DIALUP seems to 
have both the response code and the DNS zone.

I'm having trouble trying to figure out how best to fix the RCVD_IN_OSIRU
checks.  I call each and every subdomain of relays.osirusoft.com in
Sendmail to gather stats for each of the various lists the ORSS
incorporates.  That's 8 calls total at present.  I'm trying to figure out
how to do the same from SA.  Since I can't rely on the response code to
tell me which zone the listing is actually in, can I use check_rbl_txt to
check for the existence of "spamsources," "spews," or "dialups" in the TXT
record?  I see that all 3 use 127.0.0.4 at some point.

When I define a score do I need to provide all 4 scores like other tests 
have?  (local, net, with bayes, with bayes+net)  I'm not trying to 
determine the best score for these lists.  I'm just planning on giving .5 
or 1 to the various lists I'm adding.  Ie, I'm not planning on this rule 
being the only determining factor in deciding if something is spam or not.  
I just want to add a little to the score.

It appears that SA checks all the Received lines in a message against the
various DNSBLs.  I'm planning on continuing to block mail from open
relays/proxies/SOCKS/formmail.cgi boxes from within Sendmail itself.  
Would it be worth the extra queries to recall those DNSBLs from SA as well
to check *all* the Received lines for spam bounced through multiple
relays/proxies?

Do the dialup checks only check the most recent Received line?  It makes
since but I can't find any place that specifically states that or a config
option that implies that.  You wouldn't want to check all the Received
lines against the dialup lists, obviously, so assuming this makes sense to
me.  If I enable the DUL check (we pay for it) and add other various
dialup checks, would this be a problem?

Many thanks
 Justin



-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to