syntax for rblx.domain.tld/127.0.0.2

Len Conrad Sat, 20 Sep 2008 08:22:55 -0700

>From  updates_spamassassin_org/20_dnsbl_tests.cf, using this as a model for a 
>multi-valued DNS blacklist query:


header   __RCVD_IN_SORBS       eval:check_rbl('sorbs', 'dnsbl.sorbs.net.')
describe __RCVD_IN_SORBS       SORBS: sender is listed in SORBS
tflags   __RCVD_IN_SORBS       net

header   RCVD_IN_SORBS_HTTP    eval:check_rbl_sub('sorbs', '127.0.0.2')
describe RCVD_IN_SORBS_HTTP    SORBS: sender is open HTTP proxy server
tflags   RCVD_IN_SORBS_HTTP    net

"sysadmin see, sysadmin do", we tried this:

header   __RCVD_IN_RBLX        eval:check_rbl('domain', 'rblx.domain.tld.')
describe __RCVD_IN_RBLX        DOMAIN: sender IP is listed in DOMAIN
tflags   __RCVD_IN_RBLX        net

header   RCVD_IN_RBLX_BADREP   eval:check_rbl_sub('domain', '127.0.0.2')
describe RCVD_IN_RBLX_BADREP   DOMAIN: sender IP has bad reputation
tflags   RCVD_IN_RBLX_BADREP   net
score                          3.5 3.5 3.5 3.5 

We don't get any  127.0.0.2 hits on 2 SA machines, while we get plenty of hits 
with SA queries to single-valued DNSBLs.

Attempts at other syntaxes have failed.

suggestions?

Len




______________________________________________
IMGate OpenSource Mail Firewall www.IMGate.net

syntax for rblx.domain.tld/127.0.0.2

Reply via email to