> Henrik K wrote: > > On Mon, Sep 22, 2008 at 09:23:45AM -0500, Daniel J McDonald wrote: > >> On Mon, 2008-09-22 at 10:14 -0400, Justin Piszcz wrote: > >>> On Mon, 22 Sep 2008, Daniel J McDonald wrote: > >>> > >>>> On Sun, 2008-09-21 at 18:18 -0500, Len Conrad wrote: > >>>>> We're trying it today. > >>> Hmm I signed up for this 1-2 days ago but never got a confirmation e-mail > >>> from them? What is the RBL name? > >> Here are the rules I'm using: > >> # URL: http://www.barracudacentral.org/rbl/ > >> header __RCVD_IN_BRBL eval:check_rbl('brbl', > >> 'b.barracudacentral.org') > >> describe __RCVD_IN_BRBL received via a relay in > >> b.barracudacentral.org > >> header RCVD_IN_BRBL_RELAY eval:check_rbl_sub('brbl', '127.0.0.2') > >> tflags RCVD_IN_BRBL_RELAY net > >> describe RCVD_IN_BRBL_RELAY received via a relay rated as poor > >> by Barracuda > >> score RCVD_IN_BRBL_RELAY 1.00 > > > > Note that this checks all Received headers, I'm seeing lots of FPs for > > dynamic clients sending through ISP hosts etc. Try 'brbl-lastexternal' for > > connecting clients only. If you keep on comparing hits, do tell which method > > you are using.
Ok, using -lastexternal for about 5 hours $ grep -P '^Sep 22 1[34567]' /var/log/mail/info | grep -P [^M][SPX]BL | grep -c -v BRBL 55 # on Zen not on BRBL $ grep -P '^Sep 22 1[34567]' /var/log/mail/info | grep -v -P [^M][SPX]BL | grep -c BRBL 352 # on BRBL not on Zen $ grep -P '^Sep 22 1[34567]' /var/log/mail/info | grep -P [^M][SPX]BL | grep -c BRBL 122 # on both -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
signature.asc
Description: This is a digitally signed message part
