On Wed, 2009-09-16 at 13:59 -0400, Philippe Ratté wrote:
> I am looking for a way to ask SA to skip DNSBL checks for a specific IP /
> subnet, is it possible to do this ?
Hmm, why would you want to do that? There are pretty much two scenarios
that immediately come to mind.
You don't want to do BL checks against an SMTP that forwards mail to
you. In that case, you should extend your trusted and internal networks,
so the handing-over IP to that forwarder is being checked instead.
You want to get rid of PBL style hits against your own users. In which
case the answer would be to simply not scan mail by your own, AUTH'ed
users.
If it is anything else, we might be much better able to help you, if we
know about the issue -- rather than what you think would be the best
solution. ;)
> I’d like something like skip_rbl_checks 1 from=1.2.3.4
Such a constraint is not possible. However, if you *really* need
something to that effect, you could re-define the existing rules in your
site-config, meta'ed with an additional header rule that excludes these
hosts based on the Received headers or last-external.
Alternatively, without re-defining existing rules, you could write
similar metas on top, that counter such a rule hit.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
