On Fri, 2010-08-20 at 20:34 +0200, Jacek Politowski wrote:
> Actually, the IP I've found _should_ be listed in DNSBL - I don't want
> to receive any e-mail directly from this host (some DSL line with
> abusable web server running on it...).
>
> Receiving e-mails via "some_big_MSP_smarthost" is completely another
> thing.
> I'd really like limit SpamAssassin's "RCVD_*" DNSBL checks only to
> hosts that directly deliver e-mails to our servers, but it seems I'm
> missing something in SA documentation (I can hardly believe there is
> no such possibility in SA).
Well, there is no single option to limit all such DNSBL tests to the
handing-over host. Whether the lookup will be limited to the last
external hop, or if all external hosts are tested for is handled on a
case-by-case basis in the eval() rule's definition.
Because it depends. Some lists are suitable for deep-parsing. Some are
not.
Moreover, IMHO you are barking up the wrong tree. In your OP you said, a
message has been *rejected* by your SMTP. Yet, you are focusing entirely
on the RCVD_IN_BL_SPAMCOP_NET and RCVD_IN_SORBS_WEB hits. Which by
itself won't even push the score above the default spam threshold.
Thus, very vital but left out parts to the puzzle are, (a) which rules
triggered in addition to them, and (b) at what threshold does your SMTP
reject a message?
The combined score of these rules is no where even close to a sensible
rejection limit. Whatever else the message tripped on, it accounts for
the lions-share.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
