On Fri, Aug 20, 2010 at 08:54:57PM +0200, Karsten Bräckelmann wrote: >On Fri, 2010-08-20 at 20:34 +0200, Jacek Politowski wrote:
>> I'd really like limit SpamAssassin's "RCVD_*" DNSBL checks only to >> hosts that directly deliver e-mails to our servers, but it seems I'm >> missing something in SA documentation (I can hardly believe there is >> no such possibility in SA). >Well, there is no single option to limit all such DNSBL tests to the >handing-over host. Whether the lookup will be limited to the last >external hop, or if all external hosts are tested for is handled on a >case-by-case basis in the eval() rule's definition. >Moreover, IMHO you are barking up the wrong tree. In your OP you said, a >message has been *rejected* by your SMTP. Yet, you are focusing entirely >on the RCVD_IN_BL_SPAMCOP_NET and RCVD_IN_SORBS_WEB hits. Which by >itself won't even push the score above the default spam threshold. Unfortunately, number of spam getting through, while I was using default SpamAssassin configuration, was way too high. So I'm playing a bit with a razor here (hoping I won't hurt myself too much). I've made some statistics, which showed that most of spams getting through scored (almost) only on a few DNSBL rules, so I raised the score for them (but still not high enough to block e-mail mail with single DNSBL hit). This, however, left me with the situation I described in my first post. I was hoping I'll be able to limit "depth" of "Received:" checks in SA. This seemed like an easier option than implementing such logic directly in the MTA, as most of required stuff is already present in SpamAssassin. I don't think I can afford rejecting emails based solely on just one DNSBL - I don't trust any of them that much. So, probably I'll just have to write my own checks for SA, giving them scores useful in my situation. -- Jacek Politowski
