On 02/10/2015 03:38 PM, Kevin A. McGrail wrote:
On 2/9/2015 8:25 AM, Benny Pedersen wrote:uridnssub URIBL_SBL zen.spamhaus.org. A 127.0.0.2 body URIBL_SBL eval:check_uridnsbl('URIBL_SBL') describe URIBL_SBL Contains an URL's NS IP listed in the SBL blocklist tflags URIBL_SBL net reuse URIBL_SBL if (version >= 3.004000) ifplugin Mail::SpamAssassin::Plugin::URIDNSBL uridnsbl URIBL_SBL_A sbl.spamhaus.org. A body URIBL_SBL_A eval:check_uridnsbl('URIBL_SBL_A') describe URIBL_SBL_A Contains URL's A record listed in the SBL blocklist tflags URIBL_SBL_A net a endif endif can the URIBL_SBL_A not use zen.spamhaus.org A 127.0.0.2 to save one more dns request ?Seems feasible. Have you tested adding reuse to the tflags on the URIBL_SBL_A rule?
URIBL_SBL_A shouldn't be "reuse"d as it includeds IPs of shared hacked servers with very short listing periods or listings which were not removed by ISPs.
URIBL_SBL_A has a huge FP potential
