Am 10.02.2015 um 16:07 schrieb Axb:
On 02/10/2015 03:55 PM, Reindl Harald wrote:URIBL_SBL_A shouldn't be "reuse"d as it includeds IPs of shared hacked servers with very short listing periods or listings which were not removed by ISPs.i can't parse this the "reuse" just saves a DNS request and it don't matter if you ask "sbl.spamhaus.org" or "zen.spamhaus.org" and look if the response is 127.0.0.2 which is the whole purpose of zen.spamhaus.org even if you would not use the "reuse" flag the local resolver would have a cachehit from one of the two requests to the next spamhaus has anyways a very low TTL, one reason more to reduce the amount of queries given there is a usage limit without payment http://www.spamhaus.org/zen/URIBL_SBL_A has a huge FP potentialwell, that don't change by the way how you do the requesthave you tested URIBL_SBL_A using zen. instead of sbl. ?
how and why should SBL be different than XBL, PBL..... given "The SBL is included as part of the Spamhaus ZEN combined blocklist" and "XBL is also part of a combined DNSBL comprising SBL, XBL and PBL, see: ZEN"
can you and Benny confirm it works? Please open a bug so we have a documented change. (including the rule you used)
http://www.spamhaus.org/sbl/ SBL UsageFor information on how to use the SBL to protect your mail server or network, see the SBL FAQs. The SBL is used both as a sender IP blocklist and as a URI blocklist (SBL is very effective as a URI blocklist). The SBL is included as part of the Spamhaus ZEN combined blocklist.
_______________________________________________________i also can't confirm the huge FP potential given 208 hits out of 19614 scanned messages in the current month
cat maillog | grep spamd | grep result | wc -l 19614 cat maillog | grep URIBL_SBL | wc -l 208
signature.asc
Description: OpenPGP digital signature
