Alex wrote:
> I've had to lower the score on my header XBL check because it was
> triggering on so many dynamic IPs that were clearly reassigned to new
> users, then being blacklisted. I'd appreciate it if anyone could
> provide additional input on how they might use something like this.
>
> header RCVD_IN_XBL_ALL eval:check_rbl_sub('zen', '127.0.0.[45678]')
> describe RCVD_IN_XBL_ALL Received via a relay in Spamhaus SBL-XBL
> tflags RCVD_IN_XBL_ALL net
> score RCVD_IN_XBL_ALL 0.01
If this is really hitting on lots of legitimate mail, you probably have
a trust path issue. This should only check the IP that handed the
message to your mail server. It should NOT be checking the IP that the
message originated from unless you really want to refuse mail from any
IP that has recently had an infected PC on or behind it.
You shouldn't need to (re)define this in any case, and I'm not certain
without rereading the man page if or how this will behave somewhat
differently to the stock RCVD_IN_XBL rule - that could be the problem
all on its own.
-kgd
