Hi list,
I am having an issue with creating some check_rbl() SpamAssassin rules.
We run a reputation server that have 8 different zones:
White, W3, W2, W1:B1, B2, B3, Black
There is no way for one IP to be listed in multiple zones, and yet I am
sometimes seeing B2 and B3 or B2, B3, and Black all trigger on the same
mail.
On top of that, if I use Black as a front-line reject in postfix, I am
still seeing triggers.
Here is what the test looks like:
header RCVD_IN_B3 eval:check_rbl('b3-lastexternal',
'b3.rep.domain.com.')
describe RCVD_IN_B3 In B3
tflags RCVD_IN_B3 net
header RCVD_IN_BLACK eval:check_rbl('black-lastexternal',
'black.rep.domain.com.')
describe RCVD_IN_BLACK In Black list
tflags RCVD_IN_BLACK net
(I hid the domain because the list is for us only at this time, and
isn't locked down)
As you can see, I am adding -lastexternal, which to my understanding,
should only check the last Received header that doesn't have an Internal
IP address, before SpamAssassin.
Looking at RCVD_IN_BRBL_LASTEXT, it looks the same:
header RCVD_IN_BRBL_LASTEXT
eval:check_rbl('brbl-lastexternal','bb.barracudacentral.org')
tflags RCVD_IN_BRBL_LASTEXT net
However, like I said previously, the B3 and Black could both trigger on
the same mail, and Black is also triggering on mails, despite being
rejected at the Postfix level.
Am I misunderstanding lastexternal? Is there a specific setting that
needs to be turned on for lastexternal to be used properly? Am I doing
something else wrong with how I write these?
Any help would be appreciated.
Thanks,
Markus
