Greetings,
I know something similar has been asked, and answered, before, but I
couldn't find an answer to my specific question. Apologies if I missed
it.
Conventional wisdom has it that
a) the SORBS blacklists are generally a Good Thing
b) but the Spam Database component is Not Such A Good Thing
(my experience tends to confirm this)
c) allowance can be made for this by using the following in ACLs
deny dnslists = dnsbl.sorbs.net!=127.0.0.6
So far, so good. However, as long as _one_ of the A records returned is
127.0.0.6, the deny rule will fail, even if some or all of the other
possible A records are also returned.
Question - how can I ignore the 127.0.0.6, and thus have the deny rule
take effect, if it is not the only value returned? For example
18:42:48 4027 check dnslists = dnsbl.sorbs.net!=127.0.0.6
18:42:48 4027 DNS list check: dnsbl.sorbs.net!=127.0.0.6
18:42:48 4027 new DNS lookup for 232.117.13.24.dnsbl.sorbs.net
18:42:48 4027 DNS lookup of 232.117.13.24.dnsbl.sorbs.net (A) succeeded
18:42:48 4027 DNS lookup for 232.117.13.24.dnsbl.sorbs.net succeeded
(yielding 127.0.0.6, 127.0.0.3)
18:42:48 4027 => but we are not accepting this block class because
18:42:48 4027 => there was an exclude match for =127.0.0.6
i.e. 127.0.0.3 is good enough for me, so I don't care that 127.0.0.6 is
also returned.
AFAICS the only way to do this is to explicitly include all the other
possible values, as in
deny dnslists = dnsbl.sorbs.net=127.0.0.2,127.0.0.3,127.0.0.4,.......
Hopefully I am missing something obvious?
Doh! The answer just came to me. Apologies for wasting your bandwidth, but
I might as well send this anyway, just in case it helps someone else ...
deny dnslists = dnsbl.sorbs.net
condition = ${if eq {$dnslist_value} {127.0.0.6} {0} {1}}
HTH,
Richard Hall
