David Saez Padros wrote:
> hi
>
> we do this that way:
>
> warn set acl_m2 =
>
> warn condition = ${if def:h_x-originating-ip:}
> set acl_m2 = ${sg {$h_x-originating-ip:}{(\\[|\\])}{}}
>
> warn condition = ${if eq {$acl_m2}{}}
> condition = ${if def:h_x-mdremoteip:}
> set acl_m2 = ${sg {$h_x-mdremoteip:}{(\\[|\\])}{}}
>
> deny condition = ${if isip{$acl_m2}}
> dnslists = bl.spamcop.net/$acl_m2 : \
> sbl-xbl.spamhaus.org/$acl_m2 : \
> virbl.dnsbl.bit.nl/$acl_m2 : \
> list.dsbl.org/$acl_m2
> message = Originating IP listed at $dnslist_domain
> log_message = Blacklisted originating IP \
> ($acl_m2 listed at $dnslist_domain)
>
Isn't this leading to many false positives?