PBL check last external only

[fkoyer]

The PBL list includes end-user IP space. Therefore, it should not be used to check all Received headers. Check last external only.

From https://www.spamhaus.org/faq/section/Spamhaus%20PBL#503:

PBL...should not be used to check all the IP addresses appearing in mail headers.

See PR #49

[ricalfieri]

Hello, as you can see RCVD_IN_PBL has a score of 0.001, so it's there only as an informative rule, redefining and neutralizing the one already defined by the core SA rules

[fkoyer]

Hi @ricalfieri Thanks for the explanation. What "information" does this rule provide? According to SpamHaus' own documentation, the PBL list will generate lots of false positives if it is used to check all IP's in mail headers. That is mitigated by having a near-zero score but then what's the point of having this rule at all?

[ricalfieri]

Basically it's a bad idea to remove rules defined in the SA default ruleset.

Moreover, some people may want to use this rule in another meta rule with deep header inspection.

[fkoyer]

I'm not advocating for removing the rule. However, as it's currently configured the rule doesn't provide reliable information. It fires on spam and non-spam alike because it is inspecting the wrong headers. Therefore it's increases the amount of "noise" in the system.

The default SA ruleset correctly defines the rule as:

header RCVD_IN_PBL              eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.0\.0\.1[01]$')

However, this repo redefines it and removes the lastexternal condition. Isn't that a bad idea?

[ricalfieri]

Not really, I have real use cases of meta rules with the redefined RCVD_IN_PBL rule

The -lastexternal bit is used in RCVD_IN_ZEN_LASTEXTERNAL that includes PBL/CSS/XBL/SBL

You are of course free to create a .cf files the overrides the change :)

[fkoyer]

Ok thanks again for the explanation. I will leave it as is because anything that comes from a PBL-listed IP address will trigger RCVD_IN_ZEN_LASTEXTERNAL which has a score of 8. I would be interested to see your meta rules if you feel like sharing :)