[falter]

I couldn't reproduce my users' problem. It might be useful to include the URL that the user was getting blocked on, that way if there is a user who is having a problem, we can better help them.

Also, in the default list of "Known Proxies" is "10.237.44.144", which is an RFC1918 Non-routable ip address (as are 192.168.x.x addresses). It'll never trip, but it's also probably not a good idea to include ip addresses that often exist in corporate private networks.

One more thing (sorry sorry, i know that you do this in your free time, but I want to help you make it the best it can be), The "RBL Match Mask" only allows to match against the first octet (I haven't tested this, but it's what it says). It would be useful if we could provide a list of things to match against. Different DNSBL's return different 127.0.0.x addresses, which indicate the type of host that is matching. From http://www.spamhaus.org/sbl/howtouse.html,

Quote:

127.0.0.2 - Direct UBE sources, verified spam services and ROKSO spammers

127.0.0.4-6 - Illegal 3rd party exploits, including proxies, worms and trojan exploits

and for NJABL (dynablock.njabl.org):
http://www.njabl.org/use.html

Quote:

# 127.0.0.2 - open relays
# 127.0.0.3 - dial-up/dynamic IP ranges *
# 127.0.0.4 - Spam Sources
This will include both commercial spammers as well as some dial-up direct-to-mx spammers and open proxies as it's not always possible to differentiate between these sources. For commercial spammers, once we have spam on file from some of their IPs, we may add their entire IP range if it can be reliably determined.
# 127.0.0.5 - Multi-stage open relays
Before adding multi-stage open relays to our list, we make an attempt to notify the NIC contacts for their IP space and give them at least one week to fix their systems. This type is deprecated. We no longer list multi-stage open relays.
# 127.0.0.6 - Passively detected "bad hosts"
These hosts have done things a proper SMTP server should not do. They're very likely to be spam proxies. We can't say much more about this. No supporting evidence is made available for listing these IPs.
# 127.0.0.8 - Systems with insecure formmail.cgi or similar CGI scripts which turn them into open relays
This includes the output IP when a server with an insecure formmail CGI smarthosts outgoing email through another server or servers.
# 127.0.0.9 - Open proxy servers

I'm only interested in blocking Open proxies/relays, and not spam hosts (127.0.0.4) nor dial-up/dynamic IP ranges (127.0.0.3).

I think it's dangerous just to blindly use a DNSBL without making sure that you want to block everything it has to offer. In the context of a bulletin board system, you might not want to block the same hosts that you'd block in the context of an anti-spam system.