We have created the RXL plugin. The RXL plugin implements RBL (Realtime Blackhole Lists) and RWL (Realtime Whitehole List). These techniques work using the same technology. The difference between then is the score asigned to rules searching in RBL and/or RWL. RBL rules should present a positive score and RWL a negative one.
The technology under the Realtime Lists is basically the DNS (Domain Name System). In order to check if 126.96.36.199 is in the list DNSWL.ORG (http://www.dnswl.org) we resolve the domain 188.8.131.52.list.dnswl.org according with the instructions provided by DNSWL.ORG. The queryes to other lists are the same but replacing the suffix. For instance, to check the server in the SpamHaus ZEN list we use the suffix zen.spamhaus.org (184.108.40.206.zen.spamhaus.org). Check this list of RXLs
We are now working in the development of a cache for the queryes. The documentation also should be updated consequently.
You can now call to rxl_check and rxl_check_octect in order to develop your rules. rxl_check(<list_suffix>[, <number_received_heder>]) and rxl_check(<list_suffix>, <octect number>, <octect value>[, <number_received_heder>]). For instance:
header IN_ZEN_SPAMHAUS rxl_check("zen.spamhaus.org", 3) score IN_ZEN_SPAMHAUS 3 header IN_SBL_SPAMHAUS rxl_check("zen.spamhaus.org", 4, 2, 3) describe IN_SBL_SPAMHAUS according SpamHaus doc is in SBL when result is 127.0.0.2 score IN_ZEN_SPAMHAUS 1 header IN_DNSWL rxl_check("list.dnswl.org", 3) score IN_DNSWL -3