# This is an example configuration fragment for the IP blacklist

ifplugin Mail::SpamAssassin::Plugin::DNSEval

# Note the effectiveness here relies on an accurate trust path in trust.cf
# Scores have not been automatically balanced but *have* been in active production use for several years.

# Core DNS lookup triggered by this rule
header __RCVD_IN_LOCAL_DNSBL	eval:check_rbl('local-dnsbl-lastexternal','dnsbl.dnsbl.')

# IP
header	LOCAL_RBL_IP	eval:check_rbl_sub('local-dnsbl-lastexternal','2')
describe LOCAL_RBL_IP	IP listed on internal RBL
score	LOCAL_RBL_IP	2.0

# Automatic-threshold block listings
header	LOCAL_RBL_2DELEG	eval:check_rbl_sub('local-dnsbl-lastexternal','4')
describe LOCAL_RBL_2DELEG	Preemtive secondary delegation netblock listing on internal RBL
score	LOCAL_RBL_2DELEG	1.6
header	LOCAL_RBL_1DELEG	eval:check_rbl_sub('local-dnsbl-lastexternal','8')
describe LOCAL_RBL_1DELEG	Preemptive delegated netblock listing on internal RBL
score	LOCAL_RBL_1DELEG	1.0
header	LOCAL_RBL_REGISTRAR	eval:check_rbl_sub('local-dnsbl-lastexternal','16')
describe LOCAL_RBL_REGISTRAR	Preemptive registrar allocation netblock listing on internal RBL
score	LOCAL_RBL_REGISTRAR	0.8

# Manually-tagged block "owners".  mask 64 is skipped here for historical compatibility for tagged blocks below
header	LOCAL_RBL_ORG	eval:check_rbl_sub('local-dnsbl-lastexternal','32')
describe LOCAL_RBL_ORG	Preemptive registrar netblock owner listing on internal RBL
score	LOCAL_RBL_ORG	1.0
header	LOCAL_RBL_ORG1	eval:check_rbl_sub('local-dnsbl-lastexternal','256')
describe LOCAL_RBL_ORG1	Preemptive delegated netblock owner listing on internal RBL
score	LOCAL_RBL_ORG1	1.2
header	LOCAL_RBL_ORG2	eval:check_rbl_sub('local-dnsbl-lastexternal','512')
describe LOCAL_RBL_ORG2	Preemptive secondary delegated netblock owner listing on internal RBL
score	LOCAL_RBL_ORG2	1.4

# Manually-tagged blocks
header	LOCAL_RBL_BLOCK		eval:check_rbl_sub('local-dnsbl-lastexternal','64')
describe LOCAL_RBL_BLOCK	Preemptive netblock listing based on out-of-band data
score	LOCAL_RBL_BLOCK		1.3
header	LOCAL_RBL_BLOCK1	eval:check_rbl_sub('local-dnsbl-lastexternal','1024')
describe LOCAL_RBL_BLOCK1	Preemptive delegated netblock out-of-band listing on internal RBL
score	LOCAL_RBL_BLOCK1	1.5
header	LOCAL_RBL_BLOCK2	eval:check_rbl_sub('local-dnsbl-lastexternal','2048')
describe LOCAL_RBL_BLOCK2	Preemptive secondary delegated netblock out-of-band listing on internal RBL
score	LOCAL_RBL_BLOCK2	1.7

# meta rule to catch multiple whole-block hits
meta	__LOCAL_RBL_MUTILBLOCK	(LOCAL_RBL_REGISTRAR + LOCAL_RBL_BLOCK1 + LOCAL_RBL_BLOCK2 + LOCAL_RBL_1DELEG + LOCAL_RBL_2DELEG + LOCAL_RBL_ORG + LOCAL_RBL_ORG1 + LOCAL_RBL_ORG2) > 1

# The "I'm a spammer, tag meeee!" score.  Specifically assigned to particular IPs that
# need to be called spam, NOT to be combined with any other sublistings.
header	LOCAL_RBL_LASTRESORT	eval:check_rbl_sub('local-dnsbl-lastexternal','128')
describe LOCAL_RBL_LASTRESORT	Obnoxious spam source IP that won't go away by other means
score	LOCAL_RBL_LASTRESORT	4.5	# Could be scored higher if you need a bigger stick

endif	# Mail::SpamAssassin::Plugin::DNSEval