1 | # This is an example configuration fragment for the IP blacklist
|
---|
2 |
|
---|
3 | ifplugin Mail::SpamAssassin::Plugin::DNSEval
|
---|
4 |
|
---|
5 | # Note the effectiveness here relies on an accurate trust path in trust.cf
|
---|
6 | # Scores have not been automatically balanced but *have* been in active production use for several years.
|
---|
7 |
|
---|
8 | # Core DNS lookup triggered by this rule
|
---|
9 | header __RCVD_IN_LOCAL_DNSBL eval:check_rbl('local-dnsbl-lastexternal','dnsbl.dnsbl.')
|
---|
10 |
|
---|
11 | # IP
|
---|
12 | header LOCAL_RBL_IP eval:check_rbl_sub('local-dnsbl-lastexternal','2')
|
---|
13 | describe LOCAL_RBL_IP IP listed on internal RBL
|
---|
14 | score LOCAL_RBL_IP 2.0
|
---|
15 |
|
---|
16 | # Automatic-threshold block listings
|
---|
17 | header LOCAL_RBL_2DELEG eval:check_rbl_sub('local-dnsbl-lastexternal','4')
|
---|
18 | describe LOCAL_RBL_2DELEG Preemtive secondary delegation netblock listing on internal RBL
|
---|
19 | score LOCAL_RBL_2DELEG 1.6
|
---|
20 | header LOCAL_RBL_1DELEG eval:check_rbl_sub('local-dnsbl-lastexternal','8')
|
---|
21 | describe LOCAL_RBL_1DELEG Preemptive delegated netblock listing on internal RBL
|
---|
22 | score LOCAL_RBL_1DELEG 1.0
|
---|
23 | header LOCAL_RBL_REGISTRAR eval:check_rbl_sub('local-dnsbl-lastexternal','16')
|
---|
24 | describe LOCAL_RBL_REGISTRAR Preemptive registrar allocation netblock listing on internal RBL
|
---|
25 | score LOCAL_RBL_REGISTRAR 0.8
|
---|
26 |
|
---|
27 | # Manually-tagged block "owners". mask 64 is skipped here for historical compatibility for tagged blocks below
|
---|
28 | header LOCAL_RBL_ORG eval:check_rbl_sub('local-dnsbl-lastexternal','32')
|
---|
29 | describe LOCAL_RBL_ORG Preemptive registrar netblock owner listing on internal RBL
|
---|
30 | score LOCAL_RBL_ORG 1.0
|
---|
31 | header LOCAL_RBL_ORG1 eval:check_rbl_sub('local-dnsbl-lastexternal','256')
|
---|
32 | describe LOCAL_RBL_ORG1 Preemptive delegated netblock owner listing on internal RBL
|
---|
33 | score LOCAL_RBL_ORG1 1.2
|
---|
34 | header LOCAL_RBL_ORG2 eval:check_rbl_sub('local-dnsbl-lastexternal','512')
|
---|
35 | describe LOCAL_RBL_ORG2 Preemptive secondary delegated netblock owner listing on internal RBL
|
---|
36 | score LOCAL_RBL_ORG2 1.4
|
---|
37 |
|
---|
38 | # Manually-tagged blocks
|
---|
39 | header LOCAL_RBL_BLOCK eval:check_rbl_sub('local-dnsbl-lastexternal','64')
|
---|
40 | describe LOCAL_RBL_BLOCK Preemptive netblock listing based on out-of-band data
|
---|
41 | score LOCAL_RBL_BLOCK 1.3
|
---|
42 | header LOCAL_RBL_BLOCK1 eval:check_rbl_sub('local-dnsbl-lastexternal','1024')
|
---|
43 | describe LOCAL_RBL_BLOCK1 Preemptive delegated netblock out-of-band listing on internal RBL
|
---|
44 | score LOCAL_RBL_BLOCK1 1.5
|
---|
45 | header LOCAL_RBL_BLOCK2 eval:check_rbl_sub('local-dnsbl-lastexternal','2048')
|
---|
46 | describe LOCAL_RBL_BLOCK2 Preemptive secondary delegated netblock out-of-band listing on internal RBL
|
---|
47 | score LOCAL_RBL_BLOCK2 1.7
|
---|
48 |
|
---|
49 | # meta rule to catch multiple whole-block hits
|
---|
50 | meta __LOCAL_RBL_MUTILBLOCK (LOCAL_RBL_REGISTRAR + LOCAL_RBL_BLOCK1 + LOCAL_RBL_BLOCK2 + LOCAL_RBL_1DELEG + LOCAL_RBL_2DELEG + LOCAL_RBL_ORG + LOCAL_RBL_ORG1 + LOCAL_RBL_ORG2) > 1
|
---|
51 |
|
---|
52 | # The "I'm a spammer, tag meeee!" score. Specifically assigned to particular IPs that
|
---|
53 | # need to be called spam, NOT to be combined with any other sublistings.
|
---|
54 | header LOCAL_RBL_LASTRESORT eval:check_rbl_sub('local-dnsbl-lastexternal','128')
|
---|
55 | describe LOCAL_RBL_LASTRESORT Obnoxious spam source IP that won't go away by other means
|
---|
56 | score LOCAL_RBL_LASTRESORT 4.5 # Could be scored higher if you need a bigger stick
|
---|
57 |
|
---|
58 | endif # Mail::SpamAssassin::Plugin::DNSEval
|
---|