RBL

2017-01-16 16:57:17 +01:00 · 2017-01-16 16:57:17 +01:00 · d1e6fb8bca
parent b6d5975c22
commit d1e6fb8bca
1 changed files with 55 additions and 1 deletions
--- a/HowtoMail/SpamAssassin.md
+++ b/HowtoMail/SpamAssassin.md
@ -50,4 +50,58 @@ localhost:10026    inet    n        -        y        -        10        smtpd
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
-~~~
+~~~
+
+## RBLs
+
+SA dispose de certaines RLBs intégrés, elles sont dans @/usr/share/spamassassin/20_dnsbl_tests.cf@.
+
+~~~
+# grep header /usr/share/spamassassin/20_dnsbl_tests.cf
+header __RCVD_IN_NJABL          eval:check_rbl('njabl', 'combined.njabl.org.')
+header RCVD_IN_NJABL_RELAY      eval:check_rbl_sub('njabl', '127.0.0.2')
+header RCVD_IN_NJABL_SPAM       eval:check_rbl_sub('njabl', '127.0.0.4')
+header RCVD_IN_NJABL_MULTI      eval:check_rbl_sub('njabl', '127.0.0.5')
+header RCVD_IN_NJABL_CGI        eval:check_rbl_sub('njabl', '127.0.0.8')
+header RCVD_IN_NJABL_PROXY      eval:check_rbl_sub('njabl', '127.0.0.9')
+header __RCVD_IN_SORBS          eval:check_rbl('sorbs', 'dnsbl.sorbs.net.')
+header RCVD_IN_SORBS_HTTP       eval:check_rbl_sub('sorbs', '127.0.0.2')
+header RCVD_IN_SORBS_SOCKS      eval:check_rbl_sub('sorbs', '127.0.0.3')
+header RCVD_IN_SORBS_MISC       eval:check_rbl_sub('sorbs', '127.0.0.4')
+header RCVD_IN_SORBS_SMTP       eval:check_rbl_sub('sorbs', '127.0.0.5')
+#header RCVD_IN_SORBS_SPAM      eval:check_rbl_sub('sorbs', '127.0.0.6')
+header RCVD_IN_SORBS_WEB        eval:check_rbl_sub('sorbs', '127.0.0.7')
+header RCVD_IN_SORBS_BLOCK      eval:check_rbl_sub('sorbs', '127.0.0.8')
+header RCVD_IN_SORBS_ZOMBIE     eval:check_rbl_sub('sorbs', '127.0.0.9')
+header RCVD_IN_SORBS_DUL        eval:check_rbl('sorbs-lastexternal', 'dnsbl.sorbs.net.', '127.0.0.10')
+header __RCVD_IN_ZEN            eval:check_rbl('zen', 'zen.spamhaus.org.')
+header RCVD_IN_SBL              eval:check_rbl_sub('zen', '127.0.0.2')
+header RCVD_IN_XBL              eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '127.0.0.[45678]')
+header RCVD_IN_PBL              eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '127.0.0.1[01]')
+header __RFC_IGNORANT_ENVFROM   eval:check_rbl_envfrom('rfci_envfrom', 'fulldom.rfc-ignorant.org.')
+header DNS_FROM_RFC_DSN         eval:check_rbl_sub('rfci_envfrom', '127.0.0.2')
+header DNS_FROM_RFC_BOGUSMX     eval:check_rbl_sub('rfci_envfrom', '127.0.0.8')
+header __DNS_FROM_RFC_POST      eval:check_rbl_sub('rfci_envfrom', '127.0.0.3')
+header __DNS_FROM_RFC_ABUSE     eval:check_rbl_sub('rfci_envfrom', '127.0.0.4')
+header __DNS_FROM_RFC_WHOIS     eval:check_rbl_sub('rfci_envfrom', '127.0.0.5')
+header DNS_FROM_AHBL_RHSBL      eval:check_rbl_envfrom('ahbl', 'rhsbl.ahbl.org.')
+header RCVD_IN_BL_SPAMCOP_NET   eval:check_rbl_txt('spamcop', 'bl.spamcop.net.', '(?i:spamcop)')
+header RCVD_IN_MAPS_RBL         eval:check_rbl('rblplus', 'activationcode.r.mail-abuse.com.', '1')
+header RCVD_IN_MAPS_DUL         eval:check_rbl('rblplus-lastexternal', 'activationcode.r.mail-abuse.com.', '2')
+header RCVD_IN_MAPS_RSS         eval:check_rbl_sub('rblplus', '4')
+header RCVD_IN_MAPS_OPS         eval:check_rbl_sub('rblplus', '8')
+header RCVD_IN_MAPS_NML         eval:check_rbl('nml', 'nonconfirm.mail-abuse.com.')
+header __RCVD_IN_IADB           eval:check_rbl('iadb-firsttrusted', 'iadb.isipp.com.')
+header RCVD_IN_IADB_VOUCHED     eval:check_rbl_sub('iadb-firsttrusted', '^127.0.1.255$')
+~~~
+
+On pourra s'assurer d'augmenter le score d'une note tueuse si une adresse IP est dans l'une de ces RBL. Par exemple en mettant @local.cf@ :
+
+~~~
+score RCVD_IN_XBL 4
+~~~
+
+
+### Ajout d'une RBL
+
+TODO