ajout de rbl
This commit is contained in:
parent
d1e6fb8bca
commit
e031448ba4
|
|
@ -54,54 +54,90 @@ localhost:10026 inet n - y - 10 smtpd
|
|||
|
||||
## RBLs
|
||||
|
||||
SA dispose de certaines RLBs intégrés, elles sont dans @/usr/share/spamassassin/20_dnsbl_tests.cf@.
|
||||
SA dispose de certaines RLBs intégrés, elles sont dans `/usr/share/spamassassin/20_dnsbl_tests.cf`.
|
||||
Ces RBLs sont utilisés en rapport avec l'adresse IP de l'expéditeur.
|
||||
|
||||
~~~
|
||||
# grep header /usr/share/spamassassin/20_dnsbl_tests.cf
|
||||
header __RCVD_IN_NJABL eval:check_rbl('njabl', 'combined.njabl.org.')
|
||||
header RCVD_IN_NJABL_RELAY eval:check_rbl_sub('njabl', '127.0.0.2')
|
||||
header RCVD_IN_NJABL_SPAM eval:check_rbl_sub('njabl', '127.0.0.4')
|
||||
header RCVD_IN_NJABL_MULTI eval:check_rbl_sub('njabl', '127.0.0.5')
|
||||
header RCVD_IN_NJABL_CGI eval:check_rbl_sub('njabl', '127.0.0.8')
|
||||
header RCVD_IN_NJABL_PROXY eval:check_rbl_sub('njabl', '127.0.0.9')
|
||||
header __RCVD_IN_SORBS eval:check_rbl('sorbs', 'dnsbl.sorbs.net.')
|
||||
header RCVD_IN_SORBS_HTTP eval:check_rbl_sub('sorbs', '127.0.0.2')
|
||||
header RCVD_IN_SORBS_SOCKS eval:check_rbl_sub('sorbs', '127.0.0.3')
|
||||
header RCVD_IN_SORBS_MISC eval:check_rbl_sub('sorbs', '127.0.0.4')
|
||||
header RCVD_IN_SORBS_SMTP eval:check_rbl_sub('sorbs', '127.0.0.5')
|
||||
#header RCVD_IN_SORBS_SPAM eval:check_rbl_sub('sorbs', '127.0.0.6')
|
||||
header RCVD_IN_SORBS_WEB eval:check_rbl_sub('sorbs', '127.0.0.7')
|
||||
header RCVD_IN_SORBS_BLOCK eval:check_rbl_sub('sorbs', '127.0.0.8')
|
||||
header RCVD_IN_SORBS_ZOMBIE eval:check_rbl_sub('sorbs', '127.0.0.9')
|
||||
header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-lastexternal', 'dnsbl.sorbs.net.', '127.0.0.10')
|
||||
header __RCVD_IN_ZEN eval:check_rbl('zen', 'zen.spamhaus.org.')
|
||||
header RCVD_IN_SBL eval:check_rbl_sub('zen', '127.0.0.2')
|
||||
header RCVD_IN_XBL eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '127.0.0.[45678]')
|
||||
header RCVD_IN_PBL eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '127.0.0.1[01]')
|
||||
header __RFC_IGNORANT_ENVFROM eval:check_rbl_envfrom('rfci_envfrom', 'fulldom.rfc-ignorant.org.')
|
||||
header DNS_FROM_RFC_DSN eval:check_rbl_sub('rfci_envfrom', '127.0.0.2')
|
||||
header DNS_FROM_RFC_BOGUSMX eval:check_rbl_sub('rfci_envfrom', '127.0.0.8')
|
||||
header __DNS_FROM_RFC_POST eval:check_rbl_sub('rfci_envfrom', '127.0.0.3')
|
||||
header __DNS_FROM_RFC_ABUSE eval:check_rbl_sub('rfci_envfrom', '127.0.0.4')
|
||||
header __DNS_FROM_RFC_WHOIS eval:check_rbl_sub('rfci_envfrom', '127.0.0.5')
|
||||
header DNS_FROM_AHBL_RHSBL eval:check_rbl_envfrom('ahbl', 'rhsbl.ahbl.org.')
|
||||
header RCVD_IN_BL_SPAMCOP_NET eval:check_rbl_txt('spamcop', 'bl.spamcop.net.', '(?i:spamcop)')
|
||||
header RCVD_IN_MAPS_RBL eval:check_rbl('rblplus', 'activationcode.r.mail-abuse.com.', '1')
|
||||
header RCVD_IN_MAPS_DUL eval:check_rbl('rblplus-lastexternal', 'activationcode.r.mail-abuse.com.', '2')
|
||||
header RCVD_IN_MAPS_RSS eval:check_rbl_sub('rblplus', '4')
|
||||
header RCVD_IN_MAPS_OPS eval:check_rbl_sub('rblplus', '8')
|
||||
header RCVD_IN_MAPS_NML eval:check_rbl('nml', 'nonconfirm.mail-abuse.com.')
|
||||
header __RCVD_IN_IADB eval:check_rbl('iadb-firsttrusted', 'iadb.isipp.com.')
|
||||
header RCVD_IN_IADB_VOUCHED eval:check_rbl_sub('iadb-firsttrusted', '^127.0.1.255$')
|
||||
[…]
|
||||
~~~
|
||||
|
||||
On pourra s'assurer d'augmenter le score d'une note tueuse si une adresse IP est dans l'une de ces RBL. Par exemple en mettant @local.cf@ :
|
||||
D'autres RBLs sont utilisés en rapport avec les liens dans le corps du message.
|
||||
|
||||
~~~
|
||||
score RCVD_IN_XBL 4
|
||||
~~~www1:/etc/spamassassin# grep check_rbl /usr/share/spamassassin/72_active.cf
|
||||
header RCVD_IN_BRBL_LASTEXT eval:check_rbl('brbl-lastexternal','bb.barracudacentral.org')
|
||||
[…]
|
||||
~~~
|
||||
|
||||
On pourra s'assurer d'augmenter le score d'une note tueuse si une adresse IP est dans l'une de ces RBL. Par exemple en mettant `local.cf` :
|
||||
|
||||
~~~
|
||||
score RCVD_IN_XBL 3
|
||||
score RCVD_IN_BRBL_LASTEXT 3
|
||||
~~~
|
||||
|
||||
### Ajout d'une RBL
|
||||
|
||||
TODO
|
||||
Dans `local.cf` ou ailleurs :
|
||||
|
||||
~~~
|
||||
header RCVD_IN_DNSBL_INPS_DE eval:check_rbl('inps-de','dnsbl.inps.de.')
|
||||
describe RCVD_IN_DNSBL_INPS_DE Received via a relay in inps.de DNSBL
|
||||
tflags RCVD_IN_DNSBL_INPS_DE net
|
||||
score RCVD_IN_DNSBL_INPS_DE 3.0
|
||||
~~~
|
||||
|
||||
Cet exemple ajoute un check RBL de dnsbl.inps.de.
|
||||
|
||||
Quelques RBLs en plus.
|
||||
|
||||
~~~
|
||||
header RCVD_IN_DNSBL_INPS_DE eval:check_rbl('inps-de','dnsbl.inps.de.')
|
||||
describe RCVD_IN_DNSBL_INPS_DE Received via a relay in inps.de DNSBL
|
||||
tflags RCVD_IN_DNSBL_INPS_DE net
|
||||
score RCVD_IN_DNSBL_INPS_DE 1
|
||||
|
||||
header RCVD_IN_DNSBL_ASCAMS eval:check_rbl('ascams','superblock.ascams.com.')
|
||||
describe RCVD_IN_DNSBL_ASCAMS Received via a relay in superblock.ascams.com. DNSBL
|
||||
tflags RCVD_IN_DNSBL_ASCAMS net
|
||||
score RCVD_IN_DNSBL_ASCAMS 1
|
||||
|
||||
header RCVD_IN_DNSBL_CBL_ABUSEAT eval:check_rbl('cbl-abuseat','cbl.abuseat.org.')
|
||||
describe RCVD_IN_DNSBL_CBL_ABUSEAT Received via a relay in cbl.abuseat.org. DNSBL
|
||||
tflags RCVD_IN_DNSBL_CBL_ABUSEAT net
|
||||
score RCVD_IN_DNSBL_CBL_ABUSEAT 1
|
||||
|
||||
header RCVD_IN_DNSBL_JUSTSPAM eval:check_rbl('justspam','dnsbl.justspam.org.')
|
||||
describe RCVD_IN_DNSBL_JUSTSPAM Received via a relay in dnsbl.justspam.org. DNSBL
|
||||
tflags RCVD_IN_DNSBL_JUSTSPAM net
|
||||
score RCVD_IN_DNSBL_JUSTSPAM 1
|
||||
|
||||
header RCVD_IN_DNSBL_MCAFEE eval:check_rbl('mcafee','cidr.bl.mcafee.com.')
|
||||
describe RCVD_IN_DNSBL_MCAFEE Received via a relay in cidr.bl.mcafee.com. DNSBL
|
||||
tflags RCVD_IN_DNSBL_MCAFEE net
|
||||
score RCVD_IN_DNSBL_MCAFEE 1
|
||||
|
||||
header RCVD_IN_DNSBL_S5H eval:check_rbl('s5h','all.s5h.net.')
|
||||
describe RCVD_IN_DNSBL_S5H Received via a relay in all.s5h.net. DNSBL
|
||||
tflags RCVD_IN_DNSBL_S5H net
|
||||
score RCVD_IN_DNSBL_S5H 1
|
||||
|
||||
header RCVD_IN_DNSBL_SPAMCANNIBAL eval:check_rbl('spamcannibal','bl.spamcannibal.org.')
|
||||
describe RCVD_IN_DNSBL_SPAMCANNIBAL Received via a relay in bl.spamcannibal.org. DNSBL
|
||||
tflags RCVD_IN_DNSBL_SPAMCANNIBAL net
|
||||
score RCVD_IN_DNSBL_SPAMCANNIBAL 1
|
||||
|
||||
header RCVD_IN_DNSBL_UCEPROTECT-1 eval:check_rbl('uceprotect-1','dnsbl-1.uceprotect.net.')
|
||||
describe RCVD_IN_DNSBL_UCEPROTECT-1 Received via a relay in dnsbl-1.uceprotect.net. DNSBL
|
||||
tflags RCVD_IN_DNSBL_UCEPROTECT-1 net
|
||||
score RCVD_IN_DNSBL_UCEPROTECT-1 1
|
||||
|
||||
header RCVD_IN_DNSBL_JUNKEMAILFILTER eval:check_rbl('junkemailfilter','hostkarma.junkemailfilter.com.', '127.0.0.2')
|
||||
describe RCVD_IN_DNSBL_JUNKEMAILFILTER Received via a relay in hostkarma.junkemailfilter.com. DNSBL
|
||||
tflags RCVD_IN_DNSBL_JUNKEMAILFILTER net
|
||||
score RCVD_IN_DNSBL_JUNKEMAILFILTER 1
|
||||
~~~
|
||||
Loading…
Reference in a new issue