]>
Commit | Line | Data |
---|---|---|
dfdd1e08 | 1 | # SpamAssassin rules file: DNS blocklist and welcomelist tests |
b780ea8d SI |
2 | # |
3 | # Please don't modify this file as your changes will be overwritten with | |
4 | # the next update. Use /etc/mail/spamassassin/local.cf instead. | |
5 | # See 'perldoc Mail::SpamAssassin::Conf' for details. | |
6 | # | |
7 | # <@LICENSE> | |
8 | # Licensed to the Apache Software Foundation (ASF) under one or more | |
9 | # contributor license agreements. See the NOTICE file distributed with | |
10 | # this work for additional information regarding copyright ownership. | |
11 | # The ASF licenses this file to you under the Apache License, Version 2.0 | |
12 | # (the "License"); you may not use this file except in compliance with | |
13 | # the License. You may obtain a copy of the License at: | |
14 | # | |
15 | # http://www.apache.org/licenses/LICENSE-2.0 | |
16 | # | |
17 | # Unless required by applicable law or agreed to in writing, software | |
18 | # distributed under the License is distributed on an "AS IS" BASIS, | |
19 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
20 | # See the License for the specific language governing permissions and | |
21 | # limitations under the License. | |
22 | # </@LICENSE> | |
23 | # | |
24 | ########################################################################### | |
25 | ||
54c714b2 | 26 | require_version 4.000001 |
b780ea8d SI |
27 | |
28 | ########################################################################### | |
29 | ||
30 | ifplugin Mail::SpamAssassin::Plugin::DNSEval | |
31 | ||
32 | # See the Mail::SpamAssassin::Conf manual page for details of how to use | |
33 | # check_rbl(). | |
34 | ||
35 | # --------------------------------------------------------------------------- | |
36 | # Multizone / Multi meaning BLs first. | |
37 | # | |
38 | # Note that currently TXT queries cannot be used for these, since the | |
39 | # DNSBLs do not return the A type (127.0.0.x) as part of the TXT reply. | |
40 | ||
41 | ||
b780ea8d SI |
42 | |
43 | # --------------------------------------------------------------------------- | |
44 | # Spamhaus ZEN includes SBL+CSS+XBL+PBL | |
45 | # https://www.spamhaus.org/faq/section/DNSBL%20Usage#200 | |
46 | # | |
47 | # Spamhaus XBL contains the Abuseat CBL data (cbl.abuseat.org) | |
48 | ||
49 | header __RCVD_IN_ZEN eval:check_rbl('zen', 'zen.spamhaus.org.') | |
50 | describe __RCVD_IN_ZEN Received via a relay in Spamhaus Zen | |
51 | tflags __RCVD_IN_ZEN net | |
52 | reuse __RCVD_IN_ZEN | |
53 | ||
54 | # SBL is the Spamhaus Block List: https://www.spamhaus.org/sbl/ | |
55 | header RCVD_IN_SBL eval:check_rbl_sub('zen', '127.0.0.2') | |
56 | describe RCVD_IN_SBL Received via a relay in Spamhaus SBL | |
57 | tflags RCVD_IN_SBL net | |
58 | reuse RCVD_IN_SBL | |
59 | ||
60 | # XBL is the Exploits Block List: https://www.spamhaus.org/xbl/ | |
61 | header RCVD_IN_XBL eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.0\.0\.[4567]$') | |
62 | describe RCVD_IN_XBL Received via a relay in Spamhaus XBL | |
63 | tflags RCVD_IN_XBL net | |
64 | reuse RCVD_IN_XBL | |
65 | ||
66 | # PBL is the Policy Block List: https://www.spamhaus.org/pbl/ | |
67 | header RCVD_IN_PBL eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.0\.0\.1[01]$') | |
68 | describe RCVD_IN_PBL Received via a relay in Spamhaus PBL | |
69 | tflags RCVD_IN_PBL net | |
70 | reuse RCVD_IN_PBL | |
71 | ||
72 | # CSS is the Spamhaus CSS Component of the SBL List: https://www.spamhaus.org/css/ | |
73 | header RCVD_IN_SBL_CSS eval:check_rbl_sub('zen', '127.0.0.3') | |
74 | describe RCVD_IN_SBL_CSS Received via a relay in Spamhaus SBL-CSS | |
75 | tflags RCVD_IN_SBL_CSS net | |
76 | reuse RCVD_IN_SBL_CSS | |
77 | ||
78 | # New blocked checks 10/2019 | |
79 | header RCVD_IN_ZEN_BLOCKED_OPENDNS eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.255\.255\.254$') | |
80 | describe RCVD_IN_ZEN_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/ | |
81 | tflags RCVD_IN_ZEN_BLOCKED_OPENDNS net | |
82 | reuse RCVD_IN_ZEN_BLOCKED_OPENDNS | |
83 | ||
84 | # New blocked checks 10/2019 | |
85 | header RCVD_IN_ZEN_BLOCKED eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.255\.255\.255$') | |
86 | describe RCVD_IN_ZEN_BLOCKED ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked. See https://www.spamhaus.org/returnc/vol/ | |
87 | tflags RCVD_IN_ZEN_BLOCKED net | |
88 | reuse RCVD_IN_ZEN_BLOCKED | |
89 | ||
90 | if can(Mail::SpamAssassin::Conf::feature_dns_block_rule) | |
91 | dns_block_rule RCVD_IN_ZEN_BLOCKED_OPENDNS zen.spamhaus.org | |
92 | dns_block_rule RCVD_IN_ZEN_BLOCKED zen.spamhaus.org | |
93 | endif | |
94 | ||
95 | ||
96 | # Now, single zone BLs follow: | |
97 | ||
98 | # --------------------------------------------------------------------------- | |
99 | # NOTE: donation tests, see README file for details | |
100 | ||
101 | header RCVD_IN_BL_SPAMCOP_NET eval:check_rbl_txt('spamcop', 'bl.spamcop.net.', '(?i:spamcop)') | |
102 | describe RCVD_IN_BL_SPAMCOP_NET Received via a relay in bl.spamcop.net | |
103 | tflags RCVD_IN_BL_SPAMCOP_NET net | |
104 | reuse RCVD_IN_BL_SPAMCOP_NET | |
105 | ||
106 | # --------------------------------------------------------------------------- | |
107 | # NOTE: commercial tests, see README file for details | |
108 | ||
109 | header RCVD_IN_MAPS_RBL eval:check_rbl('rblplus', 'activationcode.r.mail-abuse.com.', '1') | |
110 | describe RCVD_IN_MAPS_RBL Relay in RBL, http://www.mail-abuse.com/enduserinfo_rbl.html | |
111 | tflags RCVD_IN_MAPS_RBL net | |
112 | reuse RCVD_IN_MAPS_RBL | |
113 | ||
114 | header RCVD_IN_MAPS_DUL eval:check_rbl('rblplus-lastexternal', 'activationcode.r.mail-abuse.com.', '2') | |
115 | describe RCVD_IN_MAPS_DUL Relay in DUL, http://www.mail-abuse.com/enduserinfo_dul.html | |
116 | tflags RCVD_IN_MAPS_DUL net | |
117 | reuse RCVD_IN_MAPS_DUL | |
118 | ||
119 | header RCVD_IN_MAPS_RSS eval:check_rbl_sub('rblplus', '4') | |
120 | describe RCVD_IN_MAPS_RSS Relay in RSS, http://www.mail-abuse.com/enduserinfo_rss.html | |
121 | tflags RCVD_IN_MAPS_RSS net | |
122 | reuse RCVD_IN_MAPS_RSS | |
123 | ||
124 | header RCVD_IN_MAPS_OPS eval:check_rbl_sub('rblplus', '8') | |
125 | describe RCVD_IN_MAPS_OPS Relay in OPS, http://www.mail-abuse.com/enduserinfo_ops.html | |
126 | tflags RCVD_IN_MAPS_OPS net | |
127 | reuse RCVD_IN_MAPS_OPS | |
128 | ||
129 | # The NML isn't part of the RBL+ and I find any documentation for it - is it dead? | |
130 | header RCVD_IN_MAPS_NML eval:check_rbl('nml', 'nonconfirm.mail-abuse.com.') | |
131 | describe RCVD_IN_MAPS_NML Relay in NML, http://www.mail-abuse.com/enduserinfo_nml.html | |
132 | tflags RCVD_IN_MAPS_NML net | |
133 | reuse RCVD_IN_MAPS_NML | |
134 | ||
135 | # --------------------------------------------------------------------------- | |
136 | # Section for DNS WL related lookups below. | |
137 | ||
138 | # IADB support ... | |
139 | header __RCVD_IN_IADB eval:check_rbl('iadb-firsttrusted', 'iadb.isipp.com.') | |
140 | tflags __RCVD_IN_IADB net nice | |
141 | reuse __RCVD_IN_IADB | |
142 | ||
143 | header RCVD_IN_IADB_VOUCHED eval:check_rbl_sub('iadb-firsttrusted', '127.0.1.255') | |
144 | describe RCVD_IN_IADB_VOUCHED ISIPP IADB lists as vouched-for sender | |
145 | tflags RCVD_IN_IADB_VOUCHED net nice | |
146 | reuse RCVD_IN_IADB_VOUCHED | |
147 | ||
148 | # --------------------------------------------------------------------------- | |
cabe596e SI |
149 | # Validity (née Return Path, SenderScore) reputation DNSBLs |
150 | # https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6247 | |
151 | # Certified: | |
152 | # https://www.validity.com/resource-center/fact-sheet-certification/ | |
46cfc9e2 | 153 | # (replaces RCVD_IN_BSP_TRUSTED, RCVD_IN_BSP_OTHER, RCVD_IN_SSC_TRUSTED_COI, RCVD_IN_RP_CERTIFIED) |
54c714b2 | 154 | header RCVD_IN_VALIDITY_CERTIFIED eval:check_rbl('ssc-firsttrusted', 'sa-trusted.bondedsender.org.', '^127\.0\.0\.') |
cabe596e SI |
155 | describe RCVD_IN_VALIDITY_CERTIFIED Sender in Validity Certification - Contact certification@validity.com |
156 | tflags RCVD_IN_VALIDITY_CERTIFIED net nice publish | |
46cfc9e2 | 157 | reuse RCVD_IN_VALIDITY_CERTIFIED RCVD_IN_RP_CERTIFIED |
b780ea8d | 158 | |
54c714b2 SI |
159 | header RCVD_IN_VALIDITY_CERTIFIED_BLOCKED eval:check_rbl('ssc-firsttrusted', 'sa-trusted.bondedsender.org.', '127.255.255.255') |
160 | describe RCVD_IN_VALIDITY_CERTIFIED_BLOCKED ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. | |
161 | tflags RCVD_IN_VALIDITY_CERTIFIED_BLOCKED net publish | |
162 | reuse RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RCVD_IN_VALIDITY_CERTIFIED_BLOCKED | |
163 | ||
cabe596e SI |
164 | # Safe: |
165 | # https://www.validity.com/resource-center/fact-sheet-certification/ | |
46cfc9e2 | 166 | # (replaces HABEAS_ACCREDITED_COI, HABEAS_ACCREDITED_SOI, HABEAS_CHECKED, RCVD_IN_RP_SAFE) |
54c714b2 | 167 | header RCVD_IN_VALIDITY_SAFE eval:check_rbl('ssc-firsttrusted', 'sa-accredit.habeas.com.', '^127\.0\.0\.') |
cabe596e SI |
168 | describe RCVD_IN_VALIDITY_SAFE Sender in Validity Safe - Contact certification@validity.com |
169 | tflags RCVD_IN_VALIDITY_SAFE net nice publish | |
46cfc9e2 | 170 | reuse RCVD_IN_VALIDITY_SAFE RCVD_IN_RP_SAFE |
cabe596e | 171 | |
54c714b2 SI |
172 | header RCVD_IN_VALIDITY_SAFE_BLOCKED eval:check_rbl('ssc-firsttrusted', 'sa-accredit.habeas.com.', '127.255.255.255') |
173 | describe RCVD_IN_VALIDITY_SAFE_BLOCKED ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. | |
174 | tflags RCVD_IN_VALIDITY_SAFE_BLOCKED net publish | |
175 | reuse RCVD_IN_VALIDITY_SAFE_BLOCKED RCVD_IN_VALIDITY_SAFE_BLOCKED | |
176 | ||
cabe596e SI |
177 | # Validity RPBL (née Return Path Reputation Network Blacklist - RNBL): |
178 | # https://www.senderscore.org/blocklistlookup/ | |
46cfc9e2 | 179 | # (replaces RCVD_IN_RP_RNBL) |
54c714b2 | 180 | header RCVD_IN_VALIDITY_RPBL eval:check_rbl('rnbl-lastexternal', 'bl.score.senderscore.com.', '^127\.0\.0\.') |
cabe596e SI |
181 | describe RCVD_IN_VALIDITY_RPBL Relay in Validity RPBL, https://senderscore.org/blocklistlookup/ |
182 | tflags RCVD_IN_VALIDITY_RPBL net publish | |
46cfc9e2 | 183 | reuse RCVD_IN_VALIDITY_RPBL RCVD_IN_RP_RNBL |
b780ea8d | 184 | |
54c714b2 SI |
185 | header RCVD_IN_VALIDITY_RPBL_BLOCKED eval:check_rbl('rnbl-lastexternal', 'bl.score.senderscore.com.', '127.255.255.255') |
186 | describe RCVD_IN_VALIDITY_RPBL_BLOCKED ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. | |
187 | tflags RCVD_IN_VALIDITY_RPBL_BLOCKED net publish | |
188 | reuse RCVD_IN_VALIDITY_RPBL_BLOCKED RCVD_IN_VALIDITY_RPBL_BLOCKED | |
189 | ||
190 | if can(Mail::SpamAssassin::Conf::feature_dns_block_rule) | |
191 | dns_block_rule RCVD_IN_VALIDITY_CERTIFIED_BLOCKED sa-trusted.bondedsender.org | |
192 | dns_block_rule RCVD_IN_VALIDITY_SAFE_BLOCKED sa-accredit.habeas.com | |
193 | dns_block_rule RCVD_IN_VALIDITY_RPBL_BLOCKED bl.score.senderscore.com | |
194 | endif | |
195 | ||
b780ea8d SI |
196 | endif |
197 | ||
198 | #These are old and useless - The zones are no longer supported by SpamHaus 2018-12-12 | |
199 | #ifplugin Mail::SpamAssassin::Plugin::AskDNS | |
200 | # | |
201 | #askdns DKIMDOMAIN_IN_DWL _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT /^([a-z]+ )*(transaction|list|all)( [a-z]+)*$/ | |
202 | #tflags DKIMDOMAIN_IN_DWL net nice | |
203 | #describe DKIMDOMAIN_IN_DWL Signing domain listed in Spamhaus DWL | |
204 | #reuse DKIMDOMAIN_IN_DWL | |
205 | # | |
206 | #askdns __DKIMDOMAIN_IN_DWL_ANY _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT | |
207 | #tflags __DKIMDOMAIN_IN_DWL_ANY net nice | |
208 | #describe __DKIMDOMAIN_IN_DWL_ANY Any TXT response received from a Spamhaus DWL | |
209 | #reuse __DKIMDOMAIN_IN_DWL_ANY | |
210 | # | |
211 | #meta DKIMDOMAIN_IN_DWL_UNKNOWN __DKIMDOMAIN_IN_DWL_ANY && !DKIMDOMAIN_IN_DWL | |
212 | #tflags DKIMDOMAIN_IN_DWL_UNKNOWN net nice | |
213 | #describe DKIMDOMAIN_IN_DWL_UNKNOWN Unrecognized response from Spamhaus DWL | |
214 | # | |
215 | #endif |