[proxmox-spamassassin.git] / sa-updates / 20_dnsbl_tests.cf

# SpamAssassin rules file: DNS blocklist and welcomelist tests
#
# Please don't modify this file as your changes will be overwritten with
# the next update. Use /etc/mail/spamassassin/local.cf instead.
# See 'perldoc Mail::SpamAssassin::Conf' for details.
#
# <@LICENSE>
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at:
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# </@LICENSE>
#
###########################################################################

require_version 4.000001

###########################################################################

ifplugin Mail::SpamAssassin::Plugin::DNSEval

# See the Mail::SpamAssassin::Conf manual page for details of how to use
# check_rbl().

# ---------------------------------------------------------------------------
# Multizone / Multi meaning BLs first.
#
# Note that currently TXT queries cannot be used for these, since the
# DNSBLs do not return the A type (127.0.0.x) as part of the TXT reply.


# ---------------------------------------------------------------------------
# Spamhaus ZEN includes SBL+CSS+XBL+PBL
# https://www.spamhaus.org/faq/section/DNSBL%20Usage#200
#
# Spamhaus XBL contains the Abuseat CBL data (cbl.abuseat.org)

header __RCVD_IN_ZEN            eval:check_rbl('zen', 'zen.spamhaus.org.')
describe __RCVD_IN_ZEN          Received via a relay in Spamhaus Zen
tflags __RCVD_IN_ZEN            net
reuse  __RCVD_IN_ZEN

# SBL is the Spamhaus Block List: https://www.spamhaus.org/sbl/
header RCVD_IN_SBL              eval:check_rbl_sub('zen', '127.0.0.2')
describe RCVD_IN_SBL            Received via a relay in Spamhaus SBL
tflags RCVD_IN_SBL              net
reuse  RCVD_IN_SBL

# XBL is the Exploits Block List: https://www.spamhaus.org/xbl/
header RCVD_IN_XBL              eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.0\.0\.[4567]$')
describe RCVD_IN_XBL            Received via a relay in Spamhaus XBL
tflags RCVD_IN_XBL              net
reuse  RCVD_IN_XBL

# PBL is the Policy Block List: https://www.spamhaus.org/pbl/
header RCVD_IN_PBL              eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.0\.0\.1[01]$')
describe RCVD_IN_PBL            Received via a relay in Spamhaus PBL
tflags RCVD_IN_PBL              net
reuse  RCVD_IN_PBL

# CSS is the Spamhaus CSS Component of the SBL List: https://www.spamhaus.org/css/
header RCVD_IN_SBL_CSS		eval:check_rbl_sub('zen', '127.0.0.3')
describe RCVD_IN_SBL_CSS	Received via a relay in Spamhaus SBL-CSS
tflags RCVD_IN_SBL_CSS		net
reuse  RCVD_IN_SBL_CSS

# New blocked checks 10/2019
header RCVD_IN_ZEN_BLOCKED_OPENDNS	eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.255\.255\.254$')
describe RCVD_IN_ZEN_BLOCKED_OPENDNS	ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/
tflags RCVD_IN_ZEN_BLOCKED_OPENDNS	net
reuse RCVD_IN_ZEN_BLOCKED_OPENDNS

# New blocked checks 10/2019
header RCVD_IN_ZEN_BLOCKED	eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.255\.255\.255$')
describe RCVD_IN_ZEN_BLOCKED	ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked. See https://www.spamhaus.org/returnc/vol/
tflags RCVD_IN_ZEN_BLOCKED	net
reuse RCVD_IN_ZEN_BLOCKED

if can(Mail::SpamAssassin::Conf::feature_dns_block_rule)
dns_block_rule RCVD_IN_ZEN_BLOCKED_OPENDNS zen.spamhaus.org
dns_block_rule RCVD_IN_ZEN_BLOCKED zen.spamhaus.org
endif


# Now, single zone BLs follow:

# ---------------------------------------------------------------------------
# NOTE: donation tests, see README file for details

header RCVD_IN_BL_SPAMCOP_NET   eval:check_rbl_txt('spamcop', 'bl.spamcop.net.', '(?i:spamcop)')
describe RCVD_IN_BL_SPAMCOP_NET Received via a relay in bl.spamcop.net
tflags RCVD_IN_BL_SPAMCOP_NET   net
reuse  RCVD_IN_BL_SPAMCOP_NET

# ---------------------------------------------------------------------------
# NOTE: commercial tests, see README file for details

header RCVD_IN_MAPS_RBL         eval:check_rbl('rblplus', 'activationcode.r.mail-abuse.com.', '1')
describe RCVD_IN_MAPS_RBL       Relay in RBL, http://www.mail-abuse.com/enduserinfo_rbl.html
tflags RCVD_IN_MAPS_RBL         net
reuse RCVD_IN_MAPS_RBL

header RCVD_IN_MAPS_DUL         eval:check_rbl('rblplus-lastexternal', 'activationcode.r.mail-abuse.com.', '2')
describe RCVD_IN_MAPS_DUL       Relay in DUL, http://www.mail-abuse.com/enduserinfo_dul.html
tflags RCVD_IN_MAPS_DUL         net
reuse RCVD_IN_MAPS_DUL

header RCVD_IN_MAPS_RSS         eval:check_rbl_sub('rblplus', '4')
describe RCVD_IN_MAPS_RSS       Relay in RSS, http://www.mail-abuse.com/enduserinfo_rss.html
tflags RCVD_IN_MAPS_RSS         net
reuse RCVD_IN_MAPS_RSS

header RCVD_IN_MAPS_OPS         eval:check_rbl_sub('rblplus', '8')
describe RCVD_IN_MAPS_OPS       Relay in OPS, http://www.mail-abuse.com/enduserinfo_ops.html
tflags RCVD_IN_MAPS_OPS         net
reuse RCVD_IN_MAPS_OPS

# The NML isn't part of the RBL+ and I find any documentation for it - is it dead?
header RCVD_IN_MAPS_NML         eval:check_rbl('nml', 'nonconfirm.mail-abuse.com.')
describe RCVD_IN_MAPS_NML       Relay in NML, http://www.mail-abuse.com/enduserinfo_nml.html
tflags RCVD_IN_MAPS_NML         net
reuse RCVD_IN_MAPS_NML

# ---------------------------------------------------------------------------
# Section for DNS WL related lookups below.

# IADB support ...
header __RCVD_IN_IADB           eval:check_rbl('iadb-firsttrusted', 'iadb.isipp.com.')
tflags __RCVD_IN_IADB           net nice
reuse __RCVD_IN_IADB

header RCVD_IN_IADB_VOUCHED     eval:check_rbl_sub('iadb-firsttrusted', '127.0.1.255')
describe RCVD_IN_IADB_VOUCHED   ISIPP IADB lists as vouched-for sender
tflags RCVD_IN_IADB_VOUCHED     net nice
reuse RCVD_IN_IADB_VOUCHED

# ---------------------------------------------------------------------------
# Validity (née Return Path, SenderScore) reputation DNSBLs
# https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6247
# Certified:
# https://www.validity.com/resource-center/fact-sheet-certification/
# (replaces RCVD_IN_BSP_TRUSTED, RCVD_IN_BSP_OTHER, RCVD_IN_SSC_TRUSTED_COI, RCVD_IN_RP_CERTIFIED)
header RCVD_IN_VALIDITY_CERTIFIED     eval:check_rbl('ssc-firsttrusted', 'sa-trusted.bondedsender.org.', '^127\.0\.0\.')
describe RCVD_IN_VALIDITY_CERTIFIED   Sender in Validity Certification - Contact certification@validity.com
tflags RCVD_IN_VALIDITY_CERTIFIED     net nice publish
reuse RCVD_IN_VALIDITY_CERTIFIED      RCVD_IN_RP_CERTIFIED

header RCVD_IN_VALIDITY_CERTIFIED_BLOCKED    eval:check_rbl('ssc-firsttrusted', 'sa-trusted.bondedsender.org.', '127.255.255.255')
describe RCVD_IN_VALIDITY_CERTIFIED_BLOCKED  ADMINISTRATOR NOTICE: The query to Validity was blocked.  See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
tflags RCVD_IN_VALIDITY_CERTIFIED_BLOCKED    net publish
reuse RCVD_IN_VALIDITY_CERTIFIED_BLOCKED     RCVD_IN_VALIDITY_CERTIFIED_BLOCKED

# Safe:
# https://www.validity.com/resource-center/fact-sheet-certification/
# (replaces HABEAS_ACCREDITED_COI, HABEAS_ACCREDITED_SOI, HABEAS_CHECKED, RCVD_IN_RP_SAFE)
header RCVD_IN_VALIDITY_SAFE     eval:check_rbl('ssc-firsttrusted', 'sa-accredit.habeas.com.', '^127\.0\.0\.')
describe RCVD_IN_VALIDITY_SAFE   Sender in Validity Safe - Contact certification@validity.com
tflags RCVD_IN_VALIDITY_SAFE     net nice publish
reuse RCVD_IN_VALIDITY_SAFE      RCVD_IN_RP_SAFE

header RCVD_IN_VALIDITY_SAFE_BLOCKED    eval:check_rbl('ssc-firsttrusted', 'sa-accredit.habeas.com.', '127.255.255.255')
describe RCVD_IN_VALIDITY_SAFE_BLOCKED  ADMINISTRATOR NOTICE: The query to Validity was blocked.  See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
tflags RCVD_IN_VALIDITY_SAFE_BLOCKED    net publish
reuse RCVD_IN_VALIDITY_SAFE_BLOCKED     RCVD_IN_VALIDITY_SAFE_BLOCKED

# Validity RPBL (née Return Path Reputation Network Blacklist - RNBL):
# https://www.senderscore.org/blocklistlookup/
# (replaces RCVD_IN_RP_RNBL)
header RCVD_IN_VALIDITY_RPBL     eval:check_rbl('rnbl-lastexternal', 'bl.score.senderscore.com.', '^127\.0\.0\.')
describe RCVD_IN_VALIDITY_RPBL   Relay in Validity RPBL, https://senderscore.org/blocklistlookup/
tflags RCVD_IN_VALIDITY_RPBL     net publish
reuse RCVD_IN_VALIDITY_RPBL      RCVD_IN_RP_RNBL

header RCVD_IN_VALIDITY_RPBL_BLOCKED    eval:check_rbl('rnbl-lastexternal', 'bl.score.senderscore.com.', '127.255.255.255')
describe RCVD_IN_VALIDITY_RPBL_BLOCKED  ADMINISTRATOR NOTICE: The query to Validity was blocked.  See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
tflags RCVD_IN_VALIDITY_RPBL_BLOCKED    net publish
reuse RCVD_IN_VALIDITY_RPBL_BLOCKED     RCVD_IN_VALIDITY_RPBL_BLOCKED

if can(Mail::SpamAssassin::Conf::feature_dns_block_rule)
dns_block_rule RCVD_IN_VALIDITY_CERTIFIED_BLOCKED sa-trusted.bondedsender.org
dns_block_rule RCVD_IN_VALIDITY_SAFE_BLOCKED sa-accredit.habeas.com
dns_block_rule RCVD_IN_VALIDITY_RPBL_BLOCKED bl.score.senderscore.com
endif

endif

#These are old and useless - The zones are no longer supported by SpamHaus 2018-12-12
#ifplugin Mail::SpamAssassin::Plugin::AskDNS
#
#askdns   DKIMDOMAIN_IN_DWL  _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT /^([a-z]+ )*(transaction|list|all)( [a-z]+)*$/
#tflags   DKIMDOMAIN_IN_DWL  net nice
#describe DKIMDOMAIN_IN_DWL  Signing domain listed in Spamhaus DWL
#reuse    DKIMDOMAIN_IN_DWL
#
#askdns   __DKIMDOMAIN_IN_DWL_ANY  _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT
#tflags   __DKIMDOMAIN_IN_DWL_ANY  net nice
#describe __DKIMDOMAIN_IN_DWL_ANY  Any TXT response received from a Spamhaus DWL
#reuse    __DKIMDOMAIN_IN_DWL_ANY
#
#meta     DKIMDOMAIN_IN_DWL_UNKNOWN  __DKIMDOMAIN_IN_DWL_ANY && !DKIMDOMAIN_IN_DWL
#tflags   DKIMDOMAIN_IN_DWL_UNKNOWN  net nice
#describe DKIMDOMAIN_IN_DWL_UNKNOWN  Unrecognized response from Spamhaus DWL
#
#endif
Commit	Line	Data
dfdd1e08	1	# SpamAssassin rules file: DNS blocklist and welcomelist tests
b780ea8d SI	2	#
	3	# Please don't modify this file as your changes will be overwritten with
	4	# the next update. Use /etc/mail/spamassassin/local.cf instead.
	5	# See 'perldoc Mail::SpamAssassin::Conf' for details.
	6	#
	7	# <@LICENSE>
	8	# Licensed to the Apache Software Foundation (ASF) under one or more
	9	# contributor license agreements. See the NOTICE file distributed with
	10	# this work for additional information regarding copyright ownership.
	11	# The ASF licenses this file to you under the Apache License, Version 2.0
	12	# (the "License"); you may not use this file except in compliance with
	13	# the License. You may obtain a copy of the License at:
	14	#
	15	# http://www.apache.org/licenses/LICENSE-2.0
	16	#
	17	# Unless required by applicable law or agreed to in writing, software
	18	# distributed under the License is distributed on an "AS IS" BASIS,
	19	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	20	# See the License for the specific language governing permissions and
	21	# limitations under the License.
	22	# </@LICENSE>
	23	#
	24	###########################################################################
	25
54c714b2	26	require_version 4.000001
b780ea8d SI	27
	28	###########################################################################
	29
	30	ifplugin Mail::SpamAssassin::Plugin::DNSEval
	31
	32	# See the Mail::SpamAssassin::Conf manual page for details of how to use
	33	# check_rbl().
	34
	35	# ---------------------------------------------------------------------------
	36	# Multizone / Multi meaning BLs first.
	37	#
	38	# Note that currently TXT queries cannot be used for these, since the
	39	# DNSBLs do not return the A type (127.0.0.x) as part of the TXT reply.
	40
	41
b780ea8d SI	42
	43	# ---------------------------------------------------------------------------
	44	# Spamhaus ZEN includes SBL+CSS+XBL+PBL
	45	# https://www.spamhaus.org/faq/section/DNSBL%20Usage#200
	46	#
	47	# Spamhaus XBL contains the Abuseat CBL data (cbl.abuseat.org)
	48
	49	header __RCVD_IN_ZEN eval:check_rbl('zen', 'zen.spamhaus.org.')
	50	describe __RCVD_IN_ZEN Received via a relay in Spamhaus Zen
	51	tflags __RCVD_IN_ZEN net
	52	reuse __RCVD_IN_ZEN
	53
	54	# SBL is the Spamhaus Block List: https://www.spamhaus.org/sbl/
	55	header RCVD_IN_SBL eval:check_rbl_sub('zen', '127.0.0.2')
	56	describe RCVD_IN_SBL Received via a relay in Spamhaus SBL
	57	tflags RCVD_IN_SBL net
	58	reuse RCVD_IN_SBL
	59
	60	# XBL is the Exploits Block List: https://www.spamhaus.org/xbl/
	61	header RCVD_IN_XBL eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.0\.0\.[4567]$')
	62	describe RCVD_IN_XBL Received via a relay in Spamhaus XBL
	63	tflags RCVD_IN_XBL net
	64	reuse RCVD_IN_XBL
	65
	66	# PBL is the Policy Block List: https://www.spamhaus.org/pbl/
	67	header RCVD_IN_PBL eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.0\.0\.1[01]$')
	68	describe RCVD_IN_PBL Received via a relay in Spamhaus PBL
	69	tflags RCVD_IN_PBL net
	70	reuse RCVD_IN_PBL
	71
	72	# CSS is the Spamhaus CSS Component of the SBL List: https://www.spamhaus.org/css/
	73	header RCVD_IN_SBL_CSS eval:check_rbl_sub('zen', '127.0.0.3')
	74	describe RCVD_IN_SBL_CSS Received via a relay in Spamhaus SBL-CSS
	75	tflags RCVD_IN_SBL_CSS net
	76	reuse RCVD_IN_SBL_CSS
	77
	78	# New blocked checks 10/2019
	79	header RCVD_IN_ZEN_BLOCKED_OPENDNS eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.255\.255\.254$')
	80	describe RCVD_IN_ZEN_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/
	81	tflags RCVD_IN_ZEN_BLOCKED_OPENDNS net
	82	reuse RCVD_IN_ZEN_BLOCKED_OPENDNS
	83
	84	# New blocked checks 10/2019
	85	header RCVD_IN_ZEN_BLOCKED eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.255\.255\.255$')
	86	describe RCVD_IN_ZEN_BLOCKED ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked. See https://www.spamhaus.org/returnc/vol/
	87	tflags RCVD_IN_ZEN_BLOCKED net
	88	reuse RCVD_IN_ZEN_BLOCKED
	89
	90	if can(Mail::SpamAssassin::Conf::feature_dns_block_rule)
	91	dns_block_rule RCVD_IN_ZEN_BLOCKED_OPENDNS zen.spamhaus.org
	92	dns_block_rule RCVD_IN_ZEN_BLOCKED zen.spamhaus.org
	93	endif
	94
	95
	96	# Now, single zone BLs follow:
	97
	98	# ---------------------------------------------------------------------------
	99	# NOTE: donation tests, see README file for details
	100
	101	header RCVD_IN_BL_SPAMCOP_NET eval:check_rbl_txt('spamcop', 'bl.spamcop.net.', '(?i:spamcop)')
	102	describe RCVD_IN_BL_SPAMCOP_NET Received via a relay in bl.spamcop.net
	103	tflags RCVD_IN_BL_SPAMCOP_NET net
	104	reuse RCVD_IN_BL_SPAMCOP_NET
	105
106	# ---------------------------------------------------------------------------
107	# NOTE: commercial tests, see README file for details
108
109	header RCVD_IN_MAPS_RBL eval:check_rbl('rblplus', 'activationcode.r.mail-abuse.com.', '1')
110	describe RCVD_IN_MAPS_RBL Relay in RBL, http://www.mail-abuse.com/enduserinfo_rbl.html
111	tflags RCVD_IN_MAPS_RBL net
112	reuse RCVD_IN_MAPS_RBL
113
114	header RCVD_IN_MAPS_DUL eval:check_rbl('rblplus-lastexternal', 'activationcode.r.mail-abuse.com.', '2')
115	describe RCVD_IN_MAPS_DUL Relay in DUL, http://www.mail-abuse.com/enduserinfo_dul.html
116	tflags RCVD_IN_MAPS_DUL net
117	reuse RCVD_IN_MAPS_DUL
118
119	header RCVD_IN_MAPS_RSS eval:check_rbl_sub('rblplus', '4')
120	describe RCVD_IN_MAPS_RSS Relay in RSS, http://www.mail-abuse.com/enduserinfo_rss.html
121	tflags RCVD_IN_MAPS_RSS net
122	reuse RCVD_IN_MAPS_RSS
123
124	header RCVD_IN_MAPS_OPS eval:check_rbl_sub('rblplus', '8')
125	describe RCVD_IN_MAPS_OPS Relay in OPS, http://www.mail-abuse.com/enduserinfo_ops.html
126	tflags RCVD_IN_MAPS_OPS net
127	reuse RCVD_IN_MAPS_OPS
128
129	# The NML isn't part of the RBL+ and I find any documentation for it - is it dead?
130	header RCVD_IN_MAPS_NML eval:check_rbl('nml', 'nonconfirm.mail-abuse.com.')
131	describe RCVD_IN_MAPS_NML Relay in NML, http://www.mail-abuse.com/enduserinfo_nml.html
132	tflags RCVD_IN_MAPS_NML net
133	reuse RCVD_IN_MAPS_NML
134
135	# ---------------------------------------------------------------------------
136	# Section for DNS WL related lookups below.
137
138	# IADB support ...
139	header __RCVD_IN_IADB eval:check_rbl('iadb-firsttrusted', 'iadb.isipp.com.')
140	tflags __RCVD_IN_IADB net nice
141	reuse __RCVD_IN_IADB
142
143	header RCVD_IN_IADB_VOUCHED eval:check_rbl_sub('iadb-firsttrusted', '127.0.1.255')
144	describe RCVD_IN_IADB_VOUCHED ISIPP IADB lists as vouched-for sender
145	tflags RCVD_IN_IADB_VOUCHED net nice
146	reuse RCVD_IN_IADB_VOUCHED
147
148	# ---------------------------------------------------------------------------
cabe596e SI	149	# Validity (née Return Path, SenderScore) reputation DNSBLs
	150	# https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6247
	151	# Certified:
	152	# https://www.validity.com/resource-center/fact-sheet-certification/
46cfc9e2	153	# (replaces RCVD_IN_BSP_TRUSTED, RCVD_IN_BSP_OTHER, RCVD_IN_SSC_TRUSTED_COI, RCVD_IN_RP_CERTIFIED)
54c714b2	154	header RCVD_IN_VALIDITY_CERTIFIED eval:check_rbl('ssc-firsttrusted', 'sa-trusted.bondedsender.org.', '^127\.0\.0\.')
cabe596e SI	155	describe RCVD_IN_VALIDITY_CERTIFIED Sender in Validity Certification - Contact certification@validity.com
cabe596e SI	156	tflags RCVD_IN_VALIDITY_CERTIFIED net nice publish
46cfc9e2	157	reuse RCVD_IN_VALIDITY_CERTIFIED RCVD_IN_RP_CERTIFIED
b780ea8d	158
54c714b2 SI	159	header RCVD_IN_VALIDITY_CERTIFIED_BLOCKED eval:check_rbl('ssc-firsttrusted', 'sa-trusted.bondedsender.org.', '127.255.255.255')
	160	describe RCVD_IN_VALIDITY_CERTIFIED_BLOCKED ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
	161	tflags RCVD_IN_VALIDITY_CERTIFIED_BLOCKED net publish
	162	reuse RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RCVD_IN_VALIDITY_CERTIFIED_BLOCKED
	163
cabe596e SI	164	# Safe:
cabe596e SI	165	# https://www.validity.com/resource-center/fact-sheet-certification/
46cfc9e2	166	# (replaces HABEAS_ACCREDITED_COI, HABEAS_ACCREDITED_SOI, HABEAS_CHECKED, RCVD_IN_RP_SAFE)
54c714b2	167	header RCVD_IN_VALIDITY_SAFE eval:check_rbl('ssc-firsttrusted', 'sa-accredit.habeas.com.', '^127\.0\.0\.')
cabe596e SI	168	describe RCVD_IN_VALIDITY_SAFE Sender in Validity Safe - Contact certification@validity.com
cabe596e SI	169	tflags RCVD_IN_VALIDITY_SAFE net nice publish
46cfc9e2	170	reuse RCVD_IN_VALIDITY_SAFE RCVD_IN_RP_SAFE
cabe596e	171
54c714b2 SI	172	header RCVD_IN_VALIDITY_SAFE_BLOCKED eval:check_rbl('ssc-firsttrusted', 'sa-accredit.habeas.com.', '127.255.255.255')
	173	describe RCVD_IN_VALIDITY_SAFE_BLOCKED ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
	174	tflags RCVD_IN_VALIDITY_SAFE_BLOCKED net publish
	175	reuse RCVD_IN_VALIDITY_SAFE_BLOCKED RCVD_IN_VALIDITY_SAFE_BLOCKED
	176
cabe596e SI	177	# Validity RPBL (née Return Path Reputation Network Blacklist - RNBL):
cabe596e SI	178	# https://www.senderscore.org/blocklistlookup/
46cfc9e2	179	# (replaces RCVD_IN_RP_RNBL)
54c714b2	180	header RCVD_IN_VALIDITY_RPBL eval:check_rbl('rnbl-lastexternal', 'bl.score.senderscore.com.', '^127\.0\.0\.')
cabe596e SI	181	describe RCVD_IN_VALIDITY_RPBL Relay in Validity RPBL, https://senderscore.org/blocklistlookup/
cabe596e SI	182	tflags RCVD_IN_VALIDITY_RPBL net publish
46cfc9e2	183	reuse RCVD_IN_VALIDITY_RPBL RCVD_IN_RP_RNBL
b780ea8d	184
54c714b2 SI	185	header RCVD_IN_VALIDITY_RPBL_BLOCKED eval:check_rbl('rnbl-lastexternal', 'bl.score.senderscore.com.', '127.255.255.255')
	186	describe RCVD_IN_VALIDITY_RPBL_BLOCKED ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
	187	tflags RCVD_IN_VALIDITY_RPBL_BLOCKED net publish
	188	reuse RCVD_IN_VALIDITY_RPBL_BLOCKED RCVD_IN_VALIDITY_RPBL_BLOCKED
	189
	190	if can(Mail::SpamAssassin::Conf::feature_dns_block_rule)
	191	dns_block_rule RCVD_IN_VALIDITY_CERTIFIED_BLOCKED sa-trusted.bondedsender.org
	192	dns_block_rule RCVD_IN_VALIDITY_SAFE_BLOCKED sa-accredit.habeas.com
	193	dns_block_rule RCVD_IN_VALIDITY_RPBL_BLOCKED bl.score.senderscore.com
	194	endif
	195
b780ea8d SI	196	endif
	197
	198	#These are old and useless - The zones are no longer supported by SpamHaus 2018-12-12
	199	#ifplugin Mail::SpamAssassin::Plugin::AskDNS
	200	#
	201	#askdns DKIMDOMAIN_IN_DWL _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT /^([a-z]+ )(transaction\|list\|all)( [a-z]+)$/
	202	#tflags DKIMDOMAIN_IN_DWL net nice
	203	#describe DKIMDOMAIN_IN_DWL Signing domain listed in Spamhaus DWL
	204	#reuse DKIMDOMAIN_IN_DWL
	205	#
	206	#askdns __DKIMDOMAIN_IN_DWL_ANY _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT
	207	#tflags __DKIMDOMAIN_IN_DWL_ANY net nice
	208	#describe __DKIMDOMAIN_IN_DWL_ANY Any TXT response received from a Spamhaus DWL
	209	#reuse __DKIMDOMAIN_IN_DWL_ANY
	210	#
	211	#meta DKIMDOMAIN_IN_DWL_UNKNOWN __DKIMDOMAIN_IN_DWL_ANY && !DKIMDOMAIN_IN_DWL
	212	#tflags DKIMDOMAIN_IN_DWL_UNKNOWN net nice
	213	#describe DKIMDOMAIN_IN_DWL_UNKNOWN Unrecognized response from Spamhaus DWL
	214	#
	215	#endif