Difference between revisions of "Customized spam score for RBL listed senders"

(Customized spam score for RBL listed Senders)
(Customized spam score for RBL listed Senders)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
=Customized spam score for RBL listed Senders=  
 
=Customized spam score for RBL listed Senders=  
 
<hr>
 
<hr>
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 9.0}}|}} 
 
 
{{WIP}}   
 
{{WIP}}   
  
Line 13: Line 12:
 
====Steps to follow====
 
====Steps to follow====
  
======Step-1======
+
=====Step-1=====
  
 
* Remove required RBL's at MTA level if enabled.
 
* Remove required RBL's at MTA level if enabled.
Line 26: Line 25:
 
*:<pre>zmprov ms `zmhostname` -zimbraMtaRestriction "reject_rbl_client <RBL Address>"</pre>
 
*:<pre>zmprov ms `zmhostname` -zimbraMtaRestriction "reject_rbl_client <RBL Address>"</pre>
  
======Step-2======   
+
=====Step-2=====   
 
* Edit spam assassin configuration file and add lines in below syntax for RBL lookup.
 
* Edit spam assassin configuration file and add lines in below syntax for RBL lookup.
 
: # /opt/zimbra/conf/salocal.cf.in
 
: # /opt/zimbra/conf/salocal.cf.in
Line 44: Line 43:
 
:: score CUSTOM_LOOKUP_6 2.0
 
:: score CUSTOM_LOOKUP_6 2.0
  
======Step-3======   
+
: '''List of few RBL's'''
 +
 +
:: cbl.abuseat.org
 +
:: dnsbl.sorbs.net
 +
:: bl.spamcop.net
 +
:: zen.spamhaus.org
 +
:: b.barracudacentral.org
 +
:: virus.rbl.jp
 +
:: all.s5h.net
 +
:: bl.spamcop.net
 +
:: blackholes.five-ten-sg.com
 +
:: blacklist.woody.ch
 +
:: bogons.cymru.com
 +
:: cbl.abuseat.org
 +
:: cdl.anti-spam.org.cn
 +
:: combined.abuse.ch
 +
:: db.wpbl.info
 +
:: dnsbl-1.uceprotect.net
 +
:: dnsbl-2.uceprotect.net
 +
:: dnsbl-3.uceprotect.net
 +
:: dnsbl.anticaptcha.net
 +
:: dnsbl.cyberlogic.net
 +
:: dnsbl.dronebl.org
 +
:: dnsbl.inps.de
 +
:: dnsbl.sorbs.net
 +
:: drone.abuse.ch
 +
:: drone.abuse.ch
 +
:: duinv.aupads.org
 +
:: dul.dnsbl.sorbs.net
 +
:: dyna.spamrats.com
 +
:: dynip.rothen.com
 +
:: exitnodes.tor.dnsbl.sectoor.de
 +
:: http.dnsbl.sorbs.net
 +
:: ips.backscatterer.org
 +
:: ix.dnsbl.manitu.net
 +
:: korea.services.net
 +
:: misc.dnsbl.sorbs.net
 +
:: noptr.spamrats.com
 +
:: orvedb.aupads.org
 +
:: pbl.spamhaus.org
 +
:: proxy.bl.gweep.ca
 +
:: psbl.surriel.com
 +
:: relays.bl.gweep.ca
 +
:: relays.nether.net
 +
:: sbl.spamhaus.org
 +
:: short.rbl.jp
 +
:: singular.ttk.pte.hu
 +
:: smtp.dnsbl.sorbs.net
 +
:: socks.dnsbl.sorbs.net
 +
:: spam.abuse.ch
 +
:: spam.dnsbl.sorbs.net
 +
:: spam.spamrats.com
 +
:: spambot.bls.digibase.ca
 +
:: spamrbl.imp.ch
 +
:: spamsources.fabel.dk
 +
:: ubl.unsubscore.com
 +
:: virbl.bit.nl
 +
:: virus.rbl.jp
 +
:: web.dnsbl.sorbs.net
 +
:: xbl.spamhaus.org
 +
:: zen.spamhaus.org
 +
:: zombie.dnsbl.sorbs.net
 +
:: db.wpbl.info
 +
:: rbl.abuse.ro
 +
:: spam.dnsbl.anonmails.de
 +
:: bsb.empty.us
 +
:: dnsbl.calivent.com.pe
 +
:: tor.dan.me.uk
 +
:: dnsrbl.org
 +
:: bl.drmx.org
 +
:: sbl-xbl.spamhaus.org
 +
:: dnsbl.cobion.com
 +
:: mail-abuse.blacklist.jippg.org
 +
:: recent.spam.dnsbl.sorbs.net
 +
:: bl.mailspike.net
 +
:: bl.spameatingmonkey.net
 +
:: truncate.gbudb.net
 +
:: dnsbl.rv-soft.info
 +
:: rbl.interserver.net
 +
:: dnsbl.kempt.net
 +
:: spamguard.leadmon.net
 +
 
 +
=====Step-3=====   
 
* Restart Amavisd, MTA services.
 
* Restart Amavisd, MTA services.
  
Line 52: Line 133:
 
The below is a sample message header when the sender IP is RBL listed.
 
The below is a sample message header when the sender IP is RBL listed.
  
''X-Spam-Status: No, score=3.451 required=6 tests=[CUSTOM_LOOKUP_5=2, CUSTOM_LOOKUP_6=2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1]''
+
''X-Spam-Status: No, score=3.451 required=6 tests=['''CUSTOM_LOOKUP_5=2, CUSTOM_LOOKUP_6=2''', DKIM_SIGNED=0.1, DKIM_VALID=-0.1]''
  
  

Latest revision as of 07:44, 28 July 2020

Customized spam score for RBL listed Senders



Requirement

Add positive/negative spam score to the email if senders IP listed in the RBL's.

Description

RBL's will work at the MTA (postfix) level, so if sender IP is listed in the RBL then the email is rejected by MTA (where RBL's enabled) without any notification. To allow email without compromising security check, disable RBL check at MTA level and enable at Amavis level (Spam assassin).

Steps to follow

Step-1
  • Remove required RBL's at MTA level if enabled.
Note: If RBL's not enabled at MTA level then this step can be skipped.
  • Global level configuration.
    zmprov mcf -zimbraMtaRestriction "reject_rbl_client <RBL Address>"
i.e.:
zmprov mcf -zimbraMtaRestriction "reject_rbl_client xbl.spamhaus.org"
  • Server level configuration
    zmprov ms `zmhostname` -zimbraMtaRestriction "reject_rbl_client <RBL Address>"
Step-2
  • Edit spam assassin configuration file and add lines in below syntax for RBL lookup.
# /opt/zimbra/conf/salocal.cf.in
header CUSTOM_LOOKUP eval:check_rbl('zen','zen.spamhaus.org.')
describe CUSTOM_LOOKUP Entries listed in zen.spamhaus.org RBL
score CUSTOM_LOOKUP 2.0
Note: CUSTOM_LOOKUP is a key for this definition so keep this same for every line. 2.0 is a positive SPAM score, to give negative spam score use -2.0.
i.e.:
# Rule -1:
header CUSTOM_LOOKUP_5 eval:check_rbl('spam','spam.dnsbl.sorbs.net.')
describe CUSTOM_LOOKUP_5 Entries listed in spam.dnsbl.sorbs.net RBL
score CUSTOM_LOOKUP_5 2.0
# Rule -2:
header CUSTOM_LOOKUP_6 eval:check_rbl('recent','recent.spam.dnsbl.sorbs.net.')
describe CUSTOM_LOOKUP_6 Entries listed in recent.dnsbl.sorbs.net RBL
score CUSTOM_LOOKUP_6 2.0
List of few RBL's
cbl.abuseat.org
dnsbl.sorbs.net
bl.spamcop.net
zen.spamhaus.org
b.barracudacentral.org
virus.rbl.jp
all.s5h.net
bl.spamcop.net
blackholes.five-ten-sg.com
blacklist.woody.ch
bogons.cymru.com
cbl.abuseat.org
cdl.anti-spam.org.cn
combined.abuse.ch
db.wpbl.info
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
dnsbl.anticaptcha.net
dnsbl.cyberlogic.net
dnsbl.dronebl.org
dnsbl.inps.de
dnsbl.sorbs.net
drone.abuse.ch
drone.abuse.ch
duinv.aupads.org
dul.dnsbl.sorbs.net
dyna.spamrats.com
dynip.rothen.com
exitnodes.tor.dnsbl.sectoor.de
http.dnsbl.sorbs.net
ips.backscatterer.org
ix.dnsbl.manitu.net
korea.services.net
misc.dnsbl.sorbs.net
noptr.spamrats.com
orvedb.aupads.org
pbl.spamhaus.org
proxy.bl.gweep.ca
psbl.surriel.com
relays.bl.gweep.ca
relays.nether.net
sbl.spamhaus.org
short.rbl.jp
singular.ttk.pte.hu
smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
spam.abuse.ch
spam.dnsbl.sorbs.net
spam.spamrats.com
spambot.bls.digibase.ca
spamrbl.imp.ch
spamsources.fabel.dk
ubl.unsubscore.com
virbl.bit.nl
virus.rbl.jp
web.dnsbl.sorbs.net
xbl.spamhaus.org
zen.spamhaus.org
zombie.dnsbl.sorbs.net
db.wpbl.info
rbl.abuse.ro
spam.dnsbl.anonmails.de
bsb.empty.us
dnsbl.calivent.com.pe
tor.dan.me.uk
dnsrbl.org
bl.drmx.org
sbl-xbl.spamhaus.org
dnsbl.cobion.com
mail-abuse.blacklist.jippg.org
recent.spam.dnsbl.sorbs.net
bl.mailspike.net
bl.spameatingmonkey.net
truncate.gbudb.net
dnsbl.rv-soft.info
rbl.interserver.net
dnsbl.kempt.net
spamguard.leadmon.net
Step-3
  • Restart Amavisd, MTA services.
zmamavisdctl restart
zmmtactl restart

Validation

The below is a sample message header when the sender IP is RBL listed.

X-Spam-Status: No, score=3.451 required=6 tests=[CUSTOM_LOOKUP_5=2, CUSTOM_LOOKUP_6=2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1]


Submitted by: Raghu Noti
Verified Against: ZCS 8.8.15, ZCS 9.0 Date Created: 2020-07-28
Article ID: https://wiki.zimbra.com/index.php?title=Customized_spam_score_for_RBL_listed_senders Date Modified: 2020-07-28



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Jump to: navigation, search