Customized spam score for RBL listed senders
Customized spam score for RBL listed Senders
Requirement
Add positive/negative spam score to the email if senders IP listed in the RBL's.
Description
RBL's will work at the MTA (postfix) level, so if sender IP is listed in the RBL then the email is rejected by MTA (where RBL's enabled) without any notification. To allow email without compromising security check, disable RBL check at MTA level and enable at Amavis level (Spam assassin).
Steps to follow
Step-1
- Remove required RBL's at MTA level if enabled.
- Note: If RBL's not enabled at MTA level then this step can be skipped.
- Global level configuration.
zmprov mcf -zimbraMtaRestriction "reject_rbl_client <RBL Address>"
- i.e.:
- zmprov mcf -zimbraMtaRestriction "reject_rbl_client xbl.spamhaus.org"
- Server level configuration
zmprov ms `zmhostname` -zimbraMtaRestriction "reject_rbl_client <RBL Address>"
Step-2
- Edit spam assassin configuration file and add lines in below syntax for RBL lookup.
- # /opt/zimbra/conf/salocal.cf.in
header CUSTOM_LOOKUP eval:check_rbl('zen','zen.spamhaus.org.') describe CUSTOM_LOOKUP Entries listed in zen.spamhaus.org RBL score CUSTOM_LOOKUP 2.0
- Note: CUSTOM_LOOKUP is a key for this definition so keep this same for every line. 2.0 is a positive SPAM score, to give negative spam score use -2.0.
- i.e.:
- # Rule -1:
- header CUSTOM_LOOKUP_5 eval:check_rbl('spam','spam.dnsbl.sorbs.net.')
- describe CUSTOM_LOOKUP_5 Entries listed in spam.dnsbl.sorbs.net RBL
- score CUSTOM_LOOKUP_5 2.0
- # Rule -2:
- header CUSTOM_LOOKUP_6 eval:check_rbl('recent','recent.spam.dnsbl.sorbs.net.')
- describe CUSTOM_LOOKUP_6 Entries listed in recent.dnsbl.sorbs.net RBL
- score CUSTOM_LOOKUP_6 2.0
- List of few RBL's
- cbl.abuseat.org
- dnsbl.sorbs.net
- bl.spamcop.net
- zen.spamhaus.org
- b.barracudacentral.org
- virus.rbl.jp
- all.s5h.net
- bl.spamcop.net
- blackholes.five-ten-sg.com
- blacklist.woody.ch
- bogons.cymru.com
- cbl.abuseat.org
- cdl.anti-spam.org.cn
- combined.abuse.ch
- db.wpbl.info
- dnsbl-1.uceprotect.net
- dnsbl-2.uceprotect.net
- dnsbl-3.uceprotect.net
- dnsbl.anticaptcha.net
- dnsbl.cyberlogic.net
- dnsbl.dronebl.org
- dnsbl.inps.de
- dnsbl.sorbs.net
- drone.abuse.ch
- drone.abuse.ch
- duinv.aupads.org
- dul.dnsbl.sorbs.net
- dyna.spamrats.com
- dynip.rothen.com
- exitnodes.tor.dnsbl.sectoor.de
- http.dnsbl.sorbs.net
- ips.backscatterer.org
- ix.dnsbl.manitu.net
- korea.services.net
- misc.dnsbl.sorbs.net
- noptr.spamrats.com
- orvedb.aupads.org
- pbl.spamhaus.org
- proxy.bl.gweep.ca
- psbl.surriel.com
- relays.bl.gweep.ca
- relays.nether.net
- sbl.spamhaus.org
- short.rbl.jp
- singular.ttk.pte.hu
- smtp.dnsbl.sorbs.net
- socks.dnsbl.sorbs.net
- spam.abuse.ch
- spam.dnsbl.sorbs.net
- spam.spamrats.com
- spambot.bls.digibase.ca
- spamrbl.imp.ch
- spamsources.fabel.dk
- ubl.unsubscore.com
- virbl.bit.nl
- virus.rbl.jp
- web.dnsbl.sorbs.net
- xbl.spamhaus.org
- zen.spamhaus.org
- zombie.dnsbl.sorbs.net
- db.wpbl.info
- rbl.abuse.ro
- spam.dnsbl.anonmails.de
- bsb.empty.us
- dnsbl.calivent.com.pe
- tor.dan.me.uk
- dnsrbl.org
- bl.drmx.org
- sbl-xbl.spamhaus.org
- dnsbl.cobion.com
- mail-abuse.blacklist.jippg.org
- recent.spam.dnsbl.sorbs.net
- bl.mailspike.net
- bl.spameatingmonkey.net
- truncate.gbudb.net
- dnsbl.rv-soft.info
- rbl.interserver.net
- dnsbl.kempt.net
- spamguard.leadmon.net
Step-3
- Restart Amavisd, MTA services.
zmamavisdctl restart zmmtactl restart
Validation
The below is a sample message header when the sender IP is RBL listed.
X-Spam-Status: No, score=3.451 required=6 tests=[CUSTOM_LOOKUP_5=2, CUSTOM_LOOKUP_6=2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1]
Submitted by: Raghu Noti |