/usr/share/spamassassin/20_dnsbl_tests.cf is in spamassassin 3.4.1-8build1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 | # SpamAssassin rules file: DNS blacklist and whitelist tests
#
# Please don't modify this file as your changes will be overwritten with
# the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead.
# See 'perldoc Mail::SpamAssassin::Conf' for details.
#
# <@LICENSE>
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# </@LICENSE>
#
###########################################################################
require_version @@VERSION@@
###########################################################################
ifplugin Mail::SpamAssassin::Plugin::DNSEval
# See the Mail::SpamAssassin::Conf manual page for details of how to use
# check_rbl().
# ---------------------------------------------------------------------------
# Multizone / Multi meaning BLs first.
#
# Note that currently TXT queries cannot be used for these, since the
# DNSBLs do not return the A type (127.0.0.x) as part of the TXT reply.
# ---------------------------------------------------------------------------
# SORBS
# transfers: both axfr and ixfr available
# URL: http://www.dnsbl.sorbs.net/
# pay-to-use: no
# delist: $50 fee for RCVD_IN_SORBS_SPAM, others have free retest on request
header __RCVD_IN_SORBS eval:check_rbl('sorbs', 'dnsbl.sorbs.net.')
describe __RCVD_IN_SORBS SORBS: sender is listed in SORBS
tflags __RCVD_IN_SORBS net
reuse __RCVD_IN_SORBS
header RCVD_IN_SORBS_HTTP eval:check_rbl_sub('sorbs', '127.0.0.2')
describe RCVD_IN_SORBS_HTTP SORBS: sender is open HTTP proxy server
tflags RCVD_IN_SORBS_HTTP net
reuse RCVD_IN_SORBS_HTTP
header RCVD_IN_SORBS_SOCKS eval:check_rbl_sub('sorbs', '127.0.0.3')
describe RCVD_IN_SORBS_SOCKS SORBS: sender is open SOCKS proxy server
tflags RCVD_IN_SORBS_SOCKS net
reuse RCVD_IN_SORBS_SOCKS
header RCVD_IN_SORBS_MISC eval:check_rbl_sub('sorbs', '127.0.0.4')
describe RCVD_IN_SORBS_MISC SORBS: sender is open proxy server
tflags RCVD_IN_SORBS_MISC net
reuse RCVD_IN_SORBS_MISC
header RCVD_IN_SORBS_SMTP eval:check_rbl_sub('sorbs', '127.0.0.5')
describe RCVD_IN_SORBS_SMTP SORBS: sender is open SMTP relay
tflags RCVD_IN_SORBS_SMTP net
reuse RCVD_IN_SORBS_SMTP
# delist: $50 fee
#header RCVD_IN_SORBS_SPAM eval:check_rbl_sub('sorbs', '127.0.0.6')
#describe RCVD_IN_SORBS_SPAM SORBS: sender is a spam source
#tflags RCVD_IN_SORBS_SPAM net
#reuse RCVD_IN_SORBS_SPAM RCVD_IN_SORBS_SPAM
header RCVD_IN_SORBS_WEB eval:check_rbl_sub('sorbs', '127.0.0.7')
describe RCVD_IN_SORBS_WEB SORBS: sender is an abusable web server
tflags RCVD_IN_SORBS_WEB net
reuse RCVD_IN_SORBS_WEB
header RCVD_IN_SORBS_BLOCK eval:check_rbl_sub('sorbs', '127.0.0.8')
describe RCVD_IN_SORBS_BLOCK SORBS: sender demands to never be tested
tflags RCVD_IN_SORBS_BLOCK net
reuse RCVD_IN_SORBS_BLOCK
header RCVD_IN_SORBS_ZOMBIE eval:check_rbl_sub('sorbs', '127.0.0.9')
describe RCVD_IN_SORBS_ZOMBIE SORBS: sender is on a hijacked network
tflags RCVD_IN_SORBS_ZOMBIE net
reuse RCVD_IN_SORBS_ZOMBIE
header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-lastexternal', 'dnsbl.sorbs.net.', '127.0.0.10')
describe RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address
tflags RCVD_IN_SORBS_DUL net
reuse RCVD_IN_SORBS_DUL
# ---------------------------------------------------------------------------
# Spamhaus ZEN includes SBL+CSS+XBL+PBL
# http://www.spamhaus.org/faq/section/DNSBL%20Usage#200
#
# Spamhaus XBL contains the Abuseat CBL data (cbl.abuseat.org)
header __RCVD_IN_ZEN eval:check_rbl('zen', 'zen.spamhaus.org.')
describe __RCVD_IN_ZEN Received via a relay in Spamhaus Zen
tflags __RCVD_IN_ZEN net
reuse __RCVD_IN_ZEN
# SBL is the Spamhaus Block List: http://www.spamhaus.org/sbl/
header RCVD_IN_SBL eval:check_rbl_sub('zen', '127.0.0.2')
describe RCVD_IN_SBL Received via a relay in Spamhaus SBL
tflags RCVD_IN_SBL net
reuse RCVD_IN_SBL
# XBL is the Exploits Block List: http://www.spamhaus.org/xbl/
header RCVD_IN_XBL eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.0\.0\.[45678]$')
describe RCVD_IN_XBL Received via a relay in Spamhaus XBL
tflags RCVD_IN_XBL net
reuse RCVD_IN_XBL
# PBL is the Policy Block List: http://www.spamhaus.org/pbl/
header RCVD_IN_PBL eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.0\.0\.1[01]$')
describe RCVD_IN_PBL Received via a relay in Spamhaus PBL
tflags RCVD_IN_PBL net
reuse RCVD_IN_PBL
# CSS is the Spamhaus CSS Component of the SBL List: http://www.spamhaus.org/css/
header RCVD_IN_SBL_CSS eval:check_rbl_sub('zen', '127.0.0.3')
describe RCVD_IN_SBL_CSS Received via a relay in Spamhaus SBL-CSS
tflags RCVD_IN_SBL_CSS net
reuse RCVD_IN_SBL_CSS
# Now, single zone BLs follow:
# ---------------------------------------------------------------------------
# NOTE: donation tests, see README file for details
header RCVD_IN_BL_SPAMCOP_NET eval:check_rbl_txt('spamcop', 'bl.spamcop.net.', '(?i:spamcop)')
describe RCVD_IN_BL_SPAMCOP_NET Received via a relay in bl.spamcop.net
tflags RCVD_IN_BL_SPAMCOP_NET net
reuse RCVD_IN_BL_SPAMCOP_NET
# ---------------------------------------------------------------------------
# NOTE: commercial tests, see README file for details
header RCVD_IN_MAPS_RBL eval:check_rbl('rblplus', 'activationcode.r.mail-abuse.com.', '1')
describe RCVD_IN_MAPS_RBL Relay in RBL, http://www.mail-abuse.com/enduserinfo_rbl.html
tflags RCVD_IN_MAPS_RBL net
header RCVD_IN_MAPS_DUL eval:check_rbl('rblplus-lastexternal', 'activationcode.r.mail-abuse.com.', '2')
describe RCVD_IN_MAPS_DUL Relay in DUL, http://www.mail-abuse.com/enduserinfo_dul.html
tflags RCVD_IN_MAPS_DUL net
header RCVD_IN_MAPS_RSS eval:check_rbl_sub('rblplus', '4')
describe RCVD_IN_MAPS_RSS Relay in RSS, http://www.mail-abuse.com/enduserinfo_rss.html
tflags RCVD_IN_MAPS_RSS net
header RCVD_IN_MAPS_OPS eval:check_rbl_sub('rblplus', '8')
describe RCVD_IN_MAPS_OPS Relay in OPS, http://www.mail-abuse.com/enduserinfo_ops.html
tflags RCVD_IN_MAPS_OPS net
# The NML isn't part of the RBL+ and I find any documentation for it - is it dead?
header RCVD_IN_MAPS_NML eval:check_rbl('nml', 'nonconfirm.mail-abuse.com.')
describe RCVD_IN_MAPS_NML Relay in NML, http://www.mail-abuse.com/enduserinfo_nml.html
tflags RCVD_IN_MAPS_NML net
# ---------------------------------------------------------------------------
# Section for DNS WL related lookups below.
# IADB support ...
header __RCVD_IN_IADB eval:check_rbl('iadb-firsttrusted', 'iadb.isipp.com.')
tflags __RCVD_IN_IADB net nice
header RCVD_IN_IADB_VOUCHED eval:check_rbl_sub('iadb-firsttrusted', '127.0.1.255')
describe RCVD_IN_IADB_VOUCHED ISIPP IADB lists as vouched-for sender
tflags RCVD_IN_IADB_VOUCHED net nice
# ---------------------------------------------------------------------------
# Return Path Certified:
# http://www.returnpath.net/internetserviceprovider/certification/
# (replaces RCVD_IN_BSP_TRUSTED, RCVD_IN_BSP_OTHER, RCVD_IN_SSC_TRUSTED_COI)
header RCVD_IN_RP_CERTIFIED eval:check_rbl_txt('ssc-firsttrusted', 'sa-trusted.bondedsender.org.')
describe RCVD_IN_RP_CERTIFIED Sender in ReturnPath Certified - Contact cert-sa@returnpath.net
tflags RCVD_IN_RP_CERTIFIED net nice
# Return Path Safe:
# http://www.returnpath.net/internetserviceprovider/certification/
# (replaces HABEAS_ACCREDITED_COI, HABEAS_ACCREDITED_SOI, HABEAS_CHECKED)
header RCVD_IN_RP_SAFE eval:check_rbl_txt('ssc-firsttrusted','sa-accredit.habeas.com.')
describe RCVD_IN_RP_SAFE Sender in ReturnPath Safe - Contact safe-sa@returnpath.net
tflags RCVD_IN_RP_SAFE net nice
# Return Path Reputation Network Blacklist (RNBL):
# https://senderscore.org/blacklistlookup/
header RCVD_IN_RP_RNBL eval:check_rbl('rnbl-lastexternal','bl.score.senderscore.com.')
describe RCVD_IN_RP_RNBL Relay in RNBL, https://senderscore.org/blacklistlookup/
tflags RCVD_IN_RP_RNBL net
endif
ifplugin Mail::SpamAssassin::Plugin::AskDNS
askdns DKIMDOMAIN_IN_DWL _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT /^([a-z]+ )*(transaction|list|all)( [a-z]+)*$/
tflags DKIMDOMAIN_IN_DWL net nice
describe DKIMDOMAIN_IN_DWL Signing domain listed in Spamhaus DWL
askdns __DKIMDOMAIN_IN_DWL_ANY _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT
tflags __DKIMDOMAIN_IN_DWL_ANY net nice
describe __DKIMDOMAIN_IN_DWL_ANY Any TXT response received from a Spamhaus DWL
meta DKIMDOMAIN_IN_DWL_UNKNOWN __DKIMDOMAIN_IN_DWL_ANY && !DKIMDOMAIN_IN_DWL
tflags DKIMDOMAIN_IN_DWL_UNKNOWN net nice
describe DKIMDOMAIN_IN_DWL_UNKNOWN Unrecognized response from Spamhaus DWL
endif
|