Konfiguracja SpamAssassin.
Jeżeli masz ochotę wykorzystać SpamAssassin z tym RBL, to zrób tak:Po pierwsze sprawdź plik: /etc/mail/spamassassin/init.pre
Sprawdź, czy włączony jest plugin odpowiedzialny za odpytywanie nazw domenowych, powinna w nim znajdować się niezakomentowana linią (bez # na początku):
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
Następnie dodaj podaną niżej definicję dla SpamAssassin, w pliku konfiguracyjnym o nazwie: /etc/mail/spamassassin/local.cf.
Inny sposób to zrobienie sobie kopii swojego local.cf i wklejenie poniższych regułek. Po wykonaniu zmian należy zrestartować proces spamassassin (spamd),
lub np. znaleźc numer jego procesu (PID) i przeładować mu konfigurację kill -HUP spamd-PID.
Wysokość punktacji w przypadku listowania na rbl.polspam.pl jest oczywiście indywidualna.
clear_headers version_tag 2020051201 rewrite_header Subject [SPAM (_SCORE_)] required_score 5.001 allow_user_rules 1 report_safe 0 add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ autolearn=_AUTOLEARN_ add_header all Level _STARS(*)_ add_header all Rbl _RBL_ add_header all Bayes Score: _BAYES_ [New Spammy Hammy]: [ _BAYESTC_ _BAYESTCSPAMMY_ _BAYESTCHAMMY_ ] add_header all Dcc Brand: _DCCB_ Results: _DCCR_ add_header all Relay-Country _RELAYCOUNTRY_ add_header all Languages _LANGUAGES_ add_header ham Tests _TESTSSCORES(,)_ add_header spam Report _REPORT_ lock_method flock ############### RBL.POLSPAM.PL #################################################################### #czarne nazwy domenowe ###################### ifplugin Mail::SpamAssassin::Plugin::URIDNSBL urirhssub BL_POLSPAM_RHSBL_PL rhsbl.rbl.polspam.pl. A 127.1.1.1 body BL_POLSPAM_RHSBL_PL eval:check_uridnsbl('BL_POLSPAM_RHSBL_PL') describe BL_POLSPAM_RHSBL_PL Listed on rhsbl.rbl.polspam.pl tflags BL_POLSPAM_RHSBL_PL net autolearn autolearn_force domains_only score BL_POLSPAM_RHSBL_PL 9.222 urirhssub BL_POLSPAM_RHSBH_PL rhsbl-h.rbl.polspam.pl. A 127.0.0.2 body BL_POLSPAM_RHSBH_PL eval:check_uridnsbl('BL_POLSPAM_RHSBH_PL') describe BL_POLSPAM_RHSBH_PL Listed on rhsbl-h.rbl.polspam.pl tflags BL_POLSPAM_RHSBH_PL net learn autolearn_force domains_only score BL_POLSPAM_RHSBH_PL 2.222 urirhssub BL_POLSPAM_RHSBV_PL rhsbl-v.rbl.polspam.pl. A 127.0.0.3 body BL_POLSPAM_RHSBV_PL eval:check_uridnsbl('BL_POLSPAM_RHSBV_PL') describe BL_POLSPAM_RHSBV_PL Listed on rhsbl-v.rbl.polspam.pl tflags BL_POLSPAM_RHSBV_PL net domains_only score BL_POLSPAM_RHSBV_PL 0.001 urirhssub BL_POLSPAM_RHSBD_PL rhsbl-danger.rbl.polspam.pl. A 127.0.0.5 body BL_POLSPAM_RHSBD_PL eval:check_uridnsbl('BL_POLSPAM_RHSBD_PL') describe BL_POLSPAM_RHSBD_PL !!! Warning !!! These are very danger domain! tflags BL_POLSPAM_RHSBD_PL net learn autolearn_force domains_only score BL_POLSPAM_RHSBD_PL 9999.999 endif #czarne lista IP header BL_0_POLSPAM_PL eval:check_rbl('127.0.2.0', 'bl.rbl.polspam.pl.') describe BL_0_POLSPAM_PL Listed on bl.rbl.polspam.pl tflags BL_0_POLSPAM_PL net learn autolearn_force score BL_0_POLSPAM_PL 4.937 header BL_1_POLSPAM_PL eval:check_rbl('127.0.2.1', 'bl-h1.rbl.polspam.pl.') describe BL_1_POLSPAM_PL Listed on bl-h1.rbl.polspam.pl tflags BL_1_POLSPAM_PL net learn score BL_1_POLSPAM_PL 3.917 header BL_2_POLSPAM_PL eval:check_rbl('127.0.2.2', 'bl-h2.rbl.polspam.pl.') describe BL_2_POLSPAM_PL Listed on bl-h2.rbl.polspam.pl tflags BL_2_POLSPAM_PL net learn score BL_2_POLSPAM_PL 2.918 header BL_3_POLSPAM_PL eval:check_rbl('127.0.2.3', 'bl-h3.rbl.polspam.pl.') describe BL_3_POLSPAM_PL Listed on bl-h3.rbl.polspam.pl tflags BL_3_POLSPAM_PL net score BL_3_POLSPAM_PL 1.919 header BL_4_POLSPAM_PL eval:check_rbl('127.0.2.4', 'bl-h4.rbl.polspam.pl.') describe BL_4_POLSPAM_PL Listed on bl-h4.rbl.polspam.pl tflags BL_1_POLSPAM_PL net score BL_4_POLSPAM_PL 0.919 header BL_6_POLSPAM_PL eval:check_rbl('127.0.2.6', 'bl6.rbl.polspam.pl.') describe BL_6_POLSPAM_PL Listed on bl6.rbl.polspam.pl tflags BL_6_POLSPAM_PL net learn autolearn_force score BL_6_POLSPAM_PL 4.937 #Podniesienie punktacji za istnienie na kilku listach polspam: meta BL_POLSPAM_DBL1 BL_POLSPAM_RHSBL_PL && (BL_0_POLSPAM_PL | BL_6_POLSPAM_PL) describe BL_POLSPAM_DBL1 Podwójne listowanie na rbl.polspam.pl <1> score BL_POLSPAM_DBL1 10.001 meta BL_POLSPAM_DBL2 BL_POLSPAM_RHSBL_PL && (BL_1_POLSPAM_PL | BL_2_POLSPAM_PL | BL_3_POLSPAM_PL | BL_6_POLSPAM_PL) describe BL_POLSPAM_DBL2 Podwójne listowanie na rbl.polspam.pl <2> score BL_POLSPAM_DBL2 3.002 meta BL_POLSPAM_DBL3 BL_POLSPAM_RHSBH_PL && (BL_0_POLSPAM_PL | BL_1_POLSPAM_PL | BL_2_POLSPAM_PL | BL_3_POLSPAM_PL | BL_6_POLSPAM_PL) describe BL_POLSPAM_DBL3 Podwójne listowanie na rbl.polspam.pl <3> score BL_POLSPAM_DBL3 1.234 ################################################################################################## #możliwość dobrania punktacji wg kraju IP nadawcy: #countries blocking # header BL_POLSPAM_C_4_AF eval:check_rbl('127.0.4.4', 'af-4.country.polspam.pl.') describe BL_POLSPAM_C_4_AF Ip4 Afghanistan location score BL_POLSPAM_C_4_AF 2.899 header BL_POLSPAM_C_6_AF eval:check_rbl('127.0.4.6', 'af-6.country.polspam.pl.') describe BL_POLSPAM_C_6_AF Ip6 Afghanistan location score BL_POLSPAM_C_6_AF 2.899 # header BL_POLSPAM_C_4_AO eval:check_rbl('127.0.4.4', 'ao-4.country.polspam.pl.') describe BL_POLSPAM_C_4_AO Ip4 Angola location score BL_POLSPAM_C_4_AO 2.899 header BL_POLSPAM_C_6_AO eval:check_rbl('127.0.4.6', 'ao-6.country.polspam.pl.') describe BL_POLSPAM_C_6_AO Ip6 Angola location score BL_POLSPAM_C_6_AO 2.899 # header BL_POLSPAM_C_4_BD eval:check_rbl('127.0.4.4', 'bd-4.country.polspam.pl.') describe BL_POLSPAM_C_4_BD Ip4 Bangladesh location score BL_POLSPAM_C_4_BD 2.899 header BL_POLSPAM_C_6_BD eval:check_rbl('127.0.4.6', 'bd-6.country.polspam.pl.') describe BL_POLSPAM_C_6_BD Ip6 Bangladesh location score BL_POLSPAM_C_6_BD 2.899 # header BL_POLSPAM_C_4_BW eval:check_rbl('127.0.4.4', 'bw-4.country.polspam.pl.') describe BL_POLSPAM_C_4_BW Ip4 Botswana location score BL_POLSPAM_C_4_BW 2.899 header BL_POLSPAM_C_6_BW eval:check_rbl('127.0.4.6', 'bw-6.country.polspam.pl.') describe BL_POLSPAM_C_6_BW Ip6 Botswana location score BL_POLSPAM_C_6_BW 2.899 # header BL_POLSPAM_C_4_CN eval:check_rbl('127.0.4.4', 'cn-4.country.polspam.pl.') describe BL_POLSPAM_C_4_CN Ip4 China location score BL_POLSPAM_C_4_CN 2.899 header BL_POLSPAM_C_6_CN eval:check_rbl('127.0.4.6', 'cn-6.country.polspam.pl.') describe BL_POLSPAM_C_6_CN Ip6 China location score BL_POLSPAM_C_6_CN 2.899 # header BL_POLSPAM_C_4_HK eval:check_rbl('127.0.4.4', 'hk-4.country.polspam.pl.') describe BL_POLSPAM_C_4_HK Ip4 Hong Kong location score BL_POLSPAM_C_4_HK 2.899 header BL_POLSPAM_C_6_HK eval:check_rbl('127.0.4.6', 'hk-6.country.polspam.pl.') describe BL_POLSPAM_C_6_HK Ip6 Hong Kong location score BL_POLSPAM_C_6_HK 2.899 # header BL_POLSPAM_C_4_KR eval:check_rbl('127.0.4.4', 'kr-4.country.polspam.pl.') describe BL_POLSPAM_C_4_KR Ip4 S.Korea location score BL_POLSPAM_C_4_KR 2.899 header BL_POLSPAM_C_6_KR eval:check_rbl('127.0.4.6', 'kr-6.country.polspam.pl.') describe BL_POLSPAM_C_6_KR Ip6 S.Korea location score BL_POLSPAM_C_6_KR 2.899 # header BL_POLSPAM_C_4_MM eval:check_rbl('127.0.4.4', 'mm-4.country.polspam.pl.') describe BL_POLSPAM_C_4_MM Ip4 Myanmar location score BL_POLSPAM_C_4_MM 2.899 header BL_POLSPAM_C_6_MM eval:check_rbl('127.0.4.6', 'mm-6.country.polspam.pl.') describe BL_POLSPAM_C_6_MM Ip6 Myanmar location score BL_POLSPAM_C_6_MM 2.899 # header BL_POLSPAM_C_4_RU eval:check_rbl('127.0.4.4', 'ru-4.country.polspam.pl.') describe BL_POLSPAM_C_4_RU Ip4 Russian Federation location score BL_POLSPAM_C_4_RU 2.555 header BL_POLSPAM_C_6_RU eval:check_rbl('127.0.4.6', 'ru-6.country.polspam.pl.') describe BL_POLSPAM_C_6_RU Ip6 Russian Federation location score BL_POLSPAM_C_6_RU 2.555 # header BL_POLSPAM_C_4_RW eval:check_rbl('127.0.4.4', 'rw-4.country.polspam.pl.') describe BL_POLSPAM_C_4_RW Ip4 Rwanda location score BL_POLSPAM_C_4_RW 4.555 header BL_POLSPAM_C_6_RW eval:check_rbl('127.0.4.6', 'rw-6.country.polspam.pl.') describe BL_POLSPAM_C_6_RW Ip6 Rwanda location score BL_POLSPAM_C_6_RW 4.555 # header BL_POLSPAM_C_4_TD eval:check_rbl('127.0.4.4', 'td-4.country.polspam.pl.') describe BL_POLSPAM_C_4_TD Ip4 Chad location score BL_POLSPAM_C_4_TD 2.899 header BL_POLSPAM_C_6_TD eval:check_rbl('127.0.4.6', 'td-6.country.polspam.pl.') describe BL_POLSPAM_C_6_TD Ip6 Chad location score BL_POLSPAM_C_6_TD 2.899 # header BL_POLSPAM_C_4_TR eval:check_rbl('127.0.4.4', 'tr-4.country.polspam.pl.') describe BL_POLSPAM_C_4_TR Ip4 Turkey location score BL_POLSPAM_C_4_TR 1.001 header BL_POLSPAM_C_6_TR eval:check_rbl('127.0.4.6', 'tr-6.country.polspam.pl.') describe BL_POLSPAM_C_6_TR Ip6 Turkey location score BL_POLSPAM_C_6_TR 1.001 # header BL_POLSPAM_C_4_UG eval:check_rbl('127.0.4.4', 'ug-4.country.polspam.pl.') describe BL_POLSPAM_C_4_UG Ip4 Uganda location score BL_POLSPAM_C_4_UG 4.999 header BL_POLSPAM_C_6_UG eval:check_rbl('127.0.4.6', 'ug-6.country.polspam.pl.') describe BL_POLSPAM_C_6_UG Ip6 Uganda location score BL_POLSPAM_C_6_UG 4.999 # header BL_POLSPAM_C_4_US eval:check_rbl('127.0.4.4', 'us-4.country.polspam.pl.') describe BL_POLSPAM_C_4_US Ip4 Usa location score BL_POLSPAM_C_4_US 0.999 header BL_POLSPAM_C_6_US eval:check_rbl('127.0.4.6', 'us-6.country.polspam.pl.') describe BL_POLSPAM_C_6_US Ip6 Usa location score BL_POLSPAM_C_6_US 0.999 # header BL_POLSPAM_C_4_ZA eval:check_rbl('127.0.4.4', 'za-4.country.polspam.pl.') describe BL_POLSPAM_C_4_ZA Ip4 S.Africa location score BL_POLSPAM_C_4_ZA 2.899 header BL_POLSPAM_C_6_ZA eval:check_rbl('127.0.4.6', 'za-6.country.polspam.pl.') describe BL_POLSPAM_C_6_ZA Ip6 S.Africa location score BL_POLSPAM_C_6_ZA 2.899 ################################################################################################## #### BIALA lista IPv4 ####### header WHITE4_POLSPAM_PL eval:check_rbl('127.127.127.4', 'ip4.white.polspam.pl.') describe WHITE4_POLSPAM_PL WhiteListed on ips4.white.polspam.pl tflags WHITE4_POLSPAM_PL net nice score WHITE4_POLSPAM_PL -999.99 #### BIALA lista IPv6 ####### header WHITE6_POLSPAM_PL eval:check_rbl('127.127.127.6', 'ip6.white.polspam.pl.') describe WHITE6_POLSPAM_PL WhiteListed on ips6.white.polspam.pl tflags WHITE6_POLSPAM_PL net nice score WHITE6_POLSPAM_PL -999.99 ############### RBL.POLSPAM.PL KONIEC ########################################################## ################################################################################################ ############### Pozostałe regułki, które pomogą powalczyć ze SPAM ############################## # Niektóre plugin należy zaktywować w odpowiednich plikach .pre lub tutaj jako: # loadplugin Mail::Spamassassin::Plugin::NAZWA_PLUGIN ifplugin Mail::SpamAssassin::Plugin::DKIM parse_dkim_uris 1 endif ################################################################################################ ifplugin Mail::SpamAssassin::Plugin::Bayes use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_min_ham_num 500 bayes_min_spam_num 500 endif ifplugin Mail::SpamAssassin::Plugin::RelayCountry header RELAYCOUNTRY_OK X-Relay-Countries=~ /(PL|EN|EU)/ describe RELAYCOUNTRY_OK Friendly country score RELAYCOUNTRY_OK -0.512 header RELAYCOUNTRY_SUSC X-Relay-Countries=~ /(AF|AI|AQ|BR|CD|CF|CG|CM|CN|HK|IN|IR|KR|MZ|PK|SN|SO|RU|SU|TD|UA|VN|YE|ZM|ZW)/ describe RELAYCOUNTRY_SUSC Oh, country suspicious score RELAYCOUNTRY_SUSC 0.732 endif ifplugin Mail::SpamAssassin::Plugin::DKIM parse_dkim_uris 1 dkim_timeout 5 score DKIM_ADSP_ALL 3.000 score DKIM_ADSP_CUSTOM_MED 9.456 score DKIM_ADSP_DISCARD 9.000 score DKIM_ADSP_NXDOMAIN 3.000 score DKIM_INVALID 0.999 score DKIM_INVALID_DKIM 3.117 score DKIM_SIGNED 2.002 score DKIM_VALID -1.001 score T_DKIM_INVALID 9.013 score DKIM_VALID_AU -1.001 score DKIM_VERIFIED -1.001 score DKIM_POLICY_TESTING -1.001 ifplugin Mail::SpamAssassin::Plugin::AskDNS askdns __DMARC_POLICY_N _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=none;/ askdns __DMARC_POLICY_Q _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=quarantine;/ askdns __DMARC_POLICY_R _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=reject;/ ifplugin Mail::SpamAssassin::Plugin::SPF spf_timeout 5 do_not_use_mail_spf 0 do_not_use_mail_spf_query 0 ignore_received_spf_header 1 use_newest_received_spf_header 1 meta BL_POLSPAM_DMARC_R !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_R describe BL_POLSPAM_DMARC_R Hmm, DKIM,SPF: REJECT this e-mail? score BL_POLSPAM_DMARC_R 3.001 meta BL_POLSPAM_DMARC_Q !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_Q describe BL_POLSPAM_DMARC_Q Hmm, DKIM,SPF: QUARANTINE? score BL_POLSPAM_DMARC_Q 1.001 meta BL_POLSPAM_DMARC_N !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_N describe BL_POLSPAM_DMARC_N Hmm, DKIM,SPF: policy NONE. score BL_POLSPAM_DMARC_N 0.951 endif endif endif ################################################################################################ # Inne przykładowe regułki: header BL_POLSPAM_ICU From=~ /(\.icu)>$/i describe BL_POLSPAM_ICU Sender domain .icu score BL_POLSPAM_ICU 3.874 header __POLSPAM_SHIT_DMN1 From=~ /(\.net\.ae|\.net\.id|\.ro|\.ru|\.co\.jp|\.co\.ke|\.AC\.ZA|\.co\.in|\.com\.vn|\.vn|\.cc|\.cu\.ua|\.com\.br|\.gr|\.hr|\.dk|\.win|\.bid|\.tw|\.br|\.pk|\.top|\.club|\.date|\.stream|\.xyz|\.us|\.rocks|\.shop)>$/i header __POLSPAM_SHIT_DMN2 From=~ /\.(win|bid|top|club|date|stream|xyz|icu|us|rocks|shop)\/.*/i header __POLSPAM_SHIT_DMN3 Received=~ /(\.net\.ae|\.net\.id|\.ro|\.ru|\.co\.jp|\.co\.ke|\.AC\.ZA|\.co\.in|\.com\.vn|\.vn|\.cc|\.cu\.ua|\.com\.br|\.gr|\.hr|\.dk|\.win|\.bid|\.tw|\.br|\.pk|\.top|\.club|\.date|\.stream|\.xyz|\.us|\.rocks|\.shop)>$/i header __POLSPAM_SHIT_DMN4 Received=~ /\.(win|bid|top|club|date|stream|xyz|icu|us|rocks|shop)\/.*/i meta BL_POLSPAM_SHIT_DMN __POLSPAM_SHIT_DMN1 || __POLSPAM_SHIT_DMN3 || __POLSPAM_SHIT_DMN2 || __POLSPAM_SHIT_DMN4 describe BL_POLSPAM_SHIT_DMN Oh!, funny domain name score BL_POLSPAM_SHIT_DMN 1.234 header __POLSPAM_R_021 Subject=~/(spr.buj|zar.b|szansa|godne|bonus|free|darmo|sprzeda.|lead|zadbaj|odpowiedzialn.)/i header __POLSPAM_R_022 Subject=~/(wygrywa|przetarg|inwestuj|inwestycja|finans.|zarz.d)/i header __POLSPAM_R_023 Subject=~/(wychodzenia z domu|got.wk.|sprawd.|oferta)/i meta BL_POLSPAM_FIN __POLSPAM_R_021 || __POLSPAM_R_022 || __POLSPAM_R_023 describe BL_POLSPAM_FIN financial offer? score BL_POLSPAM_FIN 2.645 header __POLSPAM_R_024 Subject=~/(maska|maseczka|mask|przy.bic.|preparat|dozownik)/i header __POLSPAM_R_025 Subject=~/(pandemi.|epidemi.|dezynfekcj.|ochronn.|biob.jcz.)/i header __POLSPAM_R_026 Subject=~/(covid|.orona.irus)/i rawbody __POLSPAM_R_027 /maska|maseczka|mask|pandemi.|epidemi.|covid|.orona.irus/i meta BL_POLSPAM_R052 __POLSPAM_R_024 || __POLSPAM_R_025 || __POLSPAM_R_026 || __POLSPAM_R_027 describe BL_POLSPAM_R052 Oh!, covid :( score BL_POLSPAM_R052 1.111 meta BL_POLSPAM_R053 __POLSPAM_R_024 && (__POLSPAM_R_025 || __POLSPAM_R_027) describe BL_POLSPAM_R053 Oh!, covid :( score BL_POLSPAM_R053 2.789 meta BL_POLSPAM_R054 __POLSPAM_R_024 && __POLSPAM_R_025 && __POLSPAM_R_026 describe BL_POLSPAM_R054 Oh!, covid :( score BL_POLSPAM_R054 3.789 ################################################################################################Uwaga na końcową kropkę w linii definiującej odpytanie RHSBL: rhsbl.rbl.polspam.pl.
Przykładowe banowanie (lub wybielanie - w zależności od zadanej punktacji) ze względu na ASN nadawcy:
# ifplugin Mail::SpamAssassin::Plugin::ASN asn_lookup asn.routeviews.org _ASN_ _ASNCIDR_ asn_lookup_ipv6 origin6.asn.cymru.com _ASN_ _ASNCIDR_ asn_prefix "ASN" add_header all ASN _ASN_ _ASNCIDR_ # header ASN_POLSPAM_CHECK X-ASN=~ /(24961|11377)/i score ASN_POLSPAM_CHECK 3.444 describe ASN_POLSPAM_CHECK Message from mostly spam ASN endif #