SpamAssassin configuration.
If You plannig the SpamAssassin use with our, then do:
First check file: /etc/mail/spamassassin/init.pre
Check if domain recognition is enabled:
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
Then define the rules for this RBL in the configuration file (/etc/mail/spamassassin/local.cf).
you must restart spamassassin after the changes
The spam score given here is of course exemplary and can be determined individually.
clear_headers
version_tag 2020051201
rewrite_header Subject [SPAM (_SCORE_)]
required_score 5.001
allow_user_rules 1
report_safe 0
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ autolearn=_AUTOLEARN_
add_header all Level _STARS(*)_
add_header all Rbl _RBL_
add_header all Bayes Score: _BAYES_ [New Spammy Hammy]: [ _BAYESTC_ _BAYESTCSPAMMY_ _BAYESTCHAMMY_ ]
add_header all Dcc Brand: _DCCB_ Results: _DCCR_
add_header all Relay-Country _RELAYCOUNTRY_
add_header all Languages _LANGUAGES_
add_header ham Tests _TESTSSCORES(,)_
add_header spam Report _REPORT_
lock_method flock
############### RBL.POLSPAM.PL ####################################################################
#black domain's
###################
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
urirhssub BL_POLSPAM_RHSBL_PL rhsbl.rbl.polspam.pl. A 127.1.1.1
body BL_POLSPAM_RHSBL_PL eval:check_uridnsbl('BL_POLSPAM_RHSBL_PL')
describe BL_POLSPAM_RHSBL_PL Listed on rhsbl.rbl.polspam.pl
tflags BL_POLSPAM_RHSBL_PL net autolearn autolearn_force domains_only
score BL_POLSPAM_RHSBL_PL 9.222
urirhssub BL_POLSPAM_RHSBH_PL rhsbl-h.rbl.polspam.pl. A 127.0.0.2
body BL_POLSPAM_RHSBH_PL eval:check_uridnsbl('BL_POLSPAM_RHSBH_PL')
describe BL_POLSPAM_RHSBH_PL Listed on rhsbl-h.rbl.polspam.pl
tflags BL_POLSPAM_RHSBH_PL net learn autolearn_force domains_only
score BL_POLSPAM_RHSBH_PL 2.222
urirhssub BL_POLSPAM_RHSBV_PL rhsbl-v.rbl.polspam.pl. A 127.0.0.3
body BL_POLSPAM_RHSBV_PL eval:check_uridnsbl('BL_POLSPAM_RHSBV_PL')
describe BL_POLSPAM_RHSBV_PL Listed on rhsbl-v.rbl.polspam.pl
tflags BL_POLSPAM_RHSBV_PL net domains_only
score BL_POLSPAM_RHSBV_PL 0.001
urirhssub BL_POLSPAM_RHSBD_PL rhsbl-danger.rbl.polspam.pl. A 127.0.0.5
body BL_POLSPAM_RHSBD_PL eval:check_uridnsbl('BL_POLSPAM_RHSBD_PL')
describe BL_POLSPAM_RHSBD_PL !!! Warning !!! These are very danger domain!
tflags BL_POLSPAM_RHSBD_PL net learn autolearn_force domains_only
score BL_POLSPAM_RHSBD_PL 9999.999
endif
#black IP adresses lists
header BL_0_POLSPAM_PL eval:check_rbl('127.0.2.0', 'bl.rbl.polspam.pl.')
describe BL_0_POLSPAM_PL Listed on bl.rbl.polspam.pl
score BL_0_POLSPAM_PL 4.937
header BL_1_POLSPAM_PL eval:check_rbl('127.0.2.1', 'bl-h1.rbl.polspam.pl.')
describe BL_1_POLSPAM_PL Listed on bl-h1.rbl.polspam.pl
score BL_1_POLSPAM_PL 3.917
header BL_2_POLSPAM_PL eval:check_rbl('127.0.2.2', 'bl-h2.rbl.polspam.pl.')
describe BL_2_POLSPAM_PL Listed on bl-h2.rbl.polspam.pl
score BL_2_POLSPAM_PL 2.918
header BL_3_POLSPAM_PL eval:check_rbl('127.0.2.3', 'bl-h3.rbl.polspam.pl.')
describe BL_3_POLSPAM_PL Listed on bl-h3.rbl.polspam.pl
score BL_3_POLSPAM_PL 1.919
header BL_4_POLSPAM_PL eval:check_rbl('127.0.2.4', 'bl-h4.rbl.polspam.pl.')
describe BL_4_POLSPAM_PL Listed on bl-h4.rbl.polspam.pl
score BL_4_POLSPAM_PL 0.919
header BL_6_POLSPAM_PL eval:check_rbl('127.0.2.6', 'bl6.rbl.polspam.pl.')
describe BL_6_POLSPAM_PL Listed on bl6.rbl.polspam.pl
score BL_6_POLSPAM_PL 4.937
##################################################################################################
#check the sender's country
#countries blocking
#
header BL_POLSPAM_C_4_AF eval:check_rbl('127.0.4.4', 'af-4.country.polspam.pl.')
describe BL_POLSPAM_C_4_AF Ip4 Afghanistan location
score BL_POLSPAM_C_4_AF 2.899
header BL_POLSPAM_C_6_AF eval:check_rbl('127.0.4.6', 'af-6.country.polspam.pl.')
describe BL_POLSPAM_C_6_AF Ip6 Afghanistan location
score BL_POLSPAM_C_6_AF 2.899
#
header BL_POLSPAM_C_4_AO eval:check_rbl('127.0.4.4', 'ao-4.country.polspam.pl.')
describe BL_POLSPAM_C_4_AO Ip4 Angola location
score BL_POLSPAM_C_4_AO 2.899
header BL_POLSPAM_C_6_AO eval:check_rbl('127.0.4.6', 'ao-6.country.polspam.pl.')
describe BL_POLSPAM_C_6_AO Ip6 Angola location
score BL_POLSPAM_C_6_AO 2.899
#
header BL_POLSPAM_C_4_BD eval:check_rbl('127.0.4.4', 'bd-4.country.polspam.pl.')
describe BL_POLSPAM_C_4_BD Ip4 Bangladesh location
score BL_POLSPAM_C_4_BD 2.899
header BL_POLSPAM_C_6_BD eval:check_rbl('127.0.4.6', 'bd-6.country.polspam.pl.')
describe BL_POLSPAM_C_6_BD Ip6 Bangladesh location
score BL_POLSPAM_C_6_BD 2.899
#
header BL_POLSPAM_C_4_BW eval:check_rbl('127.0.4.4', 'bw-4.country.polspam.pl.')
describe BL_POLSPAM_C_4_BW Ip4 Botswana location
score BL_POLSPAM_C_4_BW 2.899
header BL_POLSPAM_C_6_BW eval:check_rbl('127.0.4.6', 'bw-6.country.polspam.pl.')
describe BL_POLSPAM_C_6_BW Ip6 Botswana location
score BL_POLSPAM_C_6_BW 2.899
#
header BL_POLSPAM_C_4_CN eval:check_rbl('127.0.4.4', 'cn-4.country.polspam.pl.')
describe BL_POLSPAM_C_4_CN Ip4 China location
score BL_POLSPAM_C_4_CN 2.899
header BL_POLSPAM_C_6_CN eval:check_rbl('127.0.4.6', 'cn-6.country.polspam.pl.')
describe BL_POLSPAM_C_6_CN Ip6 China location
score BL_POLSPAM_C_6_CN 2.899
#
header BL_POLSPAM_C_4_HK eval:check_rbl('127.0.4.4', 'hk-4.country.polspam.pl.')
describe BL_POLSPAM_C_4_HK Ip4 Hong Kong location
score BL_POLSPAM_C_4_HK 2.899
header BL_POLSPAM_C_6_HK eval:check_rbl('127.0.4.6', 'hk-6.country.polspam.pl.')
describe BL_POLSPAM_C_6_HK Ip6 Hong Kong location
score BL_POLSPAM_C_6_HK 2.899
#
header BL_POLSPAM_C_4_KR eval:check_rbl('127.0.4.4', 'kr-4.country.polspam.pl.')
describe BL_POLSPAM_C_4_KR Ip4 S.Korea location
score BL_POLSPAM_C_4_KR 2.899
header BL_POLSPAM_C_6_KR eval:check_rbl('127.0.4.6', 'kr-6.country.polspam.pl.')
describe BL_POLSPAM_C_6_KR Ip6 S.Korea location
score BL_POLSPAM_C_6_KR 2.899
#
header BL_POLSPAM_C_4_MM eval:check_rbl('127.0.4.4', 'mm-4.country.polspam.pl.')
describe BL_POLSPAM_C_4_MM Ip4 Myanmar location
score BL_POLSPAM_C_4_MM 2.899
header BL_POLSPAM_C_6_MM eval:check_rbl('127.0.4.6', 'mm-6.country.polspam.pl.')
describe BL_POLSPAM_C_6_MM Ip6 Myanmar location
score BL_POLSPAM_C_6_MM 2.899
#
header BL_POLSPAM_C_4_RU eval:check_rbl('127.0.4.4', 'ru-4.country.polspam.pl.')
describe BL_POLSPAM_C_4_RU Ip4 Russian Federation location
score BL_POLSPAM_C_4_RU 2.555
header BL_POLSPAM_C_6_RU eval:check_rbl('127.0.4.6', 'ru-6.country.polspam.pl.')
describe BL_POLSPAM_C_6_RU Ip6 Russian Federation location
score BL_POLSPAM_C_6_RU 2.555
#
header BL_POLSPAM_C_4_RW eval:check_rbl('127.0.4.4', 'rw-4.country.polspam.pl.')
describe BL_POLSPAM_C_4_RW Ip4 Rwanda location
score BL_POLSPAM_C_4_RW 4.555
header BL_POLSPAM_C_6_RW eval:check_rbl('127.0.4.6', 'rw-6.country.polspam.pl.')
describe BL_POLSPAM_C_6_RW Ip6 Rwanda location
score BL_POLSPAM_C_6_RW 4.555
#
header BL_POLSPAM_C_4_TD eval:check_rbl('127.0.4.4', 'td-4.country.polspam.pl.')
describe BL_POLSPAM_C_4_TD Ip4 Chad location
score BL_POLSPAM_C_4_TD 2.899
header BL_POLSPAM_C_6_TD eval:check_rbl('127.0.4.6', 'td-6.country.polspam.pl.')
describe BL_POLSPAM_C_6_TD Ip6 Chad location
score BL_POLSPAM_C_6_TD 2.899
#
header BL_POLSPAM_C_4_TR eval:check_rbl('127.0.4.4', 'tr-4.country.polspam.pl.')
describe BL_POLSPAM_C_4_TR Ip4 Turkey location
score BL_POLSPAM_C_4_TR 1.001
header BL_POLSPAM_C_6_TR eval:check_rbl('127.0.4.6', 'tr-6.country.polspam.pl.')
describe BL_POLSPAM_C_6_TR Ip6 Turkey location
score BL_POLSPAM_C_6_TR 1.001
#
header BL_POLSPAM_C_4_UG eval:check_rbl('127.0.4.4', 'ug-4.country.polspam.pl.')
describe BL_POLSPAM_C_4_UG Ip4 Uganda location
score BL_POLSPAM_C_4_UG 4.999
header BL_POLSPAM_C_6_UG eval:check_rbl('127.0.4.6', 'ug-6.country.polspam.pl.')
describe BL_POLSPAM_C_6_UG Ip6 Uganda location
score BL_POLSPAM_C_6_UG 4.999
#
header BL_POLSPAM_C_4_US eval:check_rbl('127.0.4.4', 'us-4.country.polspam.pl.')
describe BL_POLSPAM_C_4_US Ip4 Usa location
score BL_POLSPAM_C_4_US 0.999
header BL_POLSPAM_C_6_US eval:check_rbl('127.0.4.6', 'us-6.country.polspam.pl.')
describe BL_POLSPAM_C_6_US Ip6 Usa location
score BL_POLSPAM_C_6_US 0.999
#
header BL_POLSPAM_C_4_ZA eval:check_rbl('127.0.4.4', 'za-4.country.polspam.pl.')
describe BL_POLSPAM_C_4_ZA Ip4 S.Africa location
score BL_POLSPAM_C_4_ZA 2.899
header BL_POLSPAM_C_6_ZA eval:check_rbl('127.0.4.6', 'za-6.country.polspam.pl.')
describe BL_POLSPAM_C_6_ZA Ip6 S.Africa location
score BL_POLSPAM_C_6_ZA 2.899
##################################################################################################
#### WHITE list IPv4 #######
header WHITE4_POLSPAM_PL eval:check_rbl('127.127.127.4', 'ip4.white.polspam.pl.')
describe WHITE4_POLSPAM_PL WhiteListed on ips4.white.polspam.pl
tflags WHITE4_POLSPAM_PL net nice
score WHITE4_POLSPAM_PL -99.99
#### WHITE list IPv6 #######
header WHITE6_POLSPAM_PL eval:check_rbl('127.127.127.6', 'ip6.white.polspam.pl.')
describe WHITE6_POLSPAM_PL WhiteListed on ips6.white.polspam.pl
tlags WHITE6_POLSPAM_PL net nice
score WHITE6_POLSPAM_PL -99.99
############### RBL.POLSPAM.PL KONIEC ##########################################################
################################################################################################
#other rules
# loadplugin Mail::SpamAssassin::Plugin::NAZWA_PLUGIN
ifplugin Mail::SpamAssassin::Plugin::DKIM
parse_dkim_uris 1
endif
################################################################################################
ifplugin Mail::SpamAssassin::Plugin::Bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
bayes_min_ham_num 500
bayes_min_spam_num 500
endif
ifplugin Mail::SpamAssassin::Plugin::RelayCountry
header RELAYCOUNTRY_OK X-Relay-Countries=~ /(PL|EN|EU)/
describe RELAYCOUNTRY_OK Friendly country
score RELAYCOUNTRY_OK -0.512
header RELAYCOUNTRY_SUSC X-Relay-Countries=~ /(AF|AI|AQ|BR|CD|CF|CG|CM|CN|HK|IN|IR|KR|MZ|PK|SN|SO|RU|SU|TD|UA|VN|YE|ZM|ZW)/
describe RELAYCOUNTRY_SUSC Oh, country suspicious
score RELAYCOUNTRY_SUSC 0.732
endif
ifplugin Mail::SpamAssassin::Plugin::DKIM
parse_dkim_uris 1
dkim_timeout 5
score DKIM_ADSP_ALL 3.000
score DKIM_ADSP_CUSTOM_MED 9.456
score DKIM_ADSP_DISCARD 9.000
score DKIM_ADSP_NXDOMAIN 3.000
score DKIM_INVALID 0.999
score DKIM_INVALID_DKIM 3.117
score DKIM_SIGNED 2.002
score DKIM_VALID -1.001
score T_DKIM_INVALID 9.013
score DKIM_VALID_AU -1.001
score DKIM_VERIFIED -1.001
score DKIM_POLICY_TESTING -1.001
ifplugin Mail::SpamAssassin::Plugin::AskDNS
askdns __DMARC_POLICY_N _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=none;/
askdns __DMARC_POLICY_Q _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=quarantine;/
askdns __DMARC_POLICY_R _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=reject;/
ifplugin Mail::SpamAssassin::Plugin::SPF
spf_timeout 5
do_not_use_mail_spf 0
do_not_use_mail_spf_query 0
ignore_received_spf_header 1
use_newest_received_spf_header 1
meta BL_POLSPAM_DMARC_R !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_R
describe BL_POLSPAM_DMARC_R Hmm, DKIM,SPF: REJECT this e-mail?
score BL_POLSPAM_DMARC_R 3.001
meta BL_POLSPAM_DMARC_Q !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_Q
describe BL_POLSPAM_DMARC_Q Hmm, DKIM,SPF: QUARANTINE?
score BL_POLSPAM_DMARC_Q 1.001
meta BL_POLSPAM_DMARC_N !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_N
describe BL_POLSPAM_DMARC_N Hmm, DKIM,SPF: policy NONE.
score BL_POLSPAM_DMARC_N 0.951
endif
endif
endif
################################################################################################
# Other, example rules:
header BL_POLSPAM_ICU From=~ /(\.icu)>$/i
describe BL_POLSPAM_ICU Sender domain .icu
score BL_POLSPAM_ICU 3.874
header __POLSPAM_SHIT_DMN1 From=~ /(\.net\.ae|\.net\.id|\.ro|\.ru|\.co\.jp|\.co\.ke|\.AC\.ZA|\.co\.in|\.com\.vn|\.vn|\.cc|\.cu\.ua|\.com\.br|\.gr|\.hr|\.dk|\.win|\.bid|\.tw|\.br|\.pk|\.top|\.club|\.date|\.stream|\.xyz|\.us|\.rocks|\.shop)>$/i
header __POLSPAM_SHIT_DMN2 From=~ /\.(win|bid|top|club|date|stream|xyz|icu|us|rocks|shop)\/.*/i
header __POLSPAM_SHIT_DMN3 Received=~ /(\.net\.ae|\.net\.id|\.ro|\.ru|\.co\.jp|\.co\.ke|\.AC\.ZA|\.co\.in|\.com\.vn|\.vn|\.cc|\.cu\.ua|\.com\.br|\.gr|\.hr|\.dk|\.win|\.bid|\.tw|\.br|\.pk|\.top|\.club|\.date|\.stream|\.xyz|\.us|\.rocks|\.shop)>$/i
header __POLSPAM_SHIT_DMN4 Received=~ /\.(win|bid|top|club|date|stream|xyz|icu|us|rocks|shop)\/.*/i
meta BL_POLSPAM_SHIT_DMN __POLSPAM_SHIT_DMN1 || __POLSPAM_SHIT_DMN3 || __POLSPAM_SHIT_DMN2 || __POLSPAM_SHIT_DMN4
describe BL_POLSPAM_SHIT_DMN Oh!, funny domain name
score BL_POLSPAM_SHIT_DMN 1.234
header __POLSPAM_R_021 Subject=~/(spr.buj|zar.b|szansa|godne|bonus|free|darmo|sprzeda.|lead|zadbaj|odpowiedzialn.)/i
header __POLSPAM_R_022 Subject=~/(wygrywa|przetarg|inwestuj|inwestycja|finans.|zarz.d)/i
header __POLSPAM_R_023 Subject=~/(wychodzenia z domu|got.wk.|sprawd.|oferta)/i
meta BL_POLSPAM_FIN __POLSPAM_R_021 || __POLSPAM_R_022 || __POLSPAM_R_023
describe BL_POLSPAM_FIN financial offer?
score BL_POLSPAM_FIN 2.645
header __POLSPAM_R_024 Subject=~/(maska|maseczka|mask|przy.bic.|preparat|dozownik)/i
header __POLSPAM_R_025 Subject=~/(pandemi.|epidemi.|dezynfekcj.|ochronn.|biob.jcz.)/i
header __POLSPAM_R_026 Subject=~/(covid|.orona.irus)/i
rawbody __POLSPAM_R_027 /maska|maseczka|mask|pandemi.|epidemi.|covid|.orona.irus/i
meta BL_POLSPAM_R052 __POLSPAM_R_024 || __POLSPAM_R_025 || __POLSPAM_R_026 || __POLSPAM_R_027
describe BL_POLSPAM_R052 Oh!, covid :(
score BL_POLSPAM_R052 1.111
meta BL_POLSPAM_R053 __POLSPAM_R_024 && (__POLSPAMR_025 || __POLSPAM_R_027)
describe BL_POLSPAM_R053 Oh!, covid :(
score BL_POLSPAM_R053 2.789
meta BL_POLSPAM_R054 __POLSPAM_R_024 && __POLSPAM_R_025 && __POLSPAM_R_026
describe BL_POLSPAM_R054 Oh!, covid :(
score BL_POLSPAM_R054 3.789
################################################################################################
Note the dot at the end of the line configuring the RHSBL reading: rhsbl.rbl.polspam.pl.
Sample ban or whitelist (depending on score):
#
ifplugin Mail::SpamAssassin::Plugin::ASN
asn_lookup asn.routeviews.org _ASN_ _ASNCIDR_
asn_lookup_ipv6 origin6.asn.cymru.com _ASN_ _ASNCIDR_
asn_prefix "ASN"
add_header all ASN _ASN_ _ASNCIDR_
#
header ASN_POLSPAM_CHECK X-ASN=~ /(24961|11377)/i
score ASN_POLSPAM_CHECK 3.444
describe ASN_POLSPAM_CHECK Message from mostly spam ASN
endif
#
Resources on Perl Regex Syntax:
https://perldoc.perl.org/perlretuthttps://perldoc.perl.org/perlrequick