Setting up URIBL Datafeed over DNS in SpamAssassin # ----------------------------- Download the uribl.cf file in /etc/mail/spamassassin $ cd /etc/mail/spamassassin && wget uribl.com/uribl.cf Replace the _CUSTID placeholder with the ID you were supplied $ sed -i.bak s/_CUSTID/_XXXXXXXX/g uribl.cf (optional) Edit uribl.cf adjust scores as needed and uncomment any rules you would like to test. # ----------------------------- If you use spamc/spamd, you would then need to restart the spamd daemon at this point. # /etc/init.d/spamd restart # ----------------------------- Now execute a test with the spamassassin binary to make sure its working. # echo -e "Subject: test\n\nhttp://uribl.asia\n\n" | spamassassin -D 2>&1 | grep URIBL_BLACK Sep 12 22:36:42.726 [5560] dbg: dns: URIBL_BLACK lookup start Sep 12 22:36:42.978 [5560] dbg: uridnsbl: domain "uribl.asia" listed (URIBL_BLACK): 127.0.0.2 Sep 12 22:36:42.978 [5560] dbg: dns: URIBL_BLACK lookup finished Sep 12 22:36:43.046 [5560] dbg: check: tests=MISSING_DATE,MISSING_FROM,MISSING_HEADERS,MISSING_MID,NO_HEADERS_MESSAGE,NO_RECEIVED,NO_RELAYS,TVD_SPACE_RATIO,URIBL_BLACK TVD_SPACE_RATIO,URIBL_BLACK autolearn=no version=3.3.2 * 3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist # ----------------------------- Verify that .LINK TLDs can be caught # echo -e "Subject: test\n\nhttp://uribl.link\n\n" | spamassassin Dec 9 17:39:40.507 [26072] dbg: dns: URIBL_GOLD lookup start Dec 9 17:39:40.517 [26072] dbg: uridnsbl: domain "uribl.link" listed (URIBL_GOLD): 127.0.0.16 Dec 9 17:39:40.517 [26072] dbg: dns: URIBL_GOLD lookup finished Dec 9 17:39:40.837 [26072] dbg: check: tests=MISSING_DATE,MISSING_FROM,MISSING_HEADERS,MISSING_MID,NO_HEADERS_MESSAGE,NO_RECEIVED,NO_RELAYS,TVD_SPACE_RATIO,URIBL_GOLD TVD_SPACE_RATIO,URIBL_GOLD autolearn=no autolearn_force=no version=3.4.0 * 3.0 URIBL_GOLD Contains an URL listed in the URIBL goldlist If this does not hit, you need to upgrade your RegistrarBoundaries.pm from SVN because SpamAssassin does not support .LINK TLD in v3.3.2 or v3.4 Link to SVN: http://svn.apache.org/repos/asf/spamassassin/trunk/lib/Mail/SpamAssassin/Util/RegistrarBoundaries.pm Make sure to restart spamd after replacing that file. Then retest as per above. # ----------------------------- Contents of uribl.cf are provided below for reference. $ cat /etc/mail/spamassassin/uribl.cf # File: uribl.cf # Version: 0.2 # Description: SpamAssassin config file for URIBL Datafeed over DNS ################################################################################ # Use custom hostname lookup to prevent being blocked when using # high volume nameservers such as opendns or google dns. ################################################################################ urirhssub URIBL_BLOCKED _CUSTID.df.uribl.com. A 1 urirhssub URIBL_BLACK _CUSTID.df.uribl.com. A 2 urirhssub URIBL_GREY _CUSTID.df.uribl.com. A 4 urirhssub URIBL_RED _CUSTID.df.uribl.com. A 8 urirhssub URIBL_GOLD _CUSTID.df.uribl.com. A 16 ################################################################################ # Enable URIBL_GOLD body URIBL_GOLD eval:check_uridnsbl('URIBL_GOLD') describe URIBL_GOLD Contains an URL listed in the URIBL goldlist tflags URIBL_GOLD net reuse URIBL_GOLD ################################################################################ # Score URIBL_GOLD rule as its not included in stock SA ################################################################################ score URIBL_GOLD 3.00 ################################################################################ # Override default SpamAssassin scores if needed ################################################################################ # score URIBL_BLACK 3.00 # score URIBL_GREY 0.50 # score URIBL_RED 1.50 ################################################################################ # Enabling Extra Datasets # - Note, if you enable extra dataset lookups, this will help # catch spam domains that we do not yet have listed due to # identification and replication delays. # - Also note, this may cause a 6x increase in your query volumes, # so you would need a Query per day limit that is sufficient to support # enabling these rules. Please contact accounts@uribl.com for additional # information. ################################################################################ # uridnssub URIBL_BLACK_A _CUSTID.df.uribl.com. A 32 # body URIBL_BLACK_A eval:check_uridnsbl('BLACK_A') # describe URIBL_BLACK_A Contains a URL which is hosted on a known bad IP # tflags URIBL_BLACK_A net ################################################################################ # uridnssub URIBL_BLACK_NSIP _CUSTID.df.uribl.com. A 64 # body URIBL_BLACK_NSIP eval:check_uridnsbl('BLACK_NSIP') # describe URIBL_BLACK_NSIP Contains a URL which has a known bad nameserver IP # tflags URIBL_BLACK_NSIP net ################################################################################ # urifullnsrhssub URIBL_BLACK_NS _CUSTID.df.uribl.com. A 128 # body URIBL_BLACK_NS eval:check_uridnsbl('BLACK_NS') # describe URIBL_BLACK_NS Contains a URL which has a known bad nameserver # tflags URIBL_BLACK_NS net ################################################################################ # score URIBL_BLACK_A 3.0 # score URIBL_BLACK_NSIP 3.0 # score URIBL_BLACK_NS 3.0 ################################################################################ # EOF uribl.cf