| home |
| datafeed |
| about |
| usage |
| mirrors |
| rss feeds |
| help us |
| links |
| contact |
| faq |
|
login | register | lookup uri | submit uri |
SpamAssassin UsageDefault Rules for Public AccessSpamAssassin includes support for URIBL by default. Please make sure you are on a recent version of SpamAssassin. You will find the following rules in the default SpamAssassin configuration (/var/lib/spamassassin/3.00X000/updates_spamassassin_org/25_uribl.cf) on redhat/centos. It is not recommend to edit these files, as sa-update will overwrite them. To override scores for URIBL_* rules, please do so via your local configuration directory (ie /etc/mail/spamassassin). To disable URIBL tests, set scores to 0.00 for all 4 of the default rules.
urirhssub URIBL_BLACK multi.uribl.com. A 2
body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
describe URIBL_BLACK Contains an URL listed in the URIBL blacklist
tflags URIBL_BLACK net
reuse URIBL_BLACK
urirhssub URIBL_GREY multi.uribl.com. A 4
body URIBL_GREY eval:check_uridnsbl('URIBL_GREY')
describe URIBL_GREY Contains an URL listed in the URIBL greylist
tflags URIBL_GREY net
reuse URIBL_GREY
urirhssub URIBL_RED multi.uribl.com. A 8
body URIBL_RED eval:check_uridnsbl('URIBL_RED')
describe URIBL_RED Contains an URL listed in the URIBL redlist
tflags URIBL_RED net
reuse URIBL_RED
urirhssub URIBL_BLOCKED multi.uribl.com. A 1
body URIBL_BLOCKED eval:check_uridnsbl('URIBL_BLOCKED')
describe URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information.
tflags URIBL_BLOCKED net noautolearn
Rules for Commercial Datafeed ServiceDatafeed over DNS users will use the same rules, but the hostname will change from the public nameservers (multi.uribl.com) to the private custom hostname provided specific for your account. urirhssub URIBL_BLACK _CUSTID.df.uribl.com. A 2 urirhssub URIBL_GREY _CUSTID.df.uribl.com. A 4 urirhssub URIBL_RED _CUSTID.df.uribl.com. A 8 urirhssub URIBL_GOLD _CUSTID.df.uribl.com. A 16 URIBL_GOLDURIBL Gold is integrated in the df.txt (and .gz) file provided to datafeed rsync users. This zone file contains domains that we believe will appear in future spam email, and can be utilize in SpamAssassin by adding an additional rule to check for bit 16 being returned from the df/multi zone. No default score is assigned, please test its accuracy on your network before assigning it a score!
# Example Datafeed over RSYNC usage
################################################################################
urirhssub URIBL_GOLD multi.your-domain.tld. A 16
body URIBL_GOLD eval:check_uridnsbl('URIBL_GOLD')
describe URIBL_GOLD Contains an URL listed in the URIBL greylist
tflags URIBL_GOLD net
# score URIBL_GOLD 3.0
score URIBL_GOLD 0.01
################################################################################
# Example Datafeed over DNS usage
# - replace _CUSTID with your unique hostname
# - rescore as necessary
################################################################################
urirhssub URIBL_GOLD _CUSTID.df.uribl.com. A 16
body URIBL_GOLD eval:check_uridnsbl('URIBL_GOLD')
describe URIBL_GOLD Contains an URL listed in the URIBL greylist
tflags URIBL_GOLD net
# score URIBL_GOLD 3.0
score URIBL_GOLD 0.01
################################################################################
URIBL_BLACK_NSDatafeed over RSYNC users have the ability to load the black_ns.txt zone locally to utilize this rule, while Datafeed over DNS customers can query for bit 128. Checking nameservers for each link can triple your query volume as most domains have at least 2 nameservers.
# Example Datafeed over Rsync usage
# - urifullnsrhssub requires SpamAssassin 3.3x or higher!
# - Change blackns.your-domain.tld to the host you have this data loaded in
# - Rescore from 0.01 after testing effectiveness on your mail flow
################################################################################
urifullnsrhssub URIBL_BLACK_NS blackns.your-domain.tld. A 2
body URIBL_BLACK_NS eval:check_uridnsbl('URIBL_BLACK_NS')
tflags URIBL_BLACK_NS net
# score URIBL_BLACK_NS 3.0
score URIBL_BLACK_NS 0.01
################################################################################
# Example Datafeed over DNS usage
# - urifullnsrhssub requires SpamAssassin 3.3x or higher!
# - replace _CUSTID with your unique hostname
# - rescore as necessary
################################################################################
urifullnsrhssub URIBL_BLACK_NS _CUSTID.df.uribl.com. A 128
body URIBL_BLACK_NS eval:check_uridnsbl('URIBL_BLACK_NS')
describe URIBL_BLACK_NS Contains a URL which has a known bad nameserver
tflags URIBL_BLACK_NS net
# score URIBL_BLACK_NS 3.0
score URIBL_BLACK_NS 0.01
################################################################################
URIBL_BLACK_NSIPDatafeed over RSYNC users have the ability to load the black_nsip.txt zone locally to utilize this rule, while Datafeed over DNS customers can query for bit 64. Checking nameserver IPs for each link can triple your query volume as most domains have at least 2 nameservers.
# Example Datafeed over RSYNC usage
# - This rule will work in all SpamAssassin versions, as it works in the same
# fasion as the Spamhaus SBL rule (URIBL_SBL).
# - Change blacknsip.your-domain.tld to the host you have this data loaded in
# - Rescore from 0.01 after testing effectiveness on your mail flow
################################################################################
uridnsbl URIBL_BLACK_NSIP blacknsip.your-domain.tld. A 2
body URIBL_BLACK_NSIP eval:check_uridnsbl('URIBL_BLACK_NSIP')
tflags URIBL_BLACK_NSIP net
# score URIBL_BLACK_NSIP 3.0
score URIBL_BLACK_NSIP 0.01
################################################################################
# Example Datafeed over DNS usage
# - replace _CUSTID with your unique hostname
# - Rescore from 0.01 after testing effectiveness on your mail flow
################################################################################
uridnssub URIBL_BLACK_NSIP _CUSTID.df.uribl.com. A 64
body URIBL_BLACK_NSIP eval:check_uridnsbl('URIBL_BLACK_NSIP')
describe URIBL_BLACK_NSIP Contains a URL which has a known bad nameserver IP
tflags URIBL_BLACK_NSIP net
# score URIBL_BLACK_NSIP 3.0
score URIBL_BLACK_NSIP 0.01
################################################################################
URIBL_BLACK_ADatafeed over RSYNC users have the ability to load the black_nsip.txt zone locally to utilize this rule, while Datafeed over DNS customers can query for bit 64. Checking IP address for each link can double your query volume as the domain, and the A record for the domain will both be looked up.
# Example Datafeed over RSYNC usage
# - requires SpamAssassin 3.4x or higher!
# - Change blacka.your-domain.tld to the host you have this data loaded in
# - Rescore from 0.01 after testing effectiveness on your mail flow
################################################################################
uridnsbl URIBL_BLACK_A blacka.your-domain.tld. A 2
body URIBL_BLACK_A eval:check_uridnsbl('URIBL_BLACK_A')
describe URIBL_BLACK_A Contains a URL's A listed in the URIBL_BLACK_A blocklist
tflags URIBL_BLACK_A net a
# score URIBL_BLACK_A 3.0
score URIBL_BLACK_A 0.01
################################################################################
# Example Datafeed over DNS usage
# - replace _CUSTID with your unique hostname
# - Rescore from 0.01 after testing effectiveness on your mail flow
################################################################################
uridnssub URIBL_BLACK_A _CUSTID.df.uribl.com. A 32
body URIBL_BLACK_A eval:check_uridnsbl('URIBL_BLACK_A')
describe URIBL_BLACK_A Contains a URL which is hosted on a known bad IP
tflags URIBL_BLACK_A net
# score URIBL_BLACK_A 3.0
score URIBL_BLACK_A 0.01
################################################################################
|
|
|