#dnsbl.cf - Place this file in /etc/mail/spamassassin/dnsbl.cf
#Note that files are loaded in alphabetical order, any entries in local.cf
#will override the entries in this configuration file.
# EASYNET_NL is the Easynet.nl List: http://blackholes.easynet.nl .
header RCVD_IN_EASY rbleval:check_rbl('relay', 'blackholes.easynet.nl.')
describe RCVD_IN_EASY Received via EASYed relay
tflags RCVD_IN_EASY net
# use *.blackholes.us DNSBL's
# $Id: blackholes.cf,v 1.2 2002/08/07 06:23:58 pancrace Exp $
header RCVD_IN_ARGENTINA eval:check_rbl('country', 'argentina.blackholes.us.')
describe RCVD_IN_ARGENTINA Received from Argentina
header RCVD_IN_BRAZIL eval:check_rbl('country', 'brazil.blackholes.us.')
describe RCVD_IN_BRAZIL Received from Brazil
header RCVD_IN_CHINA eval:check_rbl('country', 'china.blackholes.us.')
describe RCVD_IN_CHINA Received from China
header RCVD_IN_JAPAN eval:check_rbl('country', 'japan.blackholes.us.')
describe RCVD_IN_JAPAN Received from Japan
header RCVD_IN_KOREA eval:check_rbl('country', 'korea.blackholes.us.')
describe RCVD_IN_KOREA Received from Korea
header RCVD_IN_NIGERIA eval:check_rbl('country', 'nigeria.blackholes.us.')
describe RCVD_IN_NIGERIA Received from Nigeria
header RCVD_IN_RUSSIA eval:check_rbl('country', 'russia.blackholes.us.')
describe RCVD_IN_RUSSIA Received from Russia
header RCVD_IN_SINGAPORE eval:check_rbl('country', 'singapore.blackholes.us.')
describe RCVD_IN_SINGAPORE Received from Singapore
header RCVD_IN_TAIWAN eval:check_rbl('country', 'taiwan.blackholes.us.')
describe RCVD_IN_TAIWAN Received from Taiwan
header RCVD_IN_THAILAND eval:check_rbl('country', 'thailand.blackholes.us.')
describe RCVD_IN_THAILAND Received from Thailand
score RCVD_IN_ARGENTINA 3.0
score RCVD_IN_BRAZIL 3.0
score RCVD_IN_CHINA 3.0
score RCVD_IN_JAPAN 3.0
score RCVD_IN_KOREA 3.0
score RCVD_IN_NIGERIA 3.0
score RCVD_IN_RUSSIA 3.0
score RCVD_IN_SINGAPORE 3.0
score RCVD_IN_TAIWAN 3.0
score RCVD_IN_THAILAND 3.0
header RCVD_IN_BROADWING eval:check_rbl('isp', 'broadwing.blackholes.us.')
describe RCVD_IN_BROADWING Received from Broadwing network space
header RCVD_IN_CIBERLYNX eval:check_rbl('isp', 'ciberlynx.blackholes.us.')
describe RCVD_IN_CIBERLYNX Received from Ciberlynx network space
header RCVD_IN_CW eval:check_rbl('isp', 'cw.blackholes.us.')
describe RCVD_IN_CW Received from Cable and Wireless network space
header RCVD_IN_ELI eval:check_rbl('isp', 'eli.blackholes.us.')
describe RCVD_IN_ELI Received from ELI network space
header RCVD_IN_EPOCH eval:check_rbl('isp', 'epoch.blackholes.us.')
describe RCVD_IN_EPOCH Received from Epoch network space
header RCVD_IN_HE eval:check_rbl('isp', 'he.blackholes.us.')
describe RCVD_IN_HE Received from Hurricane Electric network space
header RCVD_IN_INFLOW eval:check_rbl('isp', 'inflow.blackholes.us.')
describe RCVD_IN_INFLOW Received from Inflow network space
header RCVD_IN_INTERNAP eval:check_rbl('isp', 'internap.blackholes.us.')
describe RCVD_IN_INTERNAP Received from Internap network space
header RCVD_IN_LEVEL3 eval:check_rbl('isp', 'level3.blackholes.us.')
describe RCVD_IN_LEVEL3 Received from Level 3 network space
header RCVD_IN_RACKSPACE eval:check_rbl('isp', 'rackspace.blackholes.us.')
describe RCVD_IN_RACKSPACE Received from Rackspace network space
header RCVD_IN_RR eval:check_rbl('isp', 'rr.blackholes.us.')
describe RCVD_IN_RR Received from Road Runner network space
header RCVD_IN_SKYNETWEB eval:check_rbl('isp', 'skynetweb.blackholes.us.')
describe RCVD_IN_SKYNETWEB Received from SkynetWeb network space
header RCVD_IN_VALUEWEB eval:check_rbl('isp', 'valueweb.blackholes.us.')
describe RCVD_IN_VALUEWEB Received from Valueweb/Cybergate network space
header RCVD_IN_VERIO eval:check_rbl('isp', 'verio.blackholes.us.')
describe RCVD_IN_VERIO Received from Verio network space
#header RCVD_IN_WANADOOFR eval:check_rbl('isp', 'wanadoo-fr.blackholes.us.')
#describe RCVD_IN_WANADOOFR Received from Wanadoo.fr network space
header RCVD_IN_XO eval:check_rbl('isp', 'xo.blackholes.us.')
describe RCVD_IN_XO Received from XO/Concentric network space
header RCVD_IN_SORBS eval:check_rbl('isp', 'dnsbl.sorbs.net.')
describe RCVD_IN_SORBS Received from IP in dnsbl.sorbs.net
header RCVD_IN_SPEWS eval:check_rbl('isp', 'l1.spews.dnsbl.sorbs.net.')
describe RCVD_IN_SPEWS Received from IP in Spews.sorbs.net
header RCVD_IN_ROGERS eval:check_rbl('isp', 'rogers.blackholes.us.')
describe RCVD_IN_ROGERS Received from rogers network space
score RCVD_IN_BROADWING 0.5
score RCVD_IN_CIBERLYNX 0.5
score RCVD_IN_CW 0.5
score RCVD_IN_ELI 0.5
score RCVD_IN_EPOCH 0.5
score RCVD_IN_HE 0.5
score RCVD_IN_INFLOW 0.5
score RCVD_IN_INTERNAP 0.5
score RCVD_IN_LEVEL3 0.5
score RCVD_IN_RACKSPACE 0.5
score RCVD_IN_RR 0.5
score RCVD_IN_SKYNETWEB 0.5
score RCVD_IN_VALUEWEB 0.5
score RCVD_IN_VERIO 0.5
#score RCVD_IN_WANADOOFR 0.5
score RCVD_IN_XO 0.5
score RCVD_IN_SORBS 0.5
score RCVD_IN_ROGERS 0.5
score RCVD_IN_CBL 0.5
score RCVD_IN_SBL 0.5
score RCVD_IN_BL_SPAMCOP_NET 1.5
score RCVD_IN_EASY 2.0
score RCVD_IN_SPEWS 2.0
score RCVD_IN_DSBL 2.0
#Single Zone BL's first
#CBL.ABUSEAT.ORG is a DNSBL of senders who have sent to spamtrap addresses.
#This one is pretty good at hitting crap spammers not caught by some others,
#especially clueless cable modem spammers.
header RCVD_IN_CBL rbleval:check_rbl('relay', 'cbl.abuseat.org')
describe RCVD_IN_CBL DNSBL: sender has sent spam to spamtraps
tflags RCVD_IN_CBL net
# Multizone / Multi meaning BLs next
# SORBS, like MAPS RBL+ is a multi-meaning BL, so it is treated separately
header RCVD_IN_SORBS rbleval:check_rbl('sorbs', 'dnsbl.sorbs.net.')
describe RCVD_IN_SORBS Received via a relay in dnsbl.sorbs.net
tflags RCVD_IN_SORBS net
# X prefix was used to insure that it was run at the end, but it's not needed
# anymore since we run the rule with rblreseval -- Marc
header X_SORBS_OPEN_HTTP rbleval:check_rbl_results_for('sorbs', '127.0.0.2')
describe X_SORBS_OPEN_HTTP DNSBL: sender is Confirmed Open Proxy
tflags X_SORBS_OPEN_HTTP net
header X_SORBS_SOCKS rbleval:check_rbl_results_for('sorbs', '127.0.0.3')
describe X_SORBS_SOCKS DNSBL: send ip addy Confirmed Open Socks Proxy
tflags X_SORBS_SOCKS net
header X_SORBS_MISC rbleval:check_rbl_results_for('sorbs', '127.0.0.4')
describe X_SORBS_MISC DNSBL: sender is Confirmed Open Misc Proxy
tflags X_SORBS_MISC net
header X_SORBS_SMTP rbleval:check_rbl_results_for('sorbs', '127.0.0.5')
describe X_SORBS_SMTP DNSBL: sender is a Confirmed Open Relay
tflags X_SORBS_SMTP net
header X_SORBS_SPAM rbleval:check_rbl_results_for('sorbs', '127.0.0.6')
describe X_SORBS_SPAM DNSBL: sender is a Confirmed spam Source
tflags X_SORBS_SPAM net
header X_SORBS_WEB rbleval:check_rbl_results_for('sorbs', '127.0.0.7')
describe X_SORBS_WEB DNSBL: sender is Confirmed Spam Support Web Server
tflags X_SORBS_WEB net
header X_SORBS_ZOMBIE rbleval:check_rbl_results_for('sorbs', '127.0.0.9')
describe X_SORBS_ZOMBIE DNSBL: sender is a Zombie Domain
tflags X_SORBS_ZOMBIE net
header X_SORBS_NOMAIL rbleval:check_rbl_results_for('sorbs', '127.0.0.12')
describe X_SORBS_NOMAIL DNSBL: sender is a Confirmed No Mail Ever zone
tflags X_SORBS_NOMAIL net