bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
809c554ada678a4ea660095e0d3091a320ac2d5a
zira-etc/mail/spamassassin/99_struction_DNSRBL.cf
bms8197 e2954d55f4 Initial commit.
2021-05-24 22:18:33 +03:00

314 lines
13 KiB
CFEngine3
Raw Blame History

# 2006-10-01 <pille@struction.de>
# URIBL
urirhssub URIBL_BLACK multi.uribl.com. A 2
body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
describe URIBL_BLACK Contains an URL listed in the URIBL blacklist (http://uribl.com)
tflags URIBL_BLACK net
score URIBL_BLACK 2.0
# NIX_SPAM (heise.de)
header NIX_SPAM eval:check_rbl('nix-spam', 'ix.dnsbl.manitu.net')
describe NIX_SPAM Listed in NIX_SPAM DNSBL
tflags NIX_SPAM net
score NIX_SPAM 2.0
# VIRBL (virus sender blacklist) http://virbl.bit.nl
header RCVD_IN_VIRBL eval:check_rbl_txt('virbl', 'virbl.dnsbl.bit.nl')
describe RCVD_IN_VIRBL Listed in virbl.dnsbl.bit.nl
tflags RCVD_IN_VIRBL net
score RCVD_IN_VIRBL 1.0
# 2006-12-19 <pille@struction.de>
# deactivated, since this DB has vanished as of 2006-12-18
# ORDB (open relays) http://ordb.org
#header RCVD_IN_ORDB eval:check_rbl_txt('ordb', 'relays.ordb.org')
#describe RCVD_IN_ORDB Listed in relays.ordb.org
#tflags RCVD_IN_ORDB net
#score RCVD_IN_ORDB 0.5
# CBL (open relays/proxys) http://cbl.abuseat.org
header RCVD_IN_CBL eval:check_rbl_txt('cbl', 'cbl.abuseat.org')
describe RCVD_IN_CBL Listed in cbl.abuseat.org
tflags RCVD_IN_CBL net
score RCVD_IN_CBL 2.0
# UCEPROTECT1 (open relays/proxys/dialups) http://uceprotect.net
header RCVD_IN_UCEPROTECT1 eval:check_rbl_txt('uceprotect1', 'dnsbl-1.uceprotect.net')
describe RCVD_IN_UCEPROTECT1 Listed in dnsbl-1.uceprotect.net
tflags RCVD_IN_UCEPROTECT1 net
score RCVD_IN_UCEPROTECT1 1.0
# UCEPROTECT2 (open relays/proxys/dialups networks) http://uceprotect.net
header RCVD_IN_UCEPROTECT2 eval:check_rbl_txt('uceprotect1', 'dnsbl-2.uceprotect.net')
describe RCVD_IN_UCEPROTECT2 Network listed in dnsbl-2.uceprotect.net
tflags RCVD_IN_UCEPROTECT2 net
score RCVD_IN_UCEPROTECT2 0.5
# UCEPROTECT3 (bad networks) http://uceprotect.net
header RCVD_IN_UCEPROTECT3 eval:check_rbl_txt('uceprotect1', 'dnsbl-3.uceprotect.net')
describe RCVD_IN_UCEPROTECT3 Network listed in dnsbl-3.uceprotect.net
tflags RCVD_IN_UCEPROTECT3 net
score RCVD_IN_UCEPROTECT3 0.1
# DSBL-multihop (multihop open relays) http://dsbl.org
header RCVD_IN_DSBL_MULTIHOP eval:check_rbl_txt('dsblmultihop', 'multihop.dsbl.org')
describe RCVD_IN_DSBL_MULTIHOP Listed in multihop.dsbl.org
tflags RCVD_IN_DSBL_MULTIHOP net
score RCVD_IN_DSBL_MULTIHOP 0.1
# DSBL-unconfirmed (open relays) http://dsbl.org
header RCVD_IN_DSBL_UNCONFIRMED eval:check_rbl_txt('dsblunconfirmed', 'unconfirmed.dsbl.org')
describe RCVD_IN_DSBL_UNCONFIRMED Listed in unconfirmed.dsbl.org
tflags RCVD_IN_DSBL_UNCONFIRMED net
score RCVD_IN_DSBL_UNCONFIRMED 0.001
# AHBL-tor (TOR relays) http://ahbl.org
header RCVD_IN_AHBL_TOR eval:check_rbl_txt('ahbltor', 'tor.ahbl.org')
describe RCVD_IN_AHBL_TOR Listed in tor.ahbl.org
tflags RCVD_IN_AHBL_TOR net
score RCVD_IN_AHBL_TOR 0.001
# AHBL-exemptions (whitelist) http://ahbl.org
header RCVD_IN_AHBL_WHITELIST eval:check_rbl_txt('ahblwhite', 'exemptions.ahbl.org')
describe RCVD_IN_AHBL_WHITELIST WhiteListed in exemptions.ahbl.org
tflags RCVD_IN_AHBL_WHITELIST net
score RCVD_IN_AHBL_WHITELIST -0.01
# from http://www.ahbl.org/docs/mailservers/spamassassin.txt
header RCVD_IN_AHBL eval:check_rbl('AHBL', 'dnsbl.ahbl.org.')
describe RCVD_IN_AHBL AHBL: sender is listed in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL 1.0
tflags RCVD_IN_AHBL net
header RCVD_IN_AHBL_UNKNOWN_1 eval:check_rbl_sub('AHBL', '127.0.0.1')
describe RCVD_IN_AHBL_UNKNOWN_1 AHBL: Unknown Category 1 in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_UNKNOWN_1 0.01
tflags RCVD_IN_AHBL_UNKNOWN_1 net
header RCVD_IN_AHBL_SMTP eval:check_rbl_sub('AHBL', '127.0.0.2')
describe RCVD_IN_AHBL_SMTP AHBL: Open SMTP relay in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_SMTP 0.5
tflags RCVD_IN_AHBL_SMTP net
header RCVD_IN_AHBL_PROXY eval:check_rbl_sub('AHBL', '127.0.0.3')
describe RCVD_IN_AHBL_PROXY AHBL: Open Proxy server in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_PROXY 0.5
tflags RCVD_IN_AHBL_PROXY net
header RCVD_IN_AHBL_SPAM eval:check_rbl_sub('AHBL', '127.0.0.4')
describe RCVD_IN_AHBL_SPAM AHBL: Spam Source in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_SPAM 0.5
tflags RCVD_IN_AHBL_SPAM net
header RCVD_IN_AHBL_RTB eval:check_rbl_sub('AHBL', '127.0.0.5')
describe RCVD_IN_AHBL_RTB AHBL: Real-Time Blocked in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_RTB 0.01
tflags RCVD_IN_AHBL_RTB net
header RCVD_IN_AHBL_FORMMAIL eval:check_rbl_sub('AHBL', '127.0.0.6')
describe RCVD_IN_AHBL_FORMMAIL AHBL: Abuseable Form Mail in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_FORMMAIL 0.5
tflags RCVD_IN_AHBL_FORMMAIL net
header RCVD_IN_AHBL_SPAM_SUPPORT eval:check_rbl_sub('AHBL', '127.0.0.7')
describe RCVD_IN_AHBL_SPAM_SUPPORT AHBL: Spam Supporter in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_SPAM_SUPPORT 0.5
tflags RCVD_IN_AHBL_SPAM_SUPPORT net
header RCVD_IN_AHBL_I_SPAM_SUPPORT eval:check_rbl_sub('AHBL', '127.0.0.8')
describe RCVD_IN_AHBL_I_SPAM_SUPPORT AHBL: Indirect Spam supporter in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_I_SPAM_SUPPORT 0.5
tflags RCVD_IN_AHBL_I_SPAM_SUPPORT net
header RCVD_IN_AHBL_ENDUSER eval:check_rbl_sub('AHBL', '127.0.0.9')
describe RCVD_IN_AHBL_ENDUSER AHBL: End User (non mail system) in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_ENDUSER 0.5
tflags RCVD_IN_AHBL_ENDUSER net
header RCVD_IN_AHBL_SOS eval:check_rbl_sub('AHBL-notfirsthop', '127.0.0.10')
describe RCVD_IN_AHBL_SOS AHBL: Shoot On Sight in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_SOS 0.5
tflags RCVD_IN_AHBL_SOS net
header RCVD_IN_AHBL_RFCI_PA eval:check_rbl_sub('AHBL', '127.0.0.11')
describe RCVD_IN_AHBL_RFCI_PA AHBL: Missing Postmaster or Abuse Address in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_RFCI_PA 0.5
tflags RCVD_IN_AHBL_RFCI_PA net
header RCVD_IN_AHBL_5XXI eval:check_rbl_sub('AHBL', '127.0.0.12')
describe RCVD_IN_AHBL_5XXI AHBL: Does not properly handle 5xx errors in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_5XXI 0.5
tflags RCVD_IN_AHBL_5XXI net
header RCVD_IN_AHBL_RFCI_MISC eval:check_rbl_sub('AHBL', '127.0.0.13')
describe RCVD_IN_AHBL_RFCI_MISC AHBL: Other Non-RFC Compliant in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_RFCI_MISC 0.5
tflags RCVD_IN_AHBL_RFCI_MISC net
header RCVD_IN_AHBL_COMP_DDOS eval:check_rbl_sub('AHBL', '127.0.0.14')
describe RCVD_IN_AHBL_COMP_DDOS AHBL: Compromised System - DDoS in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_COMP_DDOS 0.5
tflags RCVD_IN_AHBL_COMP_DDOS net
header RCVD_IN_AHBL_COMP_RELAY eval:check_rbl_sub('AHBL', '127.0.0.15')
describe RCVD_IN_AHBL_COMP_RELAY AHBL: Compromised System - Relay in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_COMP_RELAY 0.5
tflags RCVD_IN_AHBL_COMP_RELAY net
header RCVD_IN_AHBL_COMP_SCANNER eval:check_rbl_sub('AHBL', '127.0.0.16')
describe RCVD_IN_AHBL_COMP_SCANNER AHBL: Compromised System - Autorooter/Scanner in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_COMP_SCANNER 0.5
tflags RCVD_IN_AHBL_COMP_SCANNER net
header RCVD_IN_AHBL_COMP_WORM eval:check_rbl_sub('AHBL', '127.0.0.17')
describe RCVD_IN_AHBL_COMP_WORM AHBL: Compromised System - Worm or mass mailing virus in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_COMP_WORM 0.5
tflags RCVD_IN_AHBL_COMP_WORM net
header RCVD_IN_AHBL_COMP_VIRUS eval:check_rbl_sub('AHBL', '127.0.0.18')
describe RCVD_IN_AHBL_COMP_VIRUS AHBL: Compromised System - Other Virus in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_COMP_VIRUS 0.5
tflags RCVD_IN_AHBL_COMP_VIRUS net
header RCVD_IN_AHBL_PROXY eval:check_rbl_sub('AHBL', '127.0.0.19')
describe RCVD_IN_AHBL_PROXY AHBL: Open Proxy in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_PROXY 0.5
tflags RCVD_IN_AHBL_PROXY net
header RCVD_IN_AHBL_BLOG eval:check_rbl_sub('AHBL', '127.0.0.19')
describe RCVD_IN_AHBL_BLOG AHBL: Blog/Wiki/Comment Spammer in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_BLOG 0.5
tflags RCVD_IN_AHBL_BLOG net
header RCVD_IN_AHBL_MISC eval:check_rbl_sub('AHBL', '127.0.0.127')
describe RCVD_IN_AHBL_MISC AHBL: Misc (other) in BlackList / BlockList dnsbl.ahbl.org
score RCVD_IN_AHBL_MISC 0.5
tflags RCVD_IN_AHBL_MISC net
# bondedsender whitelist (commercial?) http://www.returnpath.org/senderscorecertified
header RCVD_IN_BONDEDSENDER_WHITELIST eval:check_rbl('bondedsender', 'sa.bondedsender.org')
describe RCVD_IN_BONDEDSENDER_WHITELIST Received via a whitelisted Bonded Sender address
score RCVD_IN_BONDEDSENDER_WHITELIST -0.001
tflags RCVD_IN_BONDEDSENDER_WHITELIST net
header RCVD_IN_BONDEDSENDER_WHITELIST1 eval:check_rbl('bondedsender1', 'query.bondedsender.org', '127.0.0.10')
describe RCVD_IN_BONDEDSENDER_WHITELIST1 Received via a whitelisted Bonded Sender address
score RCVD_IN_BONDEDSENDER_WHITELIST1 -0.001
tflags RCVD_IN_BONDEDSENDER_WHITELIST1 net
# test, if we catch dialup-relays (additional to standard spamassassin)
header RCVD_IN_NJABL_DUL2 eval:check_rbl('njabl2-notfirsthop', 'combined.njabl.org.', '127.0.0.3')
describe RCVD_IN_NJABL_DUL2 NJABL: dialup sender did non-local SMTP
score RCVD_IN_NJABL_DUL2 0.1
tflags RCVD_IN_NJABL_DUL2 net
header RCVD_IN_MAPS_DUL2 eval:check_rbl('dialup2-notfirsthop', 'dialups.mail-abuse.org.')
describe RCVD_IN_MAPS_DUL2 Relay in DUL, http://www.mail-abuse.org/dul/
score RCVD_IN_MAPS_DUL2 0.1
tflags RCVD_IN_MAPS_DUL2 net
header RCVD_IN_SORBS_DUL2 eval:check_rbl('sorbs2-notfirsthop', 'dnsbl.sorbs.net.', '127.0.0.10')
describe RCVD_IN_SORBS_DUL2 SORBS: sent directly from dynamic IP address
tflags RCVD_IN_SORBS_DUL2 net
score RCVD_IN_SORBS_DUL2 0.1
# FIVETENSG http://www.five-ten-sg.com
header RCVD_IN_FIVETENSG eval:check_rbl('FIVETENSG', 'blackholes.five-ten-sg.com.')
describe RCVD_IN_FIVETENSG sender is listed in blackholes.five-ten-sg.com
score RCVD_IN_FIVETENSG 1.0
tflags RCVD_IN_FIVETENSG net
header RCVD_IN_FIVETENSG_UNKNOWN_1 eval:check_rbl_sub('FIVETENSG', '127.0.0.1')
describe RCVD_IN_FIVETENSG_UNKNOWN_1 Unknown Category 1 in blackholes.five-ten-sg.com
score RCVD_IN_FIVETENSG_UNKNOWN_1 0.001
tflags RCVD_IN_FIVETENSG_UNKNOWN_1 net
header RCVD_IN_FIVETENSG_SPAM eval:check_rbl_sub('FIVETENSG', '127.0.0.2')
describe RCVD_IN_FIVETENSG_SPAM Spammer in blackholes.five-ten-sg.com
score RCVD_IN_FIVETENSG_SPAM 0.5
tflags RCVD_IN_FIVETENSG_SPAM net
header RCVD_IN_FIVETENSG_DUL eval:check_rbl_sub('FIVETENSG', '127.0.0.3')
describe RCVD_IN_FIVETENSG_DUL Dialup in blackholes.five-ten-sg.com
score RCVD_IN_FIVETENSG_DUL 0.01
tflags RCVD_IN_FIVETENSG_DUL net
header RCVD_IN_FIVETENSG_BULK eval:check_rbl_sub('FIVETENSG', '127.0.0.4')
describe RCVD_IN_FIVETENSG_BULK Bulk-Mailer in blackholes.five-ten-sg.com
score RCVD_IN_FIVETENSG_BULK 0.01
tflags RCVD_IN_FIVETENSG_BULK net
header RCVD_IN_FIVETENSG_MULTISTAGE eval:check_rbl_sub('FIVETENSG', '127.0.0.5')
describe RCVD_IN_FIVETENSG_MULTISTAGE Multistage Open Relay in blackholes.five-ten-sg.com
score RCVD_IN_FIVETENSG_MULTISTAGE 0.1
tflags RCVD_IN_FIVETENSG_MULTISTAGE net
header RCVD_IN_FIVETENSG_SINGLESTAGE eval:check_rbl_sub('FIVETENSG', '127.0.0.6')
describe RCVD_IN_FIVETENSG_SINGLESTAGE Singlestage Open Relay in blackholes.five-ten-sg.com
score RCVD_IN_FIVETENSG_SINGLESTAGE 0.1
tflags RCVD_IN_FIVETENSG_SINGLESTAGE net
header RCVD_IN_FIVETENSG_SUPPORT eval:check_rbl_sub('FIVETENSG', '127.0.0.7')
describe RCVD_IN_FIVETENSG_SUPPORT Spam-Supporter in blackholes.five-ten-sg.com
score RCVD_IN_FIVETENSG_SUPPORT 0.1
tflags RCVD_IN_FIVETENSG_SUPPORT net
header RCVD_IN_FIVETENSG_WEBFORM eval:check_rbl_sub('FIVETENSG', '127.0.0.8')
describe RCVD_IN_FIVETENSG_WEBFORM Web2Mail in blackholes.five-ten-sg.com
score RCVD_IN_FIVETENSG_WEBFORM 0.1
tflags RCVD_IN_FIVETENSG_WEBFORM net
header RCVD_IN_FIVETENSG_SUSPECT eval:check_rbl_sub('FIVETENSG', '127.0.0.9')
describe RCVD_IN_FIVETENSG_SUSPECT Suspected system in blackholes.five-ten-sg.com
score RCVD_IN_FIVETENSG_SUSPECT 0.01
tflags RCVD_IN_FIVETENSG_SUSPECT net
header RCVD_IN_FIVETENSG_KLEZ eval:check_rbl_sub('FIVETENSG', '127.0.0.10')
describe RCVD_IN_FIVETENSG_KLEZ Virus Notification Sender in blackholes.five-ten-sg.com
score RCVD_IN_FIVETENSG_KLEZ 0.01
tflags RCVD_IN_FIVETENSG_KLEZ net
header RCVD_IN_FIVETENSG_FREEMAIL eval:check_rbl_sub('FIVETENSG', '127.0.0.12')
describe RCVD_IN_FIVETENSG_FREEMAIL Freemailer in blackholes.five-ten-sg.com
score RCVD_IN_FIVETENSG_FREEMAIL 0.01
tflags RCVD_IN_FIVETENSG_FREEMAIL net
# bl.csma.biz - Repeat SPAM Sources
header RCVD_IN_BLCSMA eval:check_rbl('blcsma', 'bl.csma.biz.')
describe RCVD_IN_BLCSMA Received via a blocked site in bl.csma.biz
score RCVD_IN_BLCSMA 0.5
tflags RCVD_IN_BLCSMA net
# sbl.csma.biz - Suspect SPAM Sources
header RCVD_IN_SBLCSMA eval:check_rbl('sblcsma', 'sbl.csma.biz.')
describe RCVD_IN_SBLCSMA Received via a blocked site in sbl.csma.biz
score RCVD_IN_SBLCSMA 0.1
tflags RCVD_IN_SBLCSMA net
Reference in New Issue View Git Blame Copy Permalink