-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathsh.cf
168 lines (129 loc) · 9.93 KB
/
sh.cf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
# Spamhaus's SpamAssassin setup version 20200430
ifplugin Mail::SpamAssassin::Plugin::SH
header __RCVD_IN_AUTHBL eval:check_rbl('authbl','your_DQS_key.authbl.dq.spamhaus.net.')
tflags __RCVD_IN_AUTHBL net
meta RCVD_IN_AUTHBL __RCVD_IN_AUTHBL
describe RCVD_IN_AUTHBL Received via a relay in Spamhaus AuthBL
header __RCVD_IN_ZEN eval:check_rbl('zendqs','your_DQS_key.zen.dq.spamhaus.net.')
tflags __RCVD_IN_ZEN net
header __RCVD_IN_ZEN_LASTEXTERNAL eval:check_rbl('zendqs-lastexternal', 'your_DQS_key.zen.dq.spamhaus.net.', '^127\.0\.0\.([2-9]|10|11)$')
tflags __RCVD_IN_ZEN_LASTEXTERNAL net
priority __RCVD_IN_ZEN_LASTEXTERNAL -200
meta RCVD_IN_ZEN_LASTEXTERNAL __RCVD_IN_ZEN_LASTEXTERNAL
describe RCVD_IN_ZEN_LASTEXTERNAL The last untrusted relay is listed in Spamhaus ZEN
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
shortcircuit RCVD_IN_ZEN_LASTEXTERNAL spam
endif # Mail::SpamAssassin::Plugin::Shortcircuit
header __RCVD_IN_SBL eval:check_rbl_sub('zendqs', 'your_DQS_key.zen.dq.spamhaus.net.', '^127\.0\.0\.2$')
meta RCVD_IN_SBL __RCVD_IN_SBL
header __RCVD_IN_SBL_CSS eval:check_rbl_sub('zendqs', 'your_DQS_key.zen.dq.spamhaus.net.', '^127\.0\.0\.3$')
meta RCVD_IN_SBL_CSS __RCVD_IN_SBL_CSS
header __RCVD_IN_SBL_DROP eval:check_rbl_sub('zendqs', 'your_DQS_key.zen.dq.spamhaus.net.', '^127\.0\.0\.9$')
meta RCVD_IN_SBL_DROP __RCVD_IN_SBL_DROP
# score RCVD_IN_XBL 0
header RCVD_IN_XBL eval:check_rbl('zendqs', 'your_DQS_key.zen.dq.spamhaus.net.', '^127\.0\.0\.[4567]$')
tflags RCVD_IN_XBL net
header __RCVD_IN_PBL eval:check_rbl('zendqs', 'your_DQS_key.zen.dq.spamhaus.net.', '^127\.0\.0\.1[01]$')
tflags __RCVD_IN_PBL net
meta RCVD_IN_PBL __RCVD_IN_PBL
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
uridnssub URIBL_SBL your_DQS_key.zen.dq.spamhaus.net. A 127.0.0.2
urirhssub URIBL_DBL_SPAM your_DQS_key.dbl.dq.spamhaus.net. A 127.0.1.2
urirhssub URIBL_DBL_PHISH your_DQS_key.dbl.dq.spamhaus.net. A 127.0.1.4
urirhssub URIBL_DBL_MALWARE your_DQS_key.dbl.dq.spamhaus.net. A 127.0.1.5
urirhssub URIBL_DBL_BOTNETCC your_DQS_key.dbl.dq.spamhaus.net. A 127.0.1.6
urirhssub URIBL_DBL_ABUSE_SPAM your_DQS_key.dbl.dq.spamhaus.net. A 127.0.1.102
urirhssub URIBL_DBL_ABUSE_REDIR your_DQS_key.dbl.dq.spamhaus.net. A 127.0.1.103
urirhssub URIBL_DBL_ABUSE_PHISH your_DQS_key.dbl.dq.spamhaus.net. A 127.0.1.104
urirhssub URIBL_DBL_ABUSE_MALW your_DQS_key.dbl.dq.spamhaus.net. A 127.0.1.105
urirhssub URIBL_DBL_ABUSE_BOTCC your_DQS_key.dbl.dq.spamhaus.net. A 127.0.1.106
urirhssub URIBL_DBL_ERROR your_DQS_key.dbl.dq.spamhaus.net. A 127.0.1.255
if can(Mail::SpamAssassin::Plugin::URIDNSBL::has_tflags_domains_only)
urirhsbl URIBL_ZRD your_DQS_key.zrd.dq.spamhaus.net. A
body URIBL_ZRD eval:check_uridnsbl('URIBL_ZRD')
describe URIBL_ZRD Contains a URL listed in the Spamhaus ZRD blocklist
tflags URIBL_ZRD net domains_only
endif # if can
uridnssub URIBL_CSS your_DQS_key.zen.dq.spamhaus.net. A 127.0.0.3
if can(Mail::SpamAssassin::Plugin::URIDNSBL::has_uridnsbl_for_a)
uridnssub URIBL_SBL_A your_DQS_key.zen.dq.spamhaus.net. A 127.0.0.2
body URIBL_SBL_A eval:check_uridnsbl('URIBL_SBL_A')
tflags URIBL_SBL_A net a
reuse URIBL_SBL_A
uridnssub URIBL_CSS_A your_DQS_key.zen.dq.spamhaus.net. A 127.0.0.3
body URIBL_CSS_A eval:check_uridnsbl('URIBL_CSS_A')
tflags URIBL_CSS_A net a
reuse URIBL_CSS_A
endif # if can
endif # Mail::SpamAssassin::Plugin::URIDNSBL
body SH_BODYURI_REVERSE_SBL eval:check_sh_bodyuri_a('your_DQS_key.sbl-xbl.dq.spamhaus.net', '^127\.0\.0\.2')
priority SH_BODYURI_REVERSE_SBL -100
describe SH_BODYURI_REVERSE_SBL The corrisponding A record of an URI contained in the body is listed in SBL
body SH_BODYURI_REVERSE_CSS eval:check_sh_bodyuri_a('your_DQS_key.sbl-xbl.dq.spamhaus.net', '^127\.0\.0\.3')
priority SH_BODYURI_REVERSE_CSS -100
describe SH_BODYURI_REVERSE_CSS The corrisponding A record of an URI contained in the body is listed in CSS
body SH_BODYURI_REVERSE_DROP eval:check_sh_bodyuri_a('your_DQS_key.sbl-xbl.dq.spamhaus.net', '^127\.0\.0\.9')
priority SH_BODYURI_REVERSE_DROP -100
describe SH_BODYURI_REVERSE_DROP The corrisponding A record of an URI contained in the body is listed in DROP
body SH_BODYURI_REVERSE_XBL eval:check_sh_bodyuri_a('your_DQS_key.sbl-xbl.dq.spamhaus.net', '^127\.0\.0\.4')
priority SH_BODYURI_REVERSE_XBL -100
describe SH_BODYURI_REVERSE_XBL The corrisponding A record of an URI contained in the body is listed in XBL
body SH_DBL_BODY eval:check_sh_bodyemail('your_DQS_key.dbl.dq.spamhaus.net', '^127\.0\.1\.[2-6]$')
priority SH_DBL_BODY -100
describe SH_DBL_BODY The domain of an email address found in body is listed in DBL
body SH_DBL_BODY_ABUSED eval:check_sh_bodyemail('your_DQS_key.dbl.dq.spamhaus.net', '^127\.0\.1\.10[2-6]$')
priority SH_DBL_BODY_ABUSED -100
describe SH_DBL_BODY_ABUSED The domain of an email address found in body is listed in DBL as an abused domain
body SH_ZRD_BODY_VERY_FRESH eval:check_sh_bodyemail('your_DQS_key.zrd.dq.spamhaus.net', '^127\.0\.2\.[2-4]$')
priority SH_ZRD_BODY_VERY_FRESH -100
describe SH_ZRD_BODY_VERY_FRESH The domain of an email address found in body is listed in ZRD and the domain age is between 0 and 4 hours
body SH_ZRD_BODY_FRESH eval:check_sh_bodyemail('your_DQS_key.zrd.dq.spamhaus.net', '^127\.0\.2\.([5-9]|1[0-9]|2[0-4])$')
priority SH_ZRD_BODY_FRESH -100
describe SH_ZRD_BODY_FRESH The domain of an email address found in body is listed in ZRD and the domain age is between 5 and 24 hours
header SH_DBL_HEADERS eval:check_sh_headers('your_DQS_key.dbl.dq.spamhaus.net', '^127\.0\.1\.[2-6]$')
priority SH_DBL_HEADERS -100
describe SH_DBL_HEADERS A domain found in headers (mail from, reply-to etc..) is listed in DBL
header SH_DBL_HEADERS_ABUSED eval:check_sh_headers('your_DQS_key.dbl.dq.spamhaus.net', '^127\.0\.1\.10[2-6]$')
priority SH_DBL_HEADERS_ABUSED -100
describe SH_DBL_HEADERS_ABUSED A domain found in headers (mail from, reply-to etc..) is listed in DBL as an abused domain
header SH_ZRD_HEADERS_VERY_FRESH eval:check_sh_headers('your_DQS_key.zrd.dq.spamhaus.net', '^127\.0\.2\.[2-4]$')
priority SH_ZRD_HEADERS_VERY_FRESH -100
describe SH_ZRD_HEADERS_VERY_FRESH A domain found in headers (mail from, reply-to etc..) is listed in ZRD and the domain age is between 0 and 4 hours
header SH_ZRD_HEADERS_FRESH eval:check_sh_headers('your_DQS_key.zrd.dq.spamhaus.net', '^127\.0\.2\.([5-9]|1[0-9]|2[0-4])$')
priority SH_ZRD_HEADERS_FRESH -100
describe SH_ZRD_HEADERS_FRESH A domain found in headers (mail from, reply-to etc..) is listed in ZRD and the domain age is between 5 and 24 hours
header SH_HELO_DBL eval:check_sh_helo('your_DQS_key.dbl.dq.spamhaus.net', '^127\.0\.1\.[2-6]$')
priority SH_HELO_DBL -100
describe SH_HELO_DBL The domain used in the HELO string is listed in DBL
header SH_HELO_DBL_ABUSED eval:check_sh_helo('your_DQS_key.dbl.dq.spamhaus.net', '^127\.0\.1\.10[2-6]$')
priority SH_HELO_DBL_ABUSED -100
describe SH_HELO_DBL_ABUSED The domain used in the HELO string is listed in DBL as an abused domain
header SH_HELO_ZRD_VERY_FRESH eval:check_sh_helo('your_DQS_key.zrd.dq.spamhaus.net', '^127\.0\.2\.[2-4]$')
priority SH_HELO_ZRD_VERY_FRESH -100
describe SH_HELO_ZRD_VERY_FRESH The domain used in the HELO string is listed in ZRD and the domain age is between 0 and 4 hours
header SH_HELO_ZRD_FRESH eval:check_sh_helo('your_DQS_key.zrd.dq.spamhaus.net', '^127\.0\.2\.([5-9]|1[0-9]|2[0-4])$')
priority SH_HELO_ZRD_FRESH -100
describe SH_HELO_ZRD_FRESH The domain used in the HELO string is listed in ZRD and the domain age is between 5 and 24 hours
header SH_REVERSE_DBL eval:check_sh_reverse('your_DQS_key.dbl.dq.spamhaus.net', '^127\.0\.1\.[2-6]$')
priority SH_REVERSE_DBL -100
describe SH_REVERSE_DBL The RDNS of last untrusted relay's IP is listed in DBL
header SH_REVERSE_DBL_ABUSED eval:check_sh_reverse('your_DQS_key.dbl.dq.spamhaus.net', '^127\.0\.1\.10[2-6]$')
priority SH_REVERSE_DBL_ABUSED -100
describe SH_REVERSE_DBL_ABUSED The RDNS of last untrusted relay's IP is listed in DBL as an abused domain
header SH_REVERSE_ZRD_VERY_FRESH eval:check_sh_reverse('your_DQS_key.zrd.dq.spamhaus.net', '^127\.0\.2\.[2-4]$')
priority SH_REVERSE_ZRD_VERY_FRESH -100
describe SH_REVERSE_ZRD_VERY_FRESH The RDNS of last untrusted relay's IP is listed in ZRD and the domain age is between 0 and 4 hours
header SH_REVERSE_ZRD_FRESH eval:check_sh_reverse('your_DQS_key.zrd.dq.spamhaus.net', '^127\.0\.2\.([5-9]|1[0-9]|2[0-4])$')
priority SH_REVERSE_ZRD_FRESH -100
describe SH_REVERSE_ZRD_FRESH The RDNS of last untrusted relay's IP is listed in ZRD and the domain age is between 5 and 24 hours
meta SH_AUTHBL_AND_DBL_ABUSED URIBL_DBL_ABUSE_SPAM && RCVD_IN_AUTHBL
describe SH_AUTHBL_AND_DBL_ABUSED Sender IP listed in AuthBL and body contains an abused url
# Redefining these rules even if they will -never- fire on a DQS installation.
# This is needed because queries to the public mirrors will go underway even if the rules are zeroed
urirhssub URIBL_DBL_BLOCKED_OPENDNS your_DQS_key.dbl.dq.spamhaus.net. A 127.255.255.254
urirhssub URIBL_DBL_BLOCKED your_DQS_key.dbl.dq.spamhaus.net. A 127.255.255.255
uridnssub URIBL_ZEN_BLOCKED_OPENDNS your_DQS_key.zen.dq.spamhaus.net. A 127.255.255.254
uridnssub URIBL_ZEN_BLOCKED your_DQS_key.zen.dq.spamhaus.net. A 127.255.255.255
header RCVD_IN_ZEN_BLOCKED_OPENDNS eval:check_rbl('zendqs-lastexternal', 'your_DQS_key.zen.dq.spamhaus.net.', '^127\.255\.255\.254$')
header RCVD_IN_ZEN_BLOCKED eval:check_rbl('zendqs-lastexternal', 'your_DQS_key.zen.dq.spamhaus.net.', '^127\.255\.255\.255$')
endif # Mail::SpamAssassin::Plugin::SH