RBL ZA - Last 5 questions posted: South African Black Lists http://www.rbl.org.za <![CDATA[SpamAssassin RBL HowTO]]> How to use Add the following to your SpamAssassin's local.cf configuration file, or user_prefs for user-specific configuration: 
header  RCVD_IN_VIRUS_RBL_ZA   eval:check_rbl_txt('rbl.org.za', 'test.rbl.org.za.')
describe RCVD_IN_VIRUS_RBL_ZA Received via a relay in test.rbl.org.za
tflags RCVD_IN_VIRUS_RBL_ZA   net
score RCVD_IN_VIRUS_RBL_ZA 1.0
Then restart spamd.

The value of the 'score' setting relates to how many SpamAssassin points will be added to the final tally (other points come from other methods of determining whether or not the mail is spam). You can adjust this if you like (above configuration is for 1.0 points), of course the higher the score here the higher the chances are of a mail being deemed spam, even without points from other factors. By default a mail will be marked as spam if there is 5 more more SpamAssassin points.

Confirming things are working

If you see something like the the following in a mail that SpamAssassin has marked as spam it means things are working. 
2.0 RCVD_IN_VIRUS_RBL_ZA     RBL: Received via a relay in test.rbl.org.za
[p7169-ipad52marunouchi.tokyo.ocn.ne.jp is listed]
[in test.rbl.org.za.]
]]> http://www.rbl.org.za/index.php?action=artikel&cat=3&id=6&artlang=en Tue, 26 Aug 2008 08:26:00 GMT <![CDATA[Sendmail RBL HowTO]]> RedHat and Mandrake Systems:

Both of these systems (and others based off of RedHat ship with a file /etc/mail/sendmail.mc
that is a complete set of m4 macros needed to generate a fres /etc/sndmail.cf The easiest approach
is to open this file in your favorite text editor and add a line like this,

FEATURE(dnsbl, `relays.osirusoft.com', `Rejected - see http://relays.osirusoft.com')dnl
FEATURE(`dnsbl', `relays.ordb.org', `Rejected - see http://ordb.org/')dnl

As you can see I have two in mine, there are other lists to wich I will link to below.
This strictly speeking is not needed, in fact more then one will cause a performance hit
but will catch more spam so it is up to you as to what your needs are. You could even
include more, MAPS maintains 3 different lists plus a fourth that includes all three but
they now charge for access if you site is in any way commercial.

After adding those lines to your sendmail.mc file all you need to do is as root execute
the following command from the /etc/mail dir.

m4 sendmail.mc > ../sendmail.cf

It would be a good idea to back up your old /etc/sendmail.cf beforehand.
After running the m4 comman restart sendmail and you are done.

FreeBSD
On release 4.4+ the file you need to edit is,

/etc/mail/freebsd.mc

Other Linux/Unix systems: If your running sendmail setup will be very similar but the file locations are probally
different, I will add exact instructions shortly after looking on a few of these machines.
Other MTA's There is a large listing of other MTA's and how to set them up here,

http://www.mail-abuse.org/rbl/usage.html


Testing your setup.
You can use the following command and inputs to verify your setup.

sendmail -bt -C /config/to/test/sendmail.cf
> .D{client_addr}127.0.0.1
> Basic_check_relay <>
rewrite: ruleset 192 input: < >
rewrite: ruleset 192 returns: OK
> .D{client_addr}127.0.0.2
> Basic_check_relay <>
rewrite: ruleset 192 input: < >
rewrite: ruleset 192 returns: $# error $@ 5 . 7 . 1 $: "Mail from " 127 . 0 . 0 . 2 " refused; see http://www.mail-abuse.org/cgi-bin/lookup?127.0.0.2"
> CTRL/D

The output/responses will be slightly different depending on your sendmail
version and the list you used.

]]> http://www.rbl.org.za/index.php?action=artikel&cat=3&id=5&artlang=en Tue, 26 Aug 2008 08:26:00 GMT <![CDATA[Postfix RBL HowTO]]>
reject_rbl_client rbl_domain=d.d.d.d
Reject the request when the reversed client network address is listed with the A record "d.d.d.d" under rbl_domain (Postfix version 2.1 and later only). If no "=d.d.d.d" is specified, reject the request when the reversed client network address is listed with any A record under rbl_domain.
The maps_rbl_reject_code parameter specifies the response code for rejected requests (default: 554), the default_rbl_reply parameter specifies the default server reply, and the rbl_reply_maps parameter specifies tables with server replies indexed by rbl_domain. This feature is available in Postfix 2.0 and later.
smtpd_client_restrictions =
...
reject_rbl_client dnsbl.sorbs.net
...
]]> http://www.rbl.org.za/index.php?action=artikel&cat=3&id=3&artlang=en Tue, 26 Aug 2008 08:26:00 GMT <![CDATA[Exim RBL HowTO]]> In Exim 4.x a DNSBL lookup can be used in any of the incoming SMTP ACLs. However it is typical for the lookups to be used in the ACL handling RCPT TO - this allows policies to accept mail for postmaster or other special local parts (for example so a blocked sender can talk to the local postmaster about getting blocks lifted or excluded)

The use of DNSBLs is substantially documented in the main exim specification or the 4.x versions, so will not be covered in detail here. However a couple of examples can be given 

  # Add a warning header if the sending host is in these
# DNSBLs but acccept the message (or rather leave it for
# later ACLs to accept/deny
warn message = X-blacklisted-at: $dnslist_domain
dnslists = blackholes.mail-abuse.org : \
dialup.mail-abuse.org
# Reject messages from senders listed in these DNSBLs
deny dnslists = blackholes.mail-abuse.org

Documentation on these features can be found in the specification section on Access Control Lists.

RBL Configuration Options

These are fully detailed in the Exim Specification Document. The specific section on RBL is here and the rbl directives are documented starting here

A typical configuration would be a mail system which rejects mail from machines that appear within either the MAPS RBL list or the MAPS DUL (Dial-Up List), and also checks hosts in the RSS lists but only marking each message has coming via an RBLed host rather than rejecting them. Additionally all mail to the local postmaster always gets through, even if the host is in the MAPS RBL list. You also have a local private set of IPs which relay out through this mail server on net 192.168.0.0/24 - these cannot be contacted from outside your organisation so RBL is not an issue.

The configuration fragment (in the main part of the exim configuration file) to do this is:- 

# reject messages whose sending host is in MAPS/RBL & MAP/DUL
# add warning to messages whose sending host is in RSS
rbl_domains = blackholes.mail-abuse.org/reject : \
dialups.mail-abuse.org/reject : \
relays.mail-abuse.org/warn 
# check all hosts other than those on internal network
rbl_hosts = !192.168.0.0/24:0.0.0.0/0
# but allow mail to postmaster@my.dom.ain even from rejected host
recipients_reject_except = postmaster@my.dom.ain
# change some logging actions (collect more data)
rbl_log_headers 	# log headers of accepted RBLed messages
rbl_log_rcpt_count	# log recipient info of accepted RBLed messages
]]> http://www.rbl.org.za/index.php?action=artikel&cat=3&id=2&artlang=en Tue, 26 Aug 2008 08:26:00 GMT <![CDATA[Spammer Bounty Project]]>
  • R30,000 for a conviction in the High Court
  • R15,000 for a conviction in the Magistrates court
  • R7,500 for an admission of guilt fine

    • In order to qualify for the reward you must be a member of ISOC-ZA [*join here*], and provide evidence of the judicial process (i.e. you need to identify the spammer, report them to the police and follow up until the spammer is convicted).

    We encourage your participation in developing this wiki.

    Please keep reading to learn more how to become a spammer bounty hunter!

    http://wiki.isoc.org.za

     

    ]]>     http://www.rbl.org.za/index.php?action=artikel&cat=2&id=15&artlang=en Tue, 26 Aug 2008 08:25:00 GMT