# SpamAssassin - URIDNSBL rules # # Please don't modify this file as your changes will be overwritten with # the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead. # See 'perldoc Mail::SpamAssassin::Conf' for details. # # <@LICENSE> # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to you under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at: # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # ########################################################################### # Requires the Mail::SpamAssassin::Plugin::URIDNSBL plugin be loaded. # Note that this plugin defines a new config setting, 'uridnsbl', # which lists the zones to look up in advance. The rules will # not hit unless each rule has a corresponding 'uridnsbl' line. ifplugin Mail::SpamAssassin::Plugin::URIDNSBL ########################################################################### ## Spamhaus uridnssub URIBL_SBL zen.spamhaus.org. A 127.0.0.2 body URIBL_SBL eval:check_uridnsbl('URIBL_SBL') describe URIBL_SBL Contains an URL listed in the SBL blocklist tflags URIBL_SBL net reuse URIBL_SBL if (version >= 3.004000) ifplugin Mail::SpamAssassin::Plugin::URIDNSBL uridnsbl URIBL_SBL_A sbl.spamhaus.org. A body URIBL_SBL_A eval:check_uridnsbl('URIBL_SBL_A') describe URIBL_SBL_A Contains URL's A record listed in the SBL blocklist tflags URIBL_SBL_A net a endif endif # DBL, http://www.spamhaus.org/dbl/ if can(Mail::SpamAssassin::Plugin::URIDNSBL::has_tflags_domains_only) urirhssub URIBL_DBL_SPAM dbl.spamhaus.org. A 127.0.1.2 body URIBL_DBL_SPAM eval:check_uridnsbl('URIBL_DBL_SPAM') describe URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist tflags URIBL_DBL_SPAM net domains_only urirhssub URIBL_DBL_REDIR dbl.spamhaus.org. A 127.0.1.3 body URIBL_DBL_REDIR eval:check_uridnsbl('URIBL_DBL_REDIRECTOR') describe URIBL_DBL_REDIR Contains a URL listed in the DBL as a spammed redirector domain tflags URIBL_DBL_REDIR net domains_only # this indicates that IP-address queries were sent to DBL, and should # never appear; if it does, something is wrong with SpamAssassin urirhssub URIBL_DBL_ERROR dbl.spamhaus.org. A 127.0.1.255 body URIBL_DBL_ERROR eval:check_uridnsbl('URIBL_DBL_ERROR') describe URIBL_DBL_ERROR Error: queried the DBL blocklist for an IP tflags URIBL_DBL_ERROR net domains_only endif ########################################################################### ## SURBL urirhssub URIBL_SC_SURBL multi.surbl.org. A 2 body URIBL_SC_SURBL eval:check_uridnsbl('URIBL_SC_SURBL') describe URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist tflags URIBL_SC_SURBL net reuse URIBL_SC_SURBL urirhssub URIBL_WS_SURBL multi.surbl.org. A 4 body URIBL_WS_SURBL eval:check_uridnsbl('URIBL_WS_SURBL') describe URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist tflags URIBL_WS_SURBL net reuse URIBL_WS_SURBL urirhssub URIBL_PH_SURBL multi.surbl.org. A 8 body URIBL_PH_SURBL eval:check_uridnsbl('URIBL_PH_SURBL') describe URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist tflags URIBL_PH_SURBL net reuse URIBL_PH_SURBL #DEPRECATED 10/22/2012 - BUG 6853 - TO BECOME MW 5-1-2013 #urirhssub URIBL_MW_SURBL multi.surbl.org. A 16 #body URIBL_MW_SURBL eval:check_uridnsbl('URIBL_MW_SURBL') #describe URIBL_MW_SURBL Contains a Malware Domain or IP listed in the MW SURBL blocklist #tflags URIBL_MW_SURBL net #reuse URIBL_MW_SURBL urirhssub URIBL_AB_SURBL multi.surbl.org. A 32 body URIBL_AB_SURBL eval:check_uridnsbl('URIBL_AB_SURBL') describe URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist tflags URIBL_AB_SURBL net reuse URIBL_AB_SURBL urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') describe URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist tflags URIBL_JP_SURBL net reuse URIBL_JP_SURBL ########################################################################### ## URIBL urirhssub URIBL_BLACK multi.uribl.com. A 2 body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') describe URIBL_BLACK Contains an URL listed in the URIBL blacklist tflags URIBL_BLACK net reuse URIBL_BLACK urirhssub URIBL_GREY multi.uribl.com. A 4 body URIBL_GREY eval:check_uridnsbl('URIBL_GREY') describe URIBL_GREY Contains an URL listed in the URIBL greylist tflags URIBL_GREY net reuse URIBL_GREY urirhssub URIBL_RED multi.uribl.com. A 8 body URIBL_RED eval:check_uridnsbl('URIBL_RED') describe URIBL_RED Contains an URL listed in the URIBL redlist tflags URIBL_RED net reuse URIBL_RED #URIBL BLOCK RULES - Bit 1 means your DNS has been blocked and this rule should be triggered to notify you. urirhssub URIBL_BLOCKED multi.uribl.com. A 1 body URIBL_BLOCKED eval:check_uridnsbl('URIBL_BLOCKED') describe URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information. tflags URIBL_BLOCKED net noautolearn reuse URIBL_BLOCKED ########################################################################### ## DOMAINS TO SKIP (KNOWN GOOD) # Don't bother looking for example domains as per RFC 2606. uridnsbl_skip_domain example.com example.net example.org # MUA CSS class definitions uridnsbl_skip_domain div.tk p.tk li.tk no.tk # (roughly) top 200 domains not blacklisted by SURBL uridnsbl_skip_domain 126.com 163.com 2o7.net 4at1.com uridnsbl_skip_domain 5iantlavalamp.com about.com adelphia.net adobe.com uridnsbl_skip_domain agora-inc.com agoramedia.com akamai.net uridnsbl_skip_domain akamaitech.net amazon.com ancestry.com aol.com uridnsbl_skip_domain apache.org apple.com arcamax.com astrology.com uridnsbl_skip_domain atdmt.com att.net bbc.co.uk uridnsbl_skip_domain bcentral.com bellsouth.net bfi0.com uridnsbl_skip_domain bridgetrack.com cafe24.com charter.net uridnsbl_skip_domain citibank.com citizensbank.com cjb.net uridnsbl_skip_domain classmates.com clickbank.net cnet.com uridnsbl_skip_domain cnn.com com.com com.ne.kr comcast.net uridnsbl_skip_domain corporate-ir.net cox.net cs.com uridnsbl_skip_domain custhelp.com daum.net dd.se debian.org uridnsbl_skip_domain dell.com directtrack.com directnic.com domain.com uridnsbl_skip_domain dsbl.org earthlink.net ebay.co.uk ebay.com uridnsbl_skip_domain ebayimg.com ebaystatic.com edgesuite.net ediets.com uridnsbl_skip_domain egroups.com emode.com excite.com f-secure.com uridnsbl_skip_domain free.fr freebsd.org uridnsbl_skip_domain gentoo.org geocities.com gmail.com gmx.net uridnsbl_skip_domain go.com google.com googleadservices.com grisoft.com uridnsbl_skip_domain hallmark.com hinet.net hotbar.com hotmail.com uridnsbl_skip_domain hotpop.com hp.com ibm.com incredimail.com uridnsbl_skip_domain investorplace.com ivillage.com joingevalia.com uridnsbl_skip_domain juno.com kernel.org livejournal.com lycos.com uridnsbl_skip_domain m7z.net mac.com macromedia.com uridnsbl_skip_domain mail.com mail.ru mailscanner.info marketwatch.com uridnsbl_skip_domain mcafee.com mchsi.com messagelabs.com uridnsbl_skip_domain microsoft.com military.com mindspring.com mit.edu uridnsbl_skip_domain monster.com msn.com nate.com uridnsbl_skip_domain netflix.com netscape.com netscape.net netzero.net uridnsbl_skip_domain norman.com nytimes.com optonline.net osdn.com uridnsbl_skip_domain overstock.com pacbell.net pandasoftware.com uridnsbl_skip_domain paypal.com peoplepc.com plaxo.com uridnsbl_skip_domain prodigy.net radaruol.com.br uridnsbl_skip_domain real.com redhat.com regions.com regionsnet.com uridnsbl_skip_domain rogers.com rr.com sbcglobal.net sec.gov sf.net uridnsbl_skip_domain shaw.ca shockwave.com smithbarney.com uridnsbl_skip_domain sourceforge.net spamcop.net speedera.net sportsline.com uridnsbl_skip_domain sun.com suntrust.com sympatico.ca t-online.de uridnsbl_skip_domain tails.nl telus.net terra.com.br ticketmaster.com uridnsbl_skip_domain tinyurl.com tiscali.co.uk tom.com uridnsbl_skip_domain tone.co.nz tux.org uol.com.br uridnsbl_skip_domain ups.com verizon.net w3.org usps.com uridnsbl_skip_domain wamu.com wanadoo.fr washingtonpost.com weatherbug.com uridnsbl_skip_domain web.de webshots.com webtv.net wsj.com uridnsbl_skip_domain yahoo.ca yahoo.co.kr yahoo.co.uk uridnsbl_skip_domain yahoo.com yahoo.com.br yahoogroups.com yimg.com uridnsbl_skip_domain yopi.de yoursite.com zdnet.com uridnsbl_skip_domain openxmlformats.org passport.com xmlsoap.org # wtogami's most frequent known good URIDNSBL lookups (1/1/2011) uridnsbl_skip_domain alexa.com ask.com baidu.com bing.com craigslist.org uridnsbl_skip_domain doubleclick.com ebay.de facebook.com flickr.com godaddy.com uridnsbl_skip_domain google.co.in google.it mozilla.com myspace.com rediff.com uridnsbl_skip_domain twitter.com wordpress.com yahoo.co.jp youtube.com # axb's frequent known good URIDNSBL lookups uridnsbl_skip_domain fedex.com uridnsbl_skip_domain openoffice.org endif # Mail::SpamAssassin::Plugin::URIDNSBL