SURBL

From QmailToaster
Revision as of 09:11, 16 March 2024 by Ebroch (talk | contribs) (Created page with "SURBLs (SURBL - Spam URI Realtime Blocklists) differ from most other RBLs in that they're used to detect spam based on message body URIs (usually web sites). Unlike most other RBLs, SURBLs are not used to identify spam senders. Instead they allow you to identify messages that have spam hosts which are mentioned in message bodies. Here's how to get emails checked against [http://www.surbl.org SURBL] via SpamAssassin with QMailToaster. REQUIRES: current spamassa...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

SURBLs (SURBL - Spam URI Realtime Blocklists) differ from most other RBLs in that they're used to detect spam based on message body URIs (usually web sites). Unlike most other RBLs, SURBLs are not used to identify spam senders. Instead they allow you to identify messages that have spam hosts which are mentioned in message bodies.

Here's how to get emails checked against SURBL via SpamAssassin with QMailToaster.

REQUIRES: current spamassassin-toaster and a caching DNS to be working, and perl modules Mail::SpamAssassin::Plugin::URIDNSBL and Net::DNS::Resolver


As an admin, do yourself a favor and subscribe to a spamassassin list. This will help you keep up with developments in the battle against spam. Subscribe to at least to the digest version. Visit: http://wiki.apache.org/spamassassin/MailingLists


1) Edit /var/qmail/supervise/spamd/run to be:

   exec /usr/bin/spamd -x -u vpopmail -s stderr 2>&1

(remove the -L switch, which forces only local rules to be used)


2) As root

   # cd /etc/mail/spamassassin
   # echo 'loadplugin Mail::SpamAssassin::Plugin::URIDNSBL' > local.pre

Note: 1) spamassassin reads all pre files in this directory on startup

     2) by creating a local.pre, you prevent a future upgrade of SA from
        rpmsave'ing (and thus disabling) your customizations without you
        realizing it.  some plugins that people frequently add---razor,
        pyzor, fuzzyocr (and so on)---are also affected, unless you do it in
        a local.pre or otherwise named your-name-choice.pre file


3) Test by running

   # sudo -u vpopmail -H spamassassin -D --lint

Note, it is ok to get:

   dbg: diag: module not installed: Net::Ident ('require' failed)
   dbg: diag: module not installed: IO::Socket::INET6 ('require' failed)
   dbg: diag: module not installed: Razor2::Client::Agent ('require' failed)

No other errors? You are good to go.


If the test fails with Net::DNS::Resolver is not installed, install it by doing:

   # yum install perl-Net-DNS.i386

Do the same for any other uninstalled modules, then repeat test above and fix until there are no warnings.


4) Restart the spamd daemon. You might want to use Jake's spamd script to do this. Otherwise, simply:

   # qmailctl stop
   # qmailctl start


5) Send yourself an email from outside your domain with http://surbl-org-permanent-test-point.com in the body to make sure the rule is operating properly. It should be tagged as spam big time.


Rules and scoring are stored at /usr/share/spamassassin/. 25_uribl.cf contains the SURBL rules, and 50_scores.cf contains scores for all rules.

Sit back and watch those spam scores rise and get rejected. :)