...
The SpamAssassin Policy for DNSBL Inclusion is available at DnsBlocklistsInclusionPolicy
...
Block Lists
Support for the following DNSBLs is built-in, and shipped in the default configuration.
...
- URIBL http://www.uribl.com/ NOTE: URIBL is enabled as a "free for most" provider. See: http://www.uribl.com/about.shtml.
- Validity http://www.validity.com/ NOTE: Validity is enabled as a "free for most" provider..
Reputation
The following DNS checks have diverse levels of reputation:
...
- ISIPP Accreditation Database (IADB) http://www.isipp.com/email-accreditation/
- Mailspike http://www.mailspike.net/
- Sender Score Certified & Sender Score Safe List http://www.senderscorecertified.com/ (formerly Ironport Bonded Sender & Habeas Safelist)
...
- Wikipedia on DNSBLs http://wikipedia.org/wiki/DNSBL
- Dr. Jørgen Mash's DNS database list checker http://moensted.dk/spam/
- Weekly Blacklist Statistics (including hit rate and false positive rate) http://www.intra2net.com/en/support/antispam/
Note that it's extremely important to compare false positive rates (nonspam messages marked as spam), as well as spam hit-rates, when evaluating any anti-spam system, include DNS blocklists. (For example, a blocklist that returned a match for every single mail would 'catch all the spam', but would also mark every nonspam mail too.) Some of the above pages omit this information, so take with a pinch of salt.
...
- URIBL http://www.uribl.com/ (rule URIBL_BLOCKED)
- DNSWL http://www.dnswl.org/ (rule RCVD_IN_DNSWL_BLOCKED)
- Spamhaus http://www.spamhaus.org/
- SURBL http://www.surbl.org/ (rule SURBL_BLOCKED)
- Validity http://www.validity.com (rule VALIDITY_BLOCKED)
Q: This documentation doesn't seem to cover how to configure DNS-Blocklists. It says "Support for these is built-in" but I can't believe that all free BL's is called each time a mail is beeing checked. There must be a way to configure which to use.
A: You're right. You might look at the Mail::SpamAssassin::Conf documentation page which I admit doesn't really say how to configure which DNSBL to use, or the rules file 20_dnsbl_tests.cf, for internal details, but no clear examples of how to configure the inclusion of various DNSBLs either. For the latest list of DNSBLs you want to be using a recent SpamAssassin version (3.24.x 1 at the time of this correction) and sa-update, for the same reason that you wouldn't use an out-of-date virus scanner, but that also doesn't really have anything to do with the question.
If you don't want any DNSBLs used, put a line like
skip_rbl_checks 1
in your local.cf
To eliminate the use of a particular DNSBL, set the score to zero. Put lines like
score RCVD_IN_RFCI 0
score RCVD_IN_ORBS 0
score RCVD_IN_DSBL 0
in your local.cf if you don't want certain DNSBLs listed with RCVD_IN_* in 50_scores.cf to be used.
...
header __RCVD_IN_ZEN eval:check_rbl('zen', 'zen.spamhaus.org.')
So to disable it you'd use:
score __RCVD_IN_ZEN 0
To disable all DNSWL rules, use:
score __RCVD_IN_DNSWL 0
NOTE: As from SpamAssassin version 3.4 you may disable queries for any BL by adding: (local.cf)
...
- Yes! In fact, doing this is important to avoid false results from some DNS lists (e.g. DNSWL) if you have a large ISP and, if you're running a busy mailserver, this is essential for efficiency. See CachingNameserver.
Q: I'd like to penalize certain countries from which I get a lot of spam and almost no real mail. I can't seem to get it working with multiple countries.
...