On 03/25/2015 11:07 AM, Andy Wright wrote:
On Tue, 2015-03-24 at 10:07 +0530, Ramprasad Padmanabhan wrote:
How can I check if the domain used in from address is listed in
spamhaus DBL or the IP it resolves to is listed in SBL
I find all the URIBL_DBL_SPAM rules etc work only for urls in the
body not headers
That would be a nice feature for development if it is absolutely not
possible (gut feeling not). In addition to URIBL checks, it would be
useful to do a reverse DNS on the from address domain name and run it
through any preferred DNSBL.
iirc, SA has no eval for doing domain BL lookups on rdns.
If your trust DBL, you could probably do it with your MTA and outright
reject.
What you can do is use eval:check_rbl_envfrom to check sender against
SURBL/DBL/URIBL/etc
See attached sample *UNTESTED* rule file (dbl_env_from.cf)
Let us know if it works.
Axb
header __DBL_ENVFROMeval:check_rbl_envfrom('envfrom_dblspam',
'dbl.spamhaus.org.')
tflags __DBL_ENVFROMnet
header FROM_IN_DBL_SPAM eval:check_rbl_sub('envfrom_dblspam',
'127.0.1.2')
describe FROM_IN_DBL_SPAM Sender listed in DBL (spam domain)
tflags FROM_IN_DBL_SPAM net
score FROM_IN_DBL_SPAM 1.0