Super RBL fun pack!

Users tips and ideas

Moderators: FlorianB, Pascal, bourgeois, mentor

User avatar
ChrisKnight
Posts: 15
Joined: Sat Nov 01, 2014 6:39 pm
How did you hear about Mailcleaner: googling for an anti-spam solution

Super RBL fun pack!

Postby ChrisKnight » Thu Nov 06, 2014 4:34 pm

Update: Fixed a typo.

While I don't recommend using all of these RBLs, I scripted the installation of all of them because they are the ones used by the Anti-Abuse Project's multi-RBL checker. Running these commands as root on your box will add 58 RBLs to your available options.

Also, if you are using AHBL you may want to stop soon. That particular RBL is dead. :( http://www.ahbl.org/content/changes-ahbl

Code: Select all

cat <<END  | /usr/mailcleaner/bin/mc_mysql -m
use mc_config;
insert into dnslist values ("ACCESSREDHAWKORG", 'access.redhawk.org.', 'blacklist', 1, '<a target="_blank" href="http://www.redhawk.org/index.php?option=com_wrapper&Itemid=33">http://www.redhawk.org/index.php?option=com_wrapper&Itemid=33</a>' );
insert into dnslist values ("BBARRACUDACENTRALORG", 'b.barracudacentral.org.', 'blacklist', 1, '<a target="_blank" href="http://www.barracudacentral.org/rbl/removal-request">http://www.barracudacentral.org/rbl/removal-request</a>' );
insert into dnslist values ("BLACKHOLESMAILABUSEORG", 'blackholes.mail-abuse.org.', 'blacklist', 1, '<a target="_blank" href="http://www.mail-abuse.com/lookup.html">http://www.mail-abuse.com/lookup.html</a>' );
insert into dnslist values ("BLSPAMCANNIBALORG", 'bl.spamcannibal.org.', 'blacklist', 1, '<a target="_blank" href="http://www.spamcannibal.org">http://www.spamcannibal.org</a>' );
insert into dnslist values ("BOGONSCYMRUCOM", 'bogons.cymru.com.', 'blacklist', 1, '<a target="_blank" href="http://www.team-cymru.org/Services/Bogons/">http://www.team-cymru.org/Services/Bogons/</a>' );
insert into dnslist values ("CBLABUSEATORG", 'cbl.abuseat.org.', 'blacklist', 1, '<a target="_blank" href="http://cbl.abuseat.org">http://cbl.abuseat.org</a>' );
insert into dnslist values ("CBLANTISPAMORGCN", 'cbl.anti-spam.org.cn.', 'blacklist', 1, '<a target="_blank" href="http://www.anti-spam.org.cn/?Locale=en_US">http://www.anti-spam.org.cn/?Locale=en_US</a>' );
insert into dnslist values ("CDLANTISPAMORGCN", 'cdl.anti-spam.org.cn.', 'blacklist', 1, '<a target="_blank" href="http://www.anti-spam.org.cn/?Locale=en_US">http://www.anti-spam.org.cn/?Locale=en_US</a>' );
insert into dnslist values ("COMBINEDNJABLORG", 'combined.njabl.org.', 'blacklist', 1, '<a target="_blank" href="http://combined.njabl.org">http://combined.njabl.org</a>' );
insert into dnslist values ("CSICLOUDMARKCOM", 'csi.cloudmark.com.', 'blacklist', 1, '<a target="_blank" href="http://www.cloudmark.com/en/products/cloudmark-sender-intelligence/index">http://www.cloudmark.com/en/products/cloudmark-sender-intelligence/index</a>' );
insert into dnslist values ("DBWPBLINFO", 'db.wpbl.info.', 'blacklist', 1, '<a target="_blank" href="http://www.wpbl.info">http://www.wpbl.info</a>' );
insert into dnslist values ("DNSBLAHBLORG", 'dnsbl.ahbl.org.', 'blacklist', 1, '<a target="_blank" href="http://www.ahbl.org/documents/dnsbl">http://www.ahbl.org/documents/dnsbl</a>' );
insert into dnslist values ("DNSBLDRONEBLORG", 'dnsbl.dronebl.org.', 'blacklist', 1, '<a target="_blank" href="http://www.dronebl.org">http://www.dronebl.org</a>' );
insert into dnslist values ("DNSBLINPSDE", 'dnsbl.inps.de.', 'blacklist', 1, '<a target="_blank" href="http://dnsbl.inps.de/index.cgi?lang=en">http://dnsbl.inps.de/index.cgi?lang=en</a>' );
insert into dnslist values ("DRONEABUSECH", 'drone.abuse.ch.', 'blacklist', 1, '<a target="_blank" href="http://dnsbl.abuse.ch">http://dnsbl.abuse.ch</a>' );
insert into dnslist values ("DSNRFCIGNORANTORG", 'dsn.rfc-ignorant.org.', 'blacklist', 1, '<a target="_blank" href="http://www.rfc-ignorant.org/policy-dsn.php">http://www.rfc-ignorant.org/policy-dsn.php</a>' );
insert into dnslist values ("DULDNSBLSORBSNET", 'dul.dnsbl.sorbs.net.', 'blacklist', 1, '<a target="_blank" href="http://www.sorbs.net">http://www.sorbs.net</a>' );
insert into dnslist values ("DULRU", 'dul.ru.', 'blacklist', 1, '<a target="_blank" href="http://dul.ru/dul.en.html">http://dul.ru/dul.en.html</a>' );
insert into dnslist values ("DYNASPAMRATSCOM", 'dyna.spamrats.com.', 'blacklist', 1, '<a target="_blank" href="http://www.spamrats.com">http://www.spamrats.com</a>' );
insert into dnslist values ("HTTPBLABUSECH", 'httpbl.abuse.ch.', 'blacklist', 1, '<a target="_blank" href="http://dnsbl.abuse.ch">http://dnsbl.abuse.ch</a>' );
insert into dnslist values ("HTTPDNSBLSORBSNET", 'http.dnsbl.sorbs.net.', 'blacklist', 1, '<a target="_blank" href="http://www.sorbs.net">http://www.sorbs.net</a>' );
insert into dnslist values ("IPSBACKSCATTERERORG", 'ips.backscatterer.org.', 'blacklist', 1, '<a target="_blank" href="http://www.backscatterer.org">http://www.backscatterer.org</a>' );
insert into dnslist values ("IRCBLAHBLORG", 'ircbl.ahbl.org.', 'blacklist', 1, '<a target="_blank" href="http://www.ahbl.org/documents/ircbl">http://www.ahbl.org/documents/ircbl</a>' );
insert into dnslist values ("IXDNSBLMANITUNET", 'ix.dnsbl.manitu.net.', 'blacklist', 1, '<a target="_blank" href="http://www.dnsbl.manitu.net">http://www.dnsbl.manitu.net</a>' );
insert into dnslist values ("KOREASERVICESNET", 'korea.services.net.', 'blacklist', 1, '<a target="_blank" href="http://korea.services.net">http://korea.services.net</a>' );
insert into dnslist values ("MISCDNSBLSORBSNET", 'misc.dnsbl.sorbs.net.', 'blacklist', 1, '<a target="_blank" href="http://www.sorbs.net">http://www.sorbs.net</a>' );
insert into dnslist values ("MULTISURBLORG", 'multi.surbl.org.', 'blacklist', 1, '<a target="_blank" href="http://www.surbl.org">http://www.surbl.org</a>' );
insert into dnslist values ("NETBLOCKPEDANTICORG", 'netblock.pedantic.org.', 'blacklist', 1, '<a target="_blank" href="http://pedantic.org">http://pedantic.org</a>' );
insert into dnslist values ("NOPTRSPAMRATSCOM", 'noptr.spamrats.com.', 'blacklist', 1, '<a target="_blank" href="http://www.spamrats.com">http://www.spamrats.com</a>' );
insert into dnslist values ("OPMTORNEVALLORG", 'opm.tornevall.org.', 'blacklist', 1, '<a target="_blank" href="http://dnsbl.tornevall.org">http://dnsbl.tornevall.org</a>' );
insert into dnslist values ("PBLSPAMHAUSORG", 'pbl.spamhaus.org.', 'blacklist', 1, '<a target="_blank" href="http://www.spamhaus.org/pbl/">http://www.spamhaus.org/pbl/</a>' );
insert into dnslist values ("PSBLSURRIELCOM", 'psbl.surriel.com.', 'blacklist', 1, '<a target="_blank" href="http://psbl.surriel.com">http://psbl.surriel.com</a>' );
insert into dnslist values ("QUERYSENDERBASEORG", 'query.senderbase.org.', 'blacklist', 1, '<a target="_blank" href="http://www.senderbase.org/about">http://www.senderbase.org/about</a>' );
insert into dnslist values ("RBLEFNETRBLORG", 'rbl.efnetrbl.org.', 'blacklist', 1, '<a target="_blank" href="http://rbl.efnetrbl.org">http://rbl.efnetrbl.org</a>' );
insert into dnslist values ("RBLINTERSERVERNET", 'rbl.interserver.net.', 'blacklist', 1, '<a target="_blank" href="http://rbl.interserver.net">http://rbl.interserver.net</a>' );
insert into dnslist values ("RBLPLUSMAILABUSEORG", 'rbl-plus.mail-abuse.org.', 'blacklist', 1, '<a target="_blank" href="http://www.mail-abuse.com/lookup.html">http://www.mail-abuse.com/lookup.html</a>' );
insert into dnslist values ("RBLSPAMLABCOM", 'rbl.spamlab.com.', 'blacklist', 1, '<a target="_blank" href="http://tools.appriver.com/index.aspx?tool=rbl">http://tools.appriver.com/index.aspx?tool=rbl</a>' );
insert into dnslist values ("RBLSURESUPPORTCOM", 'rbl.suresupport.com.', 'blacklist', 1, '<a target="_blank" href="http://suresupport.com/postmaster">http://suresupport.com/postmaster</a>' );
insert into dnslist values ("RELAYSMAILABUSEORG", 'relays.mail-abuse.org.', 'blacklist', 1, '<a target="_blank" href="http://www.mail-abuse.com/lookup.html">http://www.mail-abuse.com/lookup.html</a>' );
insert into dnslist values ("SBLSPAMHAUSORG", 'sbl.spamhaus.org.', 'blacklist', 1, '<a target="_blank" href="http://www.spamhaus.org/sbl/">http://www.spamhaus.org/sbl/</a>' );
insert into dnslist values ("SHORTRBLJP", 'short.rbl.jp.', 'blacklist', 1, '<a target="_blank" href="http://www.rbl.jp">http://www.rbl.jp</a>' );
insert into dnslist values ("SMTPDNSBLSORBSNET", 'smtp.dnsbl.sorbs.net.', 'blacklist', 1, '<a target="_blank" href="http://www.sorbs.net">http://www.sorbs.net</a>' );
insert into dnslist values ("SOCKSDNSBLSORBSNET", 'socks.dnsbl.sorbs.net.', 'blacklist', 1, '<a target="_blank" href="http://www.sorbs.net">http://www.sorbs.net</a>' );
insert into dnslist values ("SPAMDNSBLSORBSNET", 'spam.dnsbl.sorbs.net.', 'blacklist', 1, '<a target="_blank" href="http://www.sorbs.net">http://www.sorbs.net</a>' );
insert into dnslist values ("SPAMGUARDLEADMONNET", 'spamguard.leadmon.net.', 'blacklist', 1, '<a target="_blank" href="http://www.leadmon.net/SpamGuard/">http://www.leadmon.net/SpamGuard/</a>' );
insert into dnslist values ("SPAMRBLIMPCH", 'spamrbl.imp.ch.', 'blacklist', 1, '<a target="_blank" href="http://antispam.imp.ch">http://antispam.imp.ch</a>' );
insert into dnslist values ("SPAMSPAMRATSCOM", 'spam.spamrats.com.', 'blacklist', 1, '<a target="_blank" href="http://www.spamrats.com">http://www.spamrats.com</a>' );
insert into dnslist values ("TORDANMEUK", 'tor.dan.me.uk.', 'blacklist', 1, '<a target="_blank" href="https://www.dan.me.uk/dnsbl">https://www.dan.me.uk/dnsbl</a>' );
insert into dnslist values ("UBLUNSUBSCORECOM", 'ubl.unsubscore.com.', 'blacklist', 1, '<a target="_blank" href="http://www.lashback.com/blacklist/">http://www.lashback.com/blacklist/</a>' );
insert into dnslist values ("UCEPROTECTA", 'dnsbl-1.uceprotect.net.', 'blacklist', 1, '<a target="_blank" href="http://www.uceprotect.net">http://www.uceprotect.net</a>' );
insert into dnslist values ("UCEPROTECTB", 'dnsbl-2.uceprotect.net.', 'blacklist', 1, '<a target="_blank" href="http://www.uceprotect.net">http://www.uceprotect.net</a>' );
insert into dnslist values ("UCEPROTECTC", 'dnsbl-3.uceprotect.net.', 'blacklist', 1, '<a target="_blank" href="http://www.uceprotect.net">http://www.uceprotect.net</a>' );
insert into dnslist values ("VIRBLBITNL", 'virbl.bit.nl.', 'blacklist', 1, '<a target="_blank" href="http://virbl.bit.nl">http://virbl.bit.nl</a>' );
insert into dnslist values ("VIRUSRBLJP", 'virus.rbl.jp.', 'blacklist', 1, '<a target="_blank" href="http://www.rbl.jp">http://www.rbl.jp</a>' );
insert into dnslist values ("WEBDNSBLSORBSNET", 'web.dnsbl.sorbs.net.', 'blacklist', 1, '<a target="_blank" href="http://www.sorbs.net">http://www.sorbs.net</a>' );
insert into dnslist values ("WORMRBLIMPCH", 'wormrbl.imp.ch.', 'blacklist', 1, '<a target="_blank" href="http://antispam.imp.ch">http://antispam.imp.ch</a>' );
insert into dnslist values ("XBLSPAMHAUSORG", 'xbl.spamhaus.org.', 'blacklist', 1, '<a target="_blank" href="http://www.spamhaus.org/xbl/">http://www.spamhaus.org/xbl/</a>' );
insert into dnslist values ("ZOMBIEDNSBLSORBSNET", 'zombie.dnsbl.sorbs.net.', 'blacklist', 1, '<a target="_blank" href="http://www.sorbs.net">http://www.sorbs.net</a>' );
END

cat <<END > /usr/mailcleaner/etc/rbls/ACCESSREDHAWKORG.cf
name=ACCESSREDHAWKORG
type=IPRBL
dnsname=access.redhawk.org
sublist=127.0.0.d+,ACCESSREDHAWKORG,access.redhawk.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/BBARRACUDACENTRALORG.cf
name=BBARRACUDACENTRALORG
type=IPRBL
dnsname=b.barracudacentral.org
sublist=127.0.0.d+,BBARRACUDACENTRALORG,b.barracudacentral.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/BLACKHOLESMAILABUSEORG.cf
name=BLACKHOLESMAILABUSEORG
type=IPRBL
dnsname=blackholes.mail-abuse.org
sublist=127.0.0.d+,BLACKHOLESMAILABUSEORG,blackholes.mail-abuse.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/BLSPAMCANNIBALORG.cf
name=BLSPAMCANNIBALORG
type=IPRBL
dnsname=bl.spamcannibal.org
sublist=127.0.0.d+,BLSPAMCANNIBALORG,bl.spamcannibal.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/BOGONSCYMRUCOM.cf
name=BOGONSCYMRUCOM
type=IPRBL
dnsname=bogons.cymru.com
sublist=127.0.0.d+,BOGONSCYMRUCOM,bogons.cymru.com list
END

cat <<END > /usr/mailcleaner/etc/rbls/CBLABUSEATORG.cf
name=CBLABUSEATORG
type=IPRBL
dnsname=cbl.abuseat.org
sublist=127.0.0.d+,CBLABUSEATORG,cbl.abuseat.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/CBLANTISPAMORGCN.cf
name=CBLANTISPAMORGCN
type=IPRBL
dnsname=cbl.anti-spam.org.cn
sublist=127.0.0.d+,CBLANTISPAMORGCN,cbl.anti-spam.org.cn list
END

cat <<END > /usr/mailcleaner/etc/rbls/CDLANTISPAMORGCN.cf
name=CDLANTISPAMORGCN
type=IPRBL
dnsname=cdl.anti-spam.org.cn
sublist=127.0.0.d+,CDLANTISPAMORGCN,cdl.anti-spam.org.cn list
END

cat <<END > /usr/mailcleaner/etc/rbls/COMBINEDNJABLORG.cf
name=COMBINEDNJABLORG
type=IPRBL
dnsname=combined.njabl.org
sublist=127.0.0.d+,COMBINEDNJABLORG,combined.njabl.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/CSICLOUDMARKCOM.cf
name=CSICLOUDMARKCOM
type=IPRBL
dnsname=csi.cloudmark.com
sublist=127.0.0.d+,CSICLOUDMARKCOM,csi.cloudmark.com list
END

cat <<END > /usr/mailcleaner/etc/rbls/DBWPBLINFO.cf
name=DBWPBLINFO
type=IPRBL
dnsname=db.wpbl.info
sublist=127.0.0.d+,DBWPBLINFO,db.wpbl.info list
END

cat <<END > /usr/mailcleaner/etc/rbls/DNSBLAHBLORG.cf
name=DNSBLAHBLORG
type=IPRBL
dnsname=dnsbl.ahbl.org
sublist=127.0.0.d+,DNSBLAHBLORG,dnsbl.ahbl.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/DNSBLDRONEBLORG.cf
name=DNSBLDRONEBLORG
type=IPRBL
dnsname=dnsbl.dronebl.org
sublist=127.0.0.d+,DNSBLDRONEBLORG,dnsbl.dronebl.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/DNSBLINPSDE.cf
name=DNSBLINPSDE
type=IPRBL
dnsname=dnsbl.inps.de
sublist=127.0.0.d+,DNSBLINPSDE,dnsbl.inps.de list
END

cat <<END > /usr/mailcleaner/etc/rbls/DRONEABUSECH.cf
name=DRONEABUSECH
type=IPRBL
dnsname=drone.abuse.ch
sublist=127.0.0.d+,DRONEABUSECH,drone.abuse.ch list
END

cat <<END > /usr/mailcleaner/etc/rbls/DSNRFCIGNORANTORG.cf
name=DSNRFCIGNORANTORG
type=IPRBL
dnsname=dsn.rfc-ignorant.org
sublist=127.0.0.d+,DSNRFCIGNORANTORG,dsn.rfc-ignorant.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/DULDNSBLSORBSNET.cf
name=DULDNSBLSORBSNET
type=IPRBL
dnsname=dul.dnsbl.sorbs.net
sublist=127.0.0.d+,DULDNSBLSORBSNET,dul.dnsbl.sorbs.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/DULRU.cf
name=DULRU
type=IPRBL
dnsname=dul.ru
sublist=127.0.0.d+,DULRU,dul.ru list
END

cat <<END > /usr/mailcleaner/etc/rbls/DYNASPAMRATSCOM.cf
name=DYNASPAMRATSCOM
type=IPRBL
dnsname=dyna.spamrats.com
sublist=127.0.0.d+,DYNASPAMRATSCOM,dyna.spamrats.com list
END

cat <<END > /usr/mailcleaner/etc/rbls/HTTPBLABUSECH.cf
name=HTTPBLABUSECH
type=IPRBL
dnsname=httpbl.abuse.ch
sublist=127.0.0.d+,HTTPBLABUSECH,httpbl.abuse.ch list
END

cat <<END > /usr/mailcleaner/etc/rbls/HTTPDNSBLSORBSNET.cf
name=HTTPDNSBLSORBSNET
type=IPRBL
dnsname=http.dnsbl.sorbs.net
sublist=127.0.0.d+,HTTPDNSBLSORBSNET,http.dnsbl.sorbs.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/IPSBACKSCATTERERORG.cf
name=IPSBACKSCATTERERORG
type=IPRBL
dnsname=ips.backscatterer.org
sublist=127.0.0.d+,IPSBACKSCATTERERORG,ips.backscatterer.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/IRCBLAHBLORG.cf
name=IRCBLAHBLORG
type=IPRBL
dnsname=ircbl.ahbl.org
sublist=127.0.0.d+,IRCBLAHBLORG,ircbl.ahbl.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/IXDNSBLMANITUNET.cf
name=IXDNSBLMANITUNET
type=IPRBL
dnsname=ix.dnsbl.manitu.net
sublist=127.0.0.d+,IXDNSBLMANITUNET,ix.dnsbl.manitu.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/KOREASERVICESNET.cf
name=KOREASERVICESNET
type=IPRBL
dnsname=korea.services.net
sublist=127.0.0.d+,KOREASERVICESNET,korea.services.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/MISCDNSBLSORBSNET.cf
name=MISCDNSBLSORBSNET
type=IPRBL
dnsname=misc.dnsbl.sorbs.net
sublist=127.0.0.d+,MISCDNSBLSORBSNET,misc.dnsbl.sorbs.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/MULTISURBLORG.cf
name=MULTISURBLORG
type=IPRBL
dnsname=multi.surbl.org
sublist=127.0.0.d+,MULTISURBLORG,multi.surbl.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/NETBLOCKPEDANTICORG.cf
name=NETBLOCKPEDANTICORG
type=IPRBL
dnsname=netblock.pedantic.org
sublist=127.0.0.d+,NETBLOCKPEDANTICORG,netblock.pedantic.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/NOPTRSPAMRATSCOM.cf
name=NOPTRSPAMRATSCOM
type=IPRBL
dnsname=noptr.spamrats.com
sublist=127.0.0.d+,NOPTRSPAMRATSCOM,noptr.spamrats.com list
END

cat <<END > /usr/mailcleaner/etc/rbls/OPMTORNEVALLORG.cf
name=OPMTORNEVALLORG
type=IPRBL
dnsname=opm.tornevall.org
sublist=127.0.0.d+,OPMTORNEVALLORG,opm.tornevall.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/PBLSPAMHAUSORG.cf
name=PBLSPAMHAUSORG
type=IPRBL
dnsname=pbl.spamhaus.org
sublist=127.0.0.d+,PBLSPAMHAUSORG,pbl.spamhaus.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/PSBLSURRIELCOM.cf
name=PSBLSURRIELCOM
type=IPRBL
dnsname=psbl.surriel.com
sublist=127.0.0.d+,PSBLSURRIELCOM,psbl.surriel.com list
END

cat <<END > /usr/mailcleaner/etc/rbls/QUERYSENDERBASEORG.cf
name=QUERYSENDERBASEORG
type=IPRBL
dnsname=query.senderbase.org
sublist=127.0.0.d+,QUERYSENDERBASEORG,query.senderbase.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/RBLEFNETRBLORG.cf
name=RBLEFNETRBLORG
type=IPRBL
dnsname=rbl.efnetrbl.org
sublist=127.0.0.d+,RBLEFNETRBLORG,rbl.efnetrbl.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/RBLINTERSERVERNET.cf
name=RBLINTERSERVERNET
type=IPRBL
dnsname=rbl.interserver.net
sublist=127.0.0.d+,RBLINTERSERVERNET,rbl.interserver.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/RBLPLUSMAILABUSEORG.cf
name=RBLPLUSMAILABUSEORG
type=IPRBL
dnsname=rbl-plus.mail-abuse.org
sublist=127.0.0.d+,RBLPLUSMAILABUSEORG,rbl-plus.mail-abuse.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/RBLSPAMLABCOM.cf
name=RBLSPAMLABCOM
type=IPRBL
dnsname=rbl.spamlab.com
sublist=127.0.0.d+,RBLSPAMLABCOM,rbl.spamlab.com list
END

cat <<END > /usr/mailcleaner/etc/rbls/RBLSURESUPPORTCOM.cf
name=RBLSURESUPPORTCOM
type=IPRBL
dnsname=rbl.suresupport.com
sublist=127.0.0.d+,RBLSURESUPPORTCOM,rbl.suresupport.com list
END

cat <<END > /usr/mailcleaner/etc/rbls/RELAYSMAILABUSEORG.cf
name=RELAYSMAILABUSEORG
type=IPRBL
dnsname=relays.mail-abuse.org
sublist=127.0.0.d+,RELAYSMAILABUSEORG,relays.mail-abuse.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/SBLSPAMHAUSORG.cf
name=SBLSPAMHAUSORG
type=IPRBL
dnsname=sbl.spamhaus.org
sublist=127.0.0.d+,SBLSPAMHAUSORG,sbl.spamhaus.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/SHORTRBLJP.cf
name=SHORTRBLJP
type=IPRBL
dnsname=short.rbl.jp
sublist=127.0.0.d+,SHORTRBLJP,short.rbl.jp list
END

cat <<END > /usr/mailcleaner/etc/rbls/SMTPDNSBLSORBSNET.cf
name=SMTPDNSBLSORBSNET
type=IPRBL
dnsname=smtp.dnsbl.sorbs.net
sublist=127.0.0.d+,SMTPDNSBLSORBSNET,smtp.dnsbl.sorbs.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/SOCKSDNSBLSORBSNET.cf
name=SOCKSDNSBLSORBSNET
type=IPRBL
dnsname=socks.dnsbl.sorbs.net
sublist=127.0.0.d+,SOCKSDNSBLSORBSNET,socks.dnsbl.sorbs.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/SPAMDNSBLSORBSNET.cf
name=SPAMDNSBLSORBSNET
type=IPRBL
dnsname=spam.dnsbl.sorbs.net
sublist=127.0.0.d+,SPAMDNSBLSORBSNET,spam.dnsbl.sorbs.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/SPAMGUARDLEADMONNET.cf
name=SPAMGUARDLEADMONNET
type=IPRBL
dnsname=spamguard.leadmon.net
sublist=127.0.0.d+,SPAMGUARDLEADMONNET,spamguard.leadmon.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/SPAMRBLIMPCH.cf
name=SPAMRBLIMPCH
type=IPRBL
dnsname=spamrbl.imp.ch
sublist=127.0.0.d+,SPAMRBLIMPCH,spamrbl.imp.ch list
END

cat <<END > /usr/mailcleaner/etc/rbls/SPAMSPAMRATSCOM.cf
name=SPAMSPAMRATSCOM
type=IPRBL
dnsname=spam.spamrats.com
sublist=127.0.0.d+,SPAMSPAMRATSCOM,spam.spamrats.com list
END

cat <<END > /usr/mailcleaner/etc/rbls/TORDANMEUK.cf
name=TORDANMEUK
type=IPRBL
dnsname=tor.dan.me.uk
sublist=127.0.0.d+,TORDANMEUK,tor.dan.me.uk list
END

cat <<END > /usr/mailcleaner/etc/rbls/UBLUNSUBSCORECOM.cf
name=UBLUNSUBSCORECOM
type=IPRBL
dnsname=ubl.unsubscore.com
sublist=127.0.0.d+,UBLUNSUBSCORECOM,ubl.unsubscore.com list
END

cat <<END > /usr/mailcleaner/etc/rbls/UCEPROTECTA.cf
name=UCEPROTECTA
type=IPRBL
dnsname=dnsbl-1.uceprotect.net
sublist=127.0.0.d+,UCEPROTECTA,dnsbl-1.uceprotect.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/UCEPROTECTB.cf
name=UCEPROTECTB
type=IPRBL
dnsname=dnsbl-2.uceprotect.net
sublist=127.0.0.d+,UCEPROTECTB,dnsbl-2.uceprotect.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/UCEPROTECTC.cf
name=UCEPROTECTC
type=IPRBL
dnsname=dnsbl-3.uceprotect.net
sublist=127.0.0.d+,UCEPROTECTC,dnsbl-3.uceprotect.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/VIRBLBITNL.cf
name=VIRBLBITNL
type=IPRBL
dnsname=virbl.bit.nl
sublist=127.0.0.d+,VIRBLBITNL,virbl.bit.nl list
END

cat <<END > /usr/mailcleaner/etc/rbls/VIRUSRBLJP.cf
name=VIRUSRBLJP
type=IPRBL
dnsname=virus.rbl.jp
sublist=127.0.0.d+,VIRUSRBLJP,virus.rbl.jp list
END

cat <<END > /usr/mailcleaner/etc/rbls/WEBDNSBLSORBSNET.cf
name=WEBDNSBLSORBSNET
type=IPRBL
dnsname=web.dnsbl.sorbs.net
sublist=127.0.0.d+,WEBDNSBLSORBSNET,web.dnsbl.sorbs.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/WORMRBLIMPCH.cf
name=WORMRBLIMPCH
type=IPRBL
dnsname=wormrbl.imp.ch
sublist=127.0.0.d+,WORMRBLIMPCH,wormrbl.imp.ch list
END

cat <<END > /usr/mailcleaner/etc/rbls/XBLSPAMHAUSORG.cf
name=XBLSPAMHAUSORG
type=IPRBL
dnsname=xbl.spamhaus.org
sublist=127.0.0.d+,XBLSPAMHAUSORG,xbl.spamhaus.org list
END

cat <<END > /usr/mailcleaner/etc/rbls/ZOMBIEDNSBLSORBSNET.cf
name=ZOMBIEDNSBLSORBSNET
type=IPRBL
dnsname=zombie.dnsbl.sorbs.net
sublist=127.0.0.d+,ZOMBIEDNSBLSORBSNET,zombie.dnsbl.sorbs.net list
END



Last edited by ChrisKnight on Fri Nov 14, 2014 9:48 pm, edited 1 time in total.
User avatar
toothycardus
Posts: 293
Joined: Fri Jul 13, 2012 11:51 am
How did you hear about Mailcleaner: Google
Location: United Kingdom

Re: Super RBL fun pack!

Postby toothycardus » Thu Nov 06, 2014 5:10 pm

Nice! :)
cglmicro
Posts: 257
Joined: Thu Mar 07, 2013 2:12 am
How did you hear about Mailcleaner: google

Re: Super RBL fun pack!

Postby cglmicro » Fri Nov 07, 2014 4:21 am

Woooooow !
I feel like a kid in a candy store.
If I ask you all to choose a top ten, what would you use and where (stage 1, prerbl, spamc) ?
Thanks.
cglmicro
Posts: 257
Joined: Thu Mar 07, 2013 2:12 am
How did you hear about Mailcleaner: google

Re: Super RBL fun pack!

Postby cglmicro » Sat Nov 08, 2014 7:56 pm

2 things:

1) Shoudn't you add to /usr/mailcleaner/etc/mailscanner/dnsblacklists.conf:

Code: Select all

UCEPROTECTA      dnsbl-1.uceprotect.net
UCEPROTECTB      dnsbl-2.uceprotect.net
UCEPROTECTC      dnsbl-3.uceprotect.net
...


2) Watch for this error:

Code: Select all

cat <<END > /usr/mailcleaner/etc/rbls/UCEPROTECTA.cf
name=UCEPROTECTA
type=IPRBL
dnsname=dnsbl-2.uceprotect.net
sublist=127.0.0.\d+,UCEPROTECTA,dnsbl-1.uceprotect.net list
END

that should be:

Code: Select all

cat <<END > /usr/mailcleaner/etc/rbls/UCEPROTECTA.cf
name=UCEPROTECTA
type=IPRBL
dnsname=dnsbl-1.uceprotect.net
sublist=127.0.0.\d+,UCEPROTECTA,dnsbl-1.uceprotect.net list
END
Last edited by cglmicro on Thu Nov 13, 2014 1:54 pm, edited 1 time in total.
cglmicro
Posts: 257
Joined: Thu Mar 07, 2013 2:12 am
How did you hear about Mailcleaner: google

Re: Super RBL fun pack!

Postby cglmicro » Tue Nov 11, 2014 4:34 am

A follow up: just by adding uceprotect 1 in stage1, uceprotect 2 in prerbl and cbl.abuseat.org in SA, I went from 10 spams per users per day to 0~1 per days.
cglmicro
Posts: 257
Joined: Thu Mar 07, 2013 2:12 am
How did you hear about Mailcleaner: google

Re: Super RBL fun pack!

Postby cglmicro » Wed Nov 12, 2014 2:34 am

Another update: many spams are still getting through. Many where found only by TRUNCATE, so http://mxtoolbox.com/blacklists.aspx says.

So I've added this:

Code: Select all

cat <<END  | /usr/mailcleaner/bin/mc_mysql -m
use mc_config;
insert into dnslist values ("TRUNCATEGBUDBNET", 'truncate.gbudb.net.', 'blacklist', 1, '<a target="_blank" http://www.gbudb.com">http://www.gbudb.com</a>' );
END

cat <<END > /usr/mailcleaner/etc/rbls/TRUNCATEGBUDBNET.cf
name=TRUNCATEGBUDBNET
type=IPRBL
dnsname=truncate.gbudb.net
sublist=127.0.0.\d+,TRUNCATEGBUDBNET,truncate.gbudb.net list
END


And I also added to /usr/mailcleaner/etc/mailscanner/dnsblacklists.conf::

Code: Select all

TRUNCATEGBUDBNET      truncate.gbudb.net.


Will report back in 24 hours, maybe it can be usefull to someone.
Last edited by cglmicro on Thu Nov 13, 2014 1:53 pm, edited 1 time in total.
Julien
Posts: 31
Joined: Mon Jul 14, 2014 8:43 am
How did you hear about Mailcleaner: job

Re: Super RBL fun pack!

Postby Julien » Thu Nov 13, 2014 9:43 am

Hi,

Thank you for this good Job.
Two points :
    When you use a list, beware the politics of this list. I don't know your number of request to those lists but sometimes they have stong limitations or require spécific credentials.
    About the sublist part, I think a backslash have desapear (d+ -> \d+) :
    Exemple :

    Code: Select all

    sublist=127.0.0.\d+,TRUNCATEGBUDBNET,truncate.gbudb.net list

By the way, it is really interesting to analyze your list of lists :)
---
Julien
cglmicro
Posts: 257
Joined: Thu Mar 07, 2013 2:12 am
How did you hear about Mailcleaner: google

Re: Super RBL fun pack!

Postby cglmicro » Thu Nov 13, 2014 1:58 pm

Goooood catch Julien; I've modified my post and I suggest that Christknight do accordingly.

Maybe this modification will help, because it feels like these RBLS do nothing. Only Spamhaus zen and manitu are triggered sometime and not often enough.

I've also added LASHBACK yesterday, it's in MXTOOLBOX top three lists.

Be back tomorrow.

Edit: I've also increased the RBLS checks timeout to 20 seconds instead of 5 seconds just in case it needed more time and this could be the reason why not enough lists where verified/triggered.
User avatar
toothycardus
Posts: 293
Joined: Fri Jul 13, 2012 11:51 am
How did you hear about Mailcleaner: Google
Location: United Kingdom

Re: Super RBL fun pack!

Postby toothycardus » Thu Nov 13, 2014 5:10 pm

cglmicro wrote:
Edit: I've also increased the RBLS checks timeout to 20 seconds instead of 5 seconds just in case it needed more time and this could be the reason why not enough lists where verified/triggered.



have mine set to 60
User avatar
ChrisKnight
Posts: 15
Joined: Sat Nov 01, 2014 6:39 pm
How did you hear about Mailcleaner: googling for an anti-spam solution

Re: Super RBL fun pack!

Postby ChrisKnight » Fri Nov 14, 2014 9:58 pm

cglmicro wrote:2 things:

1) Shoudn't you add to /usr/mailcleaner/etc/mailscanner/dnsblacklists.conf:

Code: Select all

UCEPROTECTA      dnsbl-1.uceprotect.net
UCEPROTECTB      dnsbl-2.uceprotect.net
UCEPROTECTC      dnsbl-3.uceprotect.net
...



I don't worry about /usr/mailcleaner/etc/mailscanner/dnsblacklists.conf because it rebuilds when I run '/usr/mailcleaner/etc/init.d/mailscanner restart'

cglmicro wrote:2) Watch for this error:

Code: Select all

cat <<END > /usr/mailcleaner/etc/rbls/UCEPROTECTA.cf
name=UCEPROTECTA
type=IPRBL
dnsname=dnsbl-2.uceprotect.net
sublist=127.0.0.\d+,UCEPROTECTA,dnsbl-1.uceprotect.net list
END

that should be:

Code: Select all

cat <<END > /usr/mailcleaner/etc/rbls/UCEPROTECTA.cf
name=UCEPROTECTA
type=IPRBL
dnsname=dnsbl-1.uceprotect.net
sublist=127.0.0.\d+,UCEPROTECTA,dnsbl-1.uceprotect.net list
END


Thanks! I fixed that in the original post.
User avatar
ChrisKnight
Posts: 15
Joined: Sat Nov 01, 2014 6:39 pm
How did you hear about Mailcleaner: googling for an anti-spam solution

Re: Super RBL fun pack!

Postby ChrisKnight » Sat Nov 15, 2014 2:24 am

cglmicro wrote:A follow up: just by adding uceprotect 1 in stage1, uceprotect 2 in prerbl and cbl.abuseat.org in SA, I went from 10 spams per users per day to 0~1 per days.


How do I configure it to use cbl.abuseat.org in SA?
cglmicro
Posts: 257
Joined: Thu Mar 07, 2013 2:12 am
How did you hear about Mailcleaner: google

Re: Super RBL fun pack!

Postby cglmicro » Wed Nov 26, 2014 2:11 am

Now I've added MailSpike that got some good progression at MxToolBox Blacklist:

Code: Select all

cat <<END  | /usr/mailcleaner/bin/mc_mysql -m
use mc_config;
insert into dnslist values ("MAILSPIKEBL", 'z.mailspike.net.', 'blacklist', 1, '<a target="_blank" href="http://mailspike.org/iplookup.html">http://mailspike.org/iplookup.html</a>' );
END

cat <<END > /usr/mailcleaner/etc/rbls/MAILSPIKEBL.cf
name=MAILSPIKEBL
type=IPRBL
dnsname=z.mailspike.net
sublist=127.0.0.\d+,MAILSPIKEBL,z.mailspike.net list
END

cglmicro
Posts: 257
Joined: Thu Mar 07, 2013 2:12 am
How did you hear about Mailcleaner: google

Re: Super RBL fun pack!

Postby cglmicro » Wed Nov 26, 2014 2:14 pm

And now adding spamrats, but their ALL list:

Code: Select all

cat <<END  | /usr/mailcleaner/bin/mc_mysql -m
use mc_config;
insert into dnslist values ("ALLSPAMRATS", 'all.spamrats.com.', 'blacklist', 1, '<a target="_blank" href="http://www.spamrats.com/lookup.php">http://www.spamrats.com/lookup.php</a>' );
END

cat <<END > /usr/mailcleaner/etc/rbls/ALLSPAMRATS.cf
name=ALLSPAMRATS
type=IPRBL
dnsname=all.spamrats.com
sublist=127.0.0.\d+,ALLSPAMRATS,all.spamrats.com list
END
cglmicro
Posts: 257
Joined: Thu Mar 07, 2013 2:12 am
How did you hear about Mailcleaner: google

Re: Super RBL fun pack!

Postby cglmicro » Mon Dec 01, 2014 10:19 pm

And now adding PSBL for the same reasons:

Code: Select all

cat <<END  | /usr/mailcleaner/bin/mc_mysql -m
use mc_config;
insert into dnslist values ("PSBL", 'psbl.surriel.com.', 'blacklist', 1, '<a target="_blank" href="http://psbl.org/listing">http://psbl.org/listing</a>' );
END

cat <<END > /usr/mailcleaner/etc/rbls/PSBL.cf
name=PSBL
type=IPRBL
dnsname=psbl.surriel.com
sublist=127.0.0.\d+,PSBL,psbl.surriel.com list
END
cglmicro
Posts: 257
Joined: Thu Mar 07, 2013 2:12 am
How did you hear about Mailcleaner: google

Re: Super RBL fun pack!

Postby cglmicro » Mon Dec 15, 2014 1:54 am

Now adding SpamEatingMonkey in two places:

1st, with RBLs you enable in PRERBL and URIRBL after running this code as root:

Code: Select all

cat <<END  | /usr/mailcleaner/bin/mc_mysql -m
use mc_config;
insert into dnslist values ("SEMBACKSCATTER", 'backscatter.spameatingmonkey.net.', 'blacklist', 1, '<a target="_blank" href="http://spameatingmonkey.com/delist.html">http://spameatingmonkey.com/delist.html</a>' );
insert into dnslist values ("SEMBLACK", 'bl.spameatingmonkey.net.', 'blacklist', 1, '<a target="_blank" href="http://spameatingmonkey.com/delist.html">http://spameatingmonkey.com/delist.html</a>' );
insert into dnslist values ("SEMNETBLACK", 'netbl.spameatingmonkey.net.', 'blacklist', 1, '<a target="_blank" href="http://spameatingmonkey.com/delist.html">http://spameatingmonkey.com/delist.html</a>' );
insert into dnslist values ("SEMURI", 'uribl.spameatingmonkey.net.', 'blacklist', 1, '<a target="_blank" href="http://spameatingmonkey.com/delist.html">http://spameatingmonkey.com/delist.html</a>' );
insert into dnslist values ("SEMURIRED", 'urired.spameatingmonkey.net.', 'blacklist', 1, '<a target="_blank" href="http://spameatingmonkey.com/delist.html">http://spameatingmonkey.com/delist.html</a>' );
END

cat <<END > /usr/mailcleaner/etc/rbls/SEMBACKSCATTER.cf
name=SEMBACKSCATTER
type=IPRBL
dnsname=backscatter.spameatingmonkey.net
sublist=127.0.0.\d+,SEMBACKSCATTER,backscatter.spameatingmonkey.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/SEMBLACK.cf
name=SEMBLACK
type=IPRBL
dnsname=bl.spameatingmonkey.net
sublist=127.0.0.\d+,SEMBLACK,bl.spameatingmonkey.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/SEMNETBLACK.cf
name=SEMNETBLACK
type=IPRBL
dnsname=netbl.spameatingmonkey.net
sublist=127.0.0.\d+,SEMNETBLACK,netbl.spameatingmonkey.net list
END

cat <<END > /usr/mailcleaner/etc/rbls/SEMURI.cf
name=SEMURI
type=URIRBL
dnsname=uri.spameatingmonkey.net
sublist=127.0.0.\d+,SEMURI,URIBL blacklist
callonip=1
END

cat <<END > /usr/mailcleaner/etc/rbls/SEMURIRED.cf
name=SEMURIRED
type=URIRBL
dnsname=urired.spameatingmonkey.net
sublist=127.0.0.\d+,SEMURIRED,URIBL blacklist
callonip=1
END
/etc/init.d/mailcleaner restart


Note that:
- SEMURIRED is more rapid to ass new URLs and includes all that match also in SEMURI. Don't enable both.
- SEMNETBLACK is experimental and can include some FP. The IP ranges (or net block of address) grow and shrink has spam come from surrounding IP addresses. Enable at your own risks, I don't know the impact yet.

Now a fun feature that is “FRESH list”. It's should include domain names registered in the last 5 days, it's exactly the kind of spam some of my users receive. You need to add it to SpamAssassin and adjust the score has you wish:

Code: Select all

cat <<END > /usr/mailcleaner/share/spamassassin/semfresh.cf
# SEM-FRESH
urirhssub SEM_FRESH fresh.spameatingmonkey.net. A 2
body SEM_FRESH eval:check_uridnsbl('SEM_FRESH')
describe SEM_FRESH Contains a domain registered less than 5 days ago
tflags SEM_FRESH net
score SEM_FRESH 2.5
END


Some of these features are not tested yet, if you think I did a mistake, please tell me what is wrong.

Return to “Tips”

Who is online

Users browsing this forum: No registered users and 1 guest