User Tools

Site Tools


doc:appunti:linux:sa:spamassassin_private_dnsbl

This is an old revision of the document!


How to use a private DNS Blocklist with SpamAssassin

Beside dnsbl.sorbs.net and zen.spamhaus.org

Configure the DNS

/var/cache/bind/bl.rigacci.org

$TTL 900     ; 15 minutes
bl.rigacci.org   IN SOA  ns1.rigacci.org. postmaster.rigacci.org. (
                1       ; serial
                3600    ; refresh (1 hour)
                600     ; retry (5 minutes)
                432000  ; expire (5 days)
                10      ; minimum (10 seconds)
                )

                NS      ns1.rigacci.org.
                NS      ns2.rigacci.org.

$ORIGIN bl.rigacci.org.
$TTL 900        ; 15 minutes

Generate the DNS key:

dnssec-keygen -a HMAC-MD5 -b 512 -n USER bl-rigacci-org_rndc-key

Get the secret from the generated private file:

cat Kbl-rigacci-org_rndc-key.+157+27575.private
...
Key: rg2aizg+T6XkKkmpI42K7g==
...

/etc/bind/bl-rigacci-org_rndc-key

Be sure to set the file into 640 mode and owned by bind:bind.

key "bl-rigacci-org_rndc-key" {
        algorithm hmac-md5;
        secret "rg2aizg+T6XkKkmpI42K7g==";
};

/etc/bind/named.conf.local

Suppose that 10.100.101.102 is your secondary DNS server:

//--------------------------------------------------------------
// Dynamic update zone for DNS BlockList.
//--------------------------------------------------------------
zone "bl.rigacci.org" {
    type master;
    allow-update { 127.0.0.1; 10.100.101.102; };
    allow-transfer { 127.0.0.1; 10.100.101.102; };
    file "bl.rigacci.org";
    max-journal-size 500k;
};
include "/etc/bind/bl-rigacci-org_rndc-key";

Configure SpamAssassin

doc/appunti/linux/sa/spamassassin_private_dnsbl.1581956438.txt.gz · Last modified: 2020/02/17 17:20 by niccolo