doc:appunti:linux:sa:spamassassin_private_dnsbl
This is an old revision of the document!
Table of Contents
How to use a private DNS Blocklist with SpamAssassin
Beside dnsbl.sorbs.net and zen.spamhaus.org…
Configure the DNS
/var/cache/bind/bl.rigacci.org
$TTL 900 ; 15 minutes bl.rigacci.org IN SOA ns1.rigacci.org. postmaster.rigacci.org. ( 1 ; serial 3600 ; refresh (1 hour) 600 ; retry (5 minutes) 432000 ; expire (5 days) 10 ; minimum (10 seconds) ) NS ns1.rigacci.org. NS ns2.rigacci.org. $ORIGIN bl.rigacci.org. $TTL 900 ; 15 minutes
Generate the DNS key:
dnssec-keygen -a HMAC-MD5 -b 512 -n USER bl-rigacci-org_rndc-key
Get the secret from the generated private file:
cat Kbl-rigacci-org_rndc-key.+157+27575.private ... Key: rg2aizg+T6XkKkmpI42K7g== ...
/etc/bind/bl-rigacci-org_rndc-key
Be sure to set the file into 640 mode and owned by bind:bind.
key "bl-rigacci-org_rndc-key" { algorithm hmac-md5; secret "rg2aizg+T6XkKkmpI42K7g=="; };
/etc/bind/named.conf.local
Suppose that 10.100.101.102 is your secondary DNS server:
//-------------------------------------------------------------- // Dynamic update zone for DNS BlockList. //-------------------------------------------------------------- zone "bl.rigacci.org" { type master; allow-update { 127.0.0.1; 10.100.101.102; }; allow-transfer { 127.0.0.1; 10.100.101.102; }; file "bl.rigacci.org"; max-journal-size 500k; }; include "/etc/bind/bl-rigacci-org_rndc-key";
Configure SpamAssassin
doc/appunti/linux/sa/spamassassin_private_dnsbl.1581956438.txt.gz · Last modified: 2020/02/17 17:20 by niccolo