User Tools

Site Tools


doc:appunti:linux:sa:spamassassin_private_dnsbl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:appunti:linux:sa:spamassassin_private_dnsbl [2020/02/17 17:51]
niccolo [Configure SpamAssassin]
doc:appunti:linux:sa:spamassassin_private_dnsbl [2020/02/19 15:11] (current)
niccolo [Python script to manage the dynamic zone]
Line 1: Line 1:
-====== How to use a private DNSBL with SpamAssassin ======+====== How to run a private DNSBL for SpamAssassin ======
  
 Here we will present a recipe to create a personal **[[wp>​Domain_Name_System-based_Blackhole_List|Domain Name System-based Blackhole List]]** to be used with **SpamAssassin**. This will enable you to assign a **custom SPAM score** to mails coming from **specific IP addresses** (at the moment only IPv4 addresses). Here we will present a recipe to create a personal **[[wp>​Domain_Name_System-based_Blackhole_List|Domain Name System-based Blackhole List]]** to be used with **SpamAssassin**. This will enable you to assign a **custom SPAM score** to mails coming from **specific IP addresses** (at the moment only IPv4 addresses).
Line 33: Line 33:
 </​file>​ </​file>​
  
-==== The Dynamic Zone ====+==== The dynamic zone ====
  
 Your DNS server will manage a **dynamic zone** dedicated to the DNSBL service. Create a file **/​var/​cache/​bind/​bl.rigacci.org** owned by **bind:​bind**:​ Your DNS server will manage a **dynamic zone** dedicated to the DNSBL service. Create a file **/​var/​cache/​bind/​bl.rigacci.org** owned by **bind:​bind**:​
Line 81: Line 81:
  
 You can customize the **score** (default SPAM score is 5.0 in SpamAssassin) to match your requirements. You can customize the **score** (default SPAM score is 5.0 in SpamAssassin) to match your requirements.
 +
 +===== Python script to manage the dynamic zone =====
 +
 +Finally we need a script to add, remove or query IP address into the DNSBL zone. We have written a **{{.:​dnsbl-tool.txt|dnsbl-tool}}** which can be used as follow:
 +
 +<​code>​
 +dnsbl-tool -a 192.168.10.1
 +Adding record type "​A"​ for 1.10.168.192.bl.rigacci.org
 +</​code>​
 +
 +<​code>​
 +dnsbl-tool -q 192.168.10.1
 +Address 192.168.10.1 is listed: 1.10.168.192.bl.rigacci.org => 127.0.0.1
 +</​code>​
 +
 +<​code>​
 +dnsbl-tool -r 192.168.10.1
 +Removing record type "​A"​ for 1.10.168.192.bl.rigacci.org
 +</​code>​
 +
 +To query the entire zone from the DNS server, you can request an **AXFR** (zone transfer). For doing that, you must do it from an IP address listed into the **allow-transfer** declared into named.conf.local:​
 +
 +<​code>​
 +dig -tAXFR bl.rigacci.org
 +</​code>​
doc/appunti/linux/sa/spamassassin_private_dnsbl.1581958311.txt.gz ยท Last modified: 2020/02/17 17:51 by niccolo