Topdog.za.net

I previously wrote about how to block domains named in the ISPA Spam Hall of Shame using DNSBL at SMTP time, these domains have now resorted to using 3rd party senders to try and get their Junk through. Because they are using 3rd party senders the envelope from address is no longer the one that is listed on the hall of shame.

In this post i will describe how you can catch the mail that has slipped through your SMTP DNSBL checks.

To identify these messages i use Spamassassin's URIDNSBL plugin which extracts the uri's in an email and checks each of them against the DNSBL.

Create a file called ispa.cf in your Spamassassin configuration directory usually /etc/mail/spamassassin with the following contents

# /etc/mail/spamassassin/ispa.cf
urirhsbl        URIBL_BARUWA    ispa.rbl.baruwa.net.   A
body            URIBL_BARUWA    eval:check_uridnsbl('URIBL_BARUWA')
describe        URIBL_BARUWA    Contains a URL listed in the Baruwa blocklist
score           URIBL_BARUWA    7.0

Restart Spamassassin and email from those domains that by pass the DNSBL checks by using 3rd party senders should now be tagged as Spam by Spamassassin with a score of 7.0

Feedback is welcome, as Spam fighting is always an on going battle.