Name based RBL scoring

["Sam Hayes Merritt, III" <sa...@themerritts.org>]

I've searched and cannot find so I'm hoping someone can help.

We have a RBL we host that contains the domain names of dynamic hosts, 
spammers and other we do not want to receive email from.

Currently in sendmail we use the revised dnsbl.m4 from Derek Balling 
(http://www.megacity.org/software_downloads/dnsbl.m4) which looks up the 
hostname of the connecting machine against a RBL. I'm trying to duplicate 
that in Sendmail as it provides us a lot of usefulness and would get us 
away from the blanket rejects.

Are there any rules written to do this in Spamassassin? I see IP RBLs and 
I see RHSRBL, but I don't see domain-based RBLs that check the connecting 
machine.



Thanks,

sam

Re: Name based RBL scoring

["Sam Hayes Merritt, III" <sa...@themerritts.org>]

> The closest is RHSBL, as these are hostname based, not IP based. But 
> these look up the full hostname, not just the domain name. You could 
> handle this on your back-end with wildcards...

Looks like the RHSBL rules included in SA looks up the domain the From:
email address in the envelope using check_rbl_envfrom. I've verified that
with tcpdump on port 53.

> However, on the "connecting machine" part, SA does not have any concept 
> of what the "connecting machine" is. SA doesn't even know there's such 
> a thing as a connection. SA can only perform RBL checks against what it 
> finds in the Received headers.

> In general, with a few exceptions, SA checks theevery host in the 
> Received: headers  that isn't a part of internal_networks. It checks 
> the IP of each against all the RBLs and the host name of each against 
> all the RHSBLs.

The hostname of the email address in the envelope. What I'd like is a way
to take the hostname that is the last received header and look that up, 
just as its currently looking up the IP address.


sam

Re: Name based RBL scoring

[Matt Kettler <mk...@evi-inc.com>]

Sam Hayes Merritt, III wrote:
> 
> I've searched and cannot find so I'm hoping someone can help.
> 
> We have a RBL we host that contains the domain names of dynamic hosts,
> spammers and other we do not want to receive email from.
> 
> Currently in sendmail we use the revised dnsbl.m4 from Derek Balling
> (http://www.megacity.org/software_downloads/dnsbl.m4) which looks up the
> hostname of the connecting machine against a RBL. I'm trying to
> duplicate that in Sendmail as it provides us a lot of usefulness and
> would get us away from the blanket rejects.
> 
> Are there any rules written to do this in Spamassassin? I see IP RBLs
> and I see RHSRBL, but I don't see domain-based RBLs that check the
> connecting machine.
> 

The closest is RHSBL, as these are hostname based, not IP based. But these look
up the full hostname, not just the domain name. You could handle this on your
back-end with wildcards...


However, on the "connecting machine" part, SA does not have any concept of what
the "connecting machine" is. SA doesn't even know there's such a thing as a
connection. SA can only perform RBL checks against what it finds in the Received
headers.

In general, with a few exceptions, SA checks theevery host in the Received:
headers  that isn't a part of internal_networks. It checks the IP of each
against all the RBLs and the host name of each against all the RHSBLs.