disabled
This requires an installed Net::DNS module in PERL.
Early DNSBL Cache Blocking (ForceRBLCache) •
If set, ASSP will use cached DNSBL hits to block messages before other tests. testmode will override this. spamlover settings will be ignored.
Don't do DNSBL for these IPs* (noRBL) • 10.
Enter IP addresses that you don't want to be DNSBL validated, separated by pipes (|). For example: 127.0.0.1|172.16..
Whitelisted DNSBL Validation (RBLWL) •
Enable DNSBL for whitelisted users also
Add X-Assp-DNSBL Header (AddRBLHeader) •
Add X-Assp-DNSBL header to messages with positive reply from DNSBL.
DNSBL Failed Reply (RBLError) • 550 5.7.1 Blacklisted by RBLLISTED
SMTP reply for DNSBL failed messages. Default: '554 5.7.1 DNS Blacklisted by RBLLISTED' The literal RBLLISTED (case sensitive) is replaced by the actual serviceproviders(s).
RBL Service Providers* (RBLServiceProvider) •
bl.spamcop.net|cbl.abuseat.org|sbl-xbl.spamhaus.org|dnsbl.njabl.org|list.dsbl.org|dnsbl.sorbs.net|opm.blitzed.org|dynablock.njabl.org
Names of DNSBLs to use separated by "|". You may set for every provider a weight like zen.spamhaus.org=>50|bl.spamcop.net=>25.
Defaults are:
zen.spamhaus.org=>1|bl.spamcop.net=>1|psbl.surriel.com=>2|ix.dnsbl.manitu.net=>2| l2.apews.org=>3|combined.njabl.org=>1|safe.dnsbl.sorbs.net=>1|dnsbl-1.uceprotect.net=>2| dnsbl-2.uceprotect.net=>2|dnsbl-3.uceprotect.net=>2|blackholes.five-ten-sg.com=>3". DNSBL providers can get a "weight" like bl.spamcop.net=>1.
The value of the weight can be set directly like=>45 or as a divisor of RBLmaxweight. Low numbers < 6 are divisors . So if
RBLmaxweight = 50 (default) bl.spamcop.net=>50 would be the same as bl.spamcop.net=>1, bl.spamcop.net=>2 would be the same as bl.spamcop.net=>25.
If the sum of weights surpasses RBLmaxweight, the DNSBL check fails. If not, the DNSBL check is scored as "neutral" even with
RBLmaxhits reached. Setting Showmaxreplies will allow ALL replies to contribute to the total weight regardless of RBLmaxhits. Some RBL Service Providers, like blackholes.five-ten-sg.com, provides different return codes in a single DNS-zone: like 127.a.b.c - where a,b,c are used to identify a weight or type (or what ever) of the returned entry. If you want to care about special return codes, or if you want to use different weights for different return codes, you should use the following enhanced entry syntax:
RBL-Service-Provider=>result-to-watch=>weight (like:) blackholes.five-ten-sg.com=>127.0.0.2=>3
blackholes.five-ten-sg.com=>127.0.0.5=>4 blackholes.five-ten-sg.com=>127.0.?.*=>5
You can see, the wildcards * (multiple character) and ? (single character) are possible to use in the second parameter. Never mix the three possible syntax types for the same RBL Service Provider. An search for a match inside such a definition is done in reverse ASCII order, so the wildcards are used as last.
Some RBL Service Providers, provides different return codes using a bitmask in any part of the reply. To define weights for bitmasks, place a single 'M' in front of the mask number, like
sp.com=>127.0.0.M2=>25 sp.com=>127.0.0.M4=>41 sp.com=>127.0.M1.5=>56 sp.com=>127.0.M64.*=>11 sp.com=>127.0.0.2=>22 sp.com=>127.0.*.*=>1
Valid bitmasks are 1,2,4,8,16,32,64 and 128. The resulting weight will be the weight sum of all matching bitmasks (if no full qualified definition is found). For example: a return code of 127.0.0.6 for sp.com will result in a weight of 66 (25+41), a reply of 127.0.0.2 will result in 22
Because each single bitmask indicates a set of 128 numbers you should prevent the usage of something like 127.0.M16.M1 - this will lead in to a set of (128*128) 16384 addresses, which is really too much!
For the same service provider, first define all bitmask definitions, after that all full qualified definitions and than all definitions with wildcards, like in the example above! If your definition order is wrong, the resulting weights will be unexpected!
Maximum Replies (RBLmaxreplies) • 3
A reply is affirmative or negative reply from a DNSBL.
The DNSBL module will wait for this number of replies (negative or positive) from the DNSBLs listed under Service Provider for up to the Maximum Time( RBLmaxtime ).
This number should be equal to or less than the number of DNSBL Service Providers listed to allow for randomly unavailable DNSBLs.
Maximum Hits (RBLmaxhits) • 1
A hit is an affirmative response from a DNSBL.
The DNSBL module will check all of the DNSBLs listed under Service Provider. If the number of hits is greater or equal Maximum Hits, the email is flagged Failed.
If the number of hits is greater 0 and less Maximum Hits, the email is flagged Neutral
RBL Maximum Weight (RBLmaxweight) • 50
A weight is a number representing the trust we put into a DNSBL.
The DNSBL module will check all of the DNSBLs listed under Service Provider. If the total of weights is greater or equal Maximum Weight, the email is flagged Failed.
If the total of weights is greater 0 and less Maximum Weight, the email is flagged Neutral
Maximum Time (RBLmaxtime) • 10
This sets the maximum time in seconds to spend on each message performing DNSBL checks. Default is 15.
Socket Timeout (RBLsocktime) • 1
This sets the DNSBL socket read timeout in seconds.
DNSBL Expiration Time (RBLCacheExp) • 24
IP's in cache will be removed after this interval in hours. 0 will disable the cache. Show DNSBL Cache
Notes On DNSBL
URIBL