This is an old revision of the document!
Table of Contents
How to use a private DNSBL with SpamAssassin
Here we will present a recipe to create a personal Domain Name System-based Blackhole List to be used with SpamAssassin. This will enable you to assign a custom SPAM score to mails coming from specific IP addresses (at the moment only IPv4 addresses).
We will use the well-known mechanism of DNSBLs, so that the general-purpose DNS server software Bind9 and SpamAssassin is used, just with some specific configuration. This allows us to combine our blackhole list with the traditional ones provided by e.g. dnsbl.sorbs.net and zen.spamhaus.org.
Configure the DNS
/var/cache/bind/bl.rigacci.org
$TTL 900 ; 15 minutes bl.rigacci.org IN SOA ns1.rigacci.org. postmaster.rigacci.org. ( 1 ; serial 3600 ; refresh (1 hour) 600 ; retry (5 minutes) 432000 ; expire (5 days) 10 ; minimum (10 seconds) ) NS ns1.rigacci.org. NS ns2.rigacci.org. $ORIGIN bl.rigacci.org. $TTL 900 ; 15 minutes
Generate the DNS key:
dnssec-keygen -a HMAC-MD5 -b 512 -n USER bl-rigacci-org_rndc-key
Get the secret from the generated private file:
cat Kbl-rigacci-org_rndc-key.+157+27575.private ... Key: rg2aizg+T6XkKkmpI42K7g== ...
/etc/bind/bl-rigacci-org_rndc-key
Be sure to set the file into 640 mode and owned by bind:bind.
key "bl-rigacci-org_rndc-key" { algorithm hmac-md5; secret "rg2aizg+T6XkKkmpI42K7g=="; };
/etc/bind/named.conf.local
Suppose that 10.100.101.102 is your secondary DNS server:
//-------------------------------------------------------------- // Dynamic update zone for DNS BlockList. //-------------------------------------------------------------- zone "bl.rigacci.org" { type master; allow-update { 127.0.0.1; 10.100.101.102; }; allow-transfer { 127.0.0.1; 10.100.101.102; }; file "bl.rigacci.org"; max-journal-size 500k; }; include "/etc/bind/bl-rigacci-org_rndc-key";