Server IP : 103.119.228.120 / Your IP : 3.144.93.34 Web Server : Apache System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64 User : nobody ( 99) PHP Version : 5.6.40 Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /var/lib/spamassassin/3.004002/updates_spamassassin_org/ |
Upload File : |
# SpamAssassin rules file: DNS blacklist and whitelist tests # # Please don't modify this file as your changes will be overwritten with # the next update. Use /etc/mail/spamassassin/local.cf instead. # See 'perldoc Mail::SpamAssassin::Conf' for details. # # <@LICENSE> # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to you under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at: # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # </@LICENSE> # ########################################################################### require_version 3.004002 ########################################################################### ifplugin Mail::SpamAssassin::Plugin::DNSEval # See the Mail::SpamAssassin::Conf manual page for details of how to use # check_rbl(). # --------------------------------------------------------------------------- # Multizone / Multi meaning BLs first. # # Note that currently TXT queries cannot be used for these, since the # DNSBLs do not return the A type (127.0.0.x) as part of the TXT reply. # --------------------------------------------------------------------------- # SORBS # transfers: both axfr and ixfr available # URL: http://www.dnsbl.sorbs.net/ # pay-to-use: no # delist: $50 fee for RCVD_IN_SORBS_SPAM, others have free retest on request header __RCVD_IN_SORBS eval:check_rbl('sorbs', 'dnsbl.sorbs.net.') describe __RCVD_IN_SORBS SORBS: sender is listed in SORBS tflags __RCVD_IN_SORBS net reuse __RCVD_IN_SORBS header RCVD_IN_SORBS_HTTP eval:check_rbl_sub('sorbs', '127.0.0.2') describe RCVD_IN_SORBS_HTTP SORBS: sender is open HTTP proxy server tflags RCVD_IN_SORBS_HTTP net reuse RCVD_IN_SORBS_HTTP header RCVD_IN_SORBS_SOCKS eval:check_rbl_sub('sorbs', '127.0.0.3') describe RCVD_IN_SORBS_SOCKS SORBS: sender is open SOCKS proxy server tflags RCVD_IN_SORBS_SOCKS net reuse RCVD_IN_SORBS_SOCKS header RCVD_IN_SORBS_MISC eval:check_rbl_sub('sorbs', '127.0.0.4') describe RCVD_IN_SORBS_MISC SORBS: sender is open proxy server tflags RCVD_IN_SORBS_MISC net reuse RCVD_IN_SORBS_MISC header RCVD_IN_SORBS_SMTP eval:check_rbl_sub('sorbs', '127.0.0.5') describe RCVD_IN_SORBS_SMTP SORBS: sender is open SMTP relay tflags RCVD_IN_SORBS_SMTP net reuse RCVD_IN_SORBS_SMTP # delist: $50 fee #header RCVD_IN_SORBS_SPAM eval:check_rbl_sub('sorbs', '127.0.0.6') #describe RCVD_IN_SORBS_SPAM SORBS: sender is a spam source #tflags RCVD_IN_SORBS_SPAM net #reuse RCVD_IN_SORBS_SPAM RCVD_IN_SORBS_SPAM header RCVD_IN_SORBS_WEB eval:check_rbl_sub('sorbs', '127.0.0.7') describe RCVD_IN_SORBS_WEB SORBS: sender is an abusable web server tflags RCVD_IN_SORBS_WEB net reuse RCVD_IN_SORBS_WEB header RCVD_IN_SORBS_BLOCK eval:check_rbl_sub('sorbs', '127.0.0.8') describe RCVD_IN_SORBS_BLOCK SORBS: sender demands to never be tested tflags RCVD_IN_SORBS_BLOCK net reuse RCVD_IN_SORBS_BLOCK header RCVD_IN_SORBS_ZOMBIE eval:check_rbl_sub('sorbs', '127.0.0.9') describe RCVD_IN_SORBS_ZOMBIE SORBS: sender is on a hijacked network tflags RCVD_IN_SORBS_ZOMBIE net reuse RCVD_IN_SORBS_ZOMBIE header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-lastexternal', 'dnsbl.sorbs.net.', '127.0.0.10') describe RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address tflags RCVD_IN_SORBS_DUL net reuse RCVD_IN_SORBS_DUL # --------------------------------------------------------------------------- # Spamhaus ZEN includes SBL+CSS+XBL+PBL # https://www.spamhaus.org/faq/section/DNSBL%20Usage#200 # # Spamhaus XBL contains the Abuseat CBL data (cbl.abuseat.org) header __RCVD_IN_ZEN eval:check_rbl('zen', 'zen.spamhaus.org.') describe __RCVD_IN_ZEN Received via a relay in Spamhaus Zen tflags __RCVD_IN_ZEN net reuse __RCVD_IN_ZEN # SBL is the Spamhaus Block List: https://www.spamhaus.org/sbl/ header RCVD_IN_SBL eval:check_rbl_sub('zen', '127.0.0.2') describe RCVD_IN_SBL Received via a relay in Spamhaus SBL tflags RCVD_IN_SBL net reuse RCVD_IN_SBL # XBL is the Exploits Block List: https://www.spamhaus.org/xbl/ header RCVD_IN_XBL eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.0\.0\.[4567]$') describe RCVD_IN_XBL Received via a relay in Spamhaus XBL tflags RCVD_IN_XBL net reuse RCVD_IN_XBL # PBL is the Policy Block List: https://www.spamhaus.org/pbl/ header RCVD_IN_PBL eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.0\.0\.1[01]$') describe RCVD_IN_PBL Received via a relay in Spamhaus PBL tflags RCVD_IN_PBL net reuse RCVD_IN_PBL # CSS is the Spamhaus CSS Component of the SBL List: https://www.spamhaus.org/css/ header RCVD_IN_SBL_CSS eval:check_rbl_sub('zen', '127.0.0.3') describe RCVD_IN_SBL_CSS Received via a relay in Spamhaus SBL-CSS tflags RCVD_IN_SBL_CSS net reuse RCVD_IN_SBL_CSS # New blocked checks 10/2019 header RCVD_IN_ZEN_BLOCKED_OPENDNS eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.255\.255\.254$') describe RCVD_IN_ZEN_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/ tflags RCVD_IN_ZEN_BLOCKED_OPENDNS net reuse RCVD_IN_ZEN_BLOCKED_OPENDNS # New blocked checks 10/2019 header RCVD_IN_ZEN_BLOCKED eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '^127\.255\.255\.255$') describe RCVD_IN_ZEN_BLOCKED ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked. See https://www.spamhaus.org/returnc/vol/ tflags RCVD_IN_ZEN_BLOCKED net reuse RCVD_IN_ZEN_BLOCKED if can(Mail::SpamAssassin::Conf::feature_dns_block_rule) dns_block_rule RCVD_IN_ZEN_BLOCKED_OPENDNS zen.spamhaus.org dns_block_rule RCVD_IN_ZEN_BLOCKED zen.spamhaus.org endif # Now, single zone BLs follow: # --------------------------------------------------------------------------- # NOTE: donation tests, see README file for details header RCVD_IN_BL_SPAMCOP_NET eval:check_rbl_txt('spamcop', 'bl.spamcop.net.', '(?i:spamcop)') describe RCVD_IN_BL_SPAMCOP_NET Received via a relay in bl.spamcop.net tflags RCVD_IN_BL_SPAMCOP_NET net reuse RCVD_IN_BL_SPAMCOP_NET # --------------------------------------------------------------------------- # NOTE: commercial tests, see README file for details header RCVD_IN_MAPS_RBL eval:check_rbl('rblplus', 'activationcode.r.mail-abuse.com.', '1') describe RCVD_IN_MAPS_RBL Relay in RBL, http://www.mail-abuse.com/enduserinfo_rbl.html tflags RCVD_IN_MAPS_RBL net reuse RCVD_IN_MAPS_RBL header RCVD_IN_MAPS_DUL eval:check_rbl('rblplus-lastexternal', 'activationcode.r.mail-abuse.com.', '2') describe RCVD_IN_MAPS_DUL Relay in DUL, http://www.mail-abuse.com/enduserinfo_dul.html tflags RCVD_IN_MAPS_DUL net reuse RCVD_IN_MAPS_DUL header RCVD_IN_MAPS_RSS eval:check_rbl_sub('rblplus', '4') describe RCVD_IN_MAPS_RSS Relay in RSS, http://www.mail-abuse.com/enduserinfo_rss.html tflags RCVD_IN_MAPS_RSS net reuse RCVD_IN_MAPS_RSS header RCVD_IN_MAPS_OPS eval:check_rbl_sub('rblplus', '8') describe RCVD_IN_MAPS_OPS Relay in OPS, http://www.mail-abuse.com/enduserinfo_ops.html tflags RCVD_IN_MAPS_OPS net reuse RCVD_IN_MAPS_OPS # The NML isn't part of the RBL+ and I find any documentation for it - is it dead? header RCVD_IN_MAPS_NML eval:check_rbl('nml', 'nonconfirm.mail-abuse.com.') describe RCVD_IN_MAPS_NML Relay in NML, http://www.mail-abuse.com/enduserinfo_nml.html tflags RCVD_IN_MAPS_NML net reuse RCVD_IN_MAPS_NML # --------------------------------------------------------------------------- # Section for DNS WL related lookups below. # IADB support ... header __RCVD_IN_IADB eval:check_rbl('iadb-firsttrusted', 'iadb.isipp.com.') tflags __RCVD_IN_IADB net nice reuse __RCVD_IN_IADB header RCVD_IN_IADB_VOUCHED eval:check_rbl_sub('iadb-firsttrusted', '127.0.1.255') describe RCVD_IN_IADB_VOUCHED ISIPP IADB lists as vouched-for sender tflags RCVD_IN_IADB_VOUCHED net nice reuse RCVD_IN_IADB_VOUCHED # --------------------------------------------------------------------------- # Return Path Certified: # https://www.returnpath.net/internetserviceprovider/certification/ # (replaces RCVD_IN_BSP_TRUSTED, RCVD_IN_BSP_OTHER, RCVD_IN_SSC_TRUSTED_COI) header RCVD_IN_RP_CERTIFIED eval:check_rbl_txt('ssc-firsttrusted', 'sa-trusted.bondedsender.org.') describe RCVD_IN_RP_CERTIFIED Sender in ReturnPath Certified - Contact cert-sa@returnpath.net tflags RCVD_IN_RP_CERTIFIED net nice reuse RCVD_IN_RP_CERTIFIED # Return Path Safe: # https://www.returnpath.net/internetserviceprovider/certification/ # (replaces HABEAS_ACCREDITED_COI, HABEAS_ACCREDITED_SOI, HABEAS_CHECKED) header RCVD_IN_RP_SAFE eval:check_rbl_txt('ssc-firsttrusted','sa-accredit.habeas.com.') describe RCVD_IN_RP_SAFE Sender in ReturnPath Safe - Contact safe-sa@returnpath.net tflags RCVD_IN_RP_SAFE net nice reuse RCVD_IN_RP_SAFE # Return Path Reputation Network Blacklist (RNBL): # https://senderscore.org/blacklistlookup/ header RCVD_IN_RP_RNBL eval:check_rbl('rnbl-lastexternal','bl.score.senderscore.com.') describe RCVD_IN_RP_RNBL Relay in RNBL, https://senderscore.org/blacklistlookup/ tflags RCVD_IN_RP_RNBL net reuse RCVD_IN_RP_RNBL endif #These are old and useless - The zones are no longer supported by SpamHaus 2018-12-12 #ifplugin Mail::SpamAssassin::Plugin::AskDNS # #askdns DKIMDOMAIN_IN_DWL _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT /^([a-z]+ )*(transaction|list|all)( [a-z]+)*$/ #tflags DKIMDOMAIN_IN_DWL net nice #describe DKIMDOMAIN_IN_DWL Signing domain listed in Spamhaus DWL #reuse DKIMDOMAIN_IN_DWL # #askdns __DKIMDOMAIN_IN_DWL_ANY _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT #tflags __DKIMDOMAIN_IN_DWL_ANY net nice #describe __DKIMDOMAIN_IN_DWL_ANY Any TXT response received from a Spamhaus DWL #reuse __DKIMDOMAIN_IN_DWL_ANY # #meta DKIMDOMAIN_IN_DWL_UNKNOWN __DKIMDOMAIN_IN_DWL_ANY && !DKIMDOMAIN_IN_DWL #tflags DKIMDOMAIN_IN_DWL_UNKNOWN net nice #describe DKIMDOMAIN_IN_DWL_UNKNOWN Unrecognized response from Spamhaus DWL # #endif