RHSBL Support

8
Votes

RHSBL Support

Last activity: 6 years ago
Add support for filtering based on RHSBL-type blacklists in ORF, such as rhsbl.ahbl.org.
21

Comments

Can't you just add it manually to the URI blocking tests? Their site says it should be compatible. http://www.ahbl.org/documents/rhsbl
by thomasrw more than 10 years ago
@thomasrw: no, as the domain name which should be checked against RHSBL is the one submitted in the From: field of the email header. The URL Blacklist feature does not check that currently, only domains found in the body.
by Krisztian Fekete (Vamsoft) more than 10 years ago
Desirable feature... -ASB: http://XeeMe.com/AndrewBaker
by andrew.baker more than 10 years ago
Hello again. :) Common idea. ORF provide integrated tests on SMTP-connection level: 1. Classic GrayList. Add to database SRCIP+FROM+TO+DATETIME. Reject message with SMTP-471 if (DATETIME+GRAY_TIME)<CURRENT_DATETIME. Exclude from test optionally (?) all messages with at least one (?) SPAM-trap addresses. 2. Honeypot "Before Arrival" modified to "SPAM-trap Gray". If TO consist at least one SPAM-trap address, pass it to other tests and add SRCIP+DATETIME to database. Reject other messages with SMTP-471 if (DATETIME+HONEYPOT1_TIME)<CURRENT_DATETIME. 3. May be universal ban-list. Records to him add based on other tests "On Arrival"-mode. This tests reduce EMail's count passed to other and slow-down spammers. "On Arrival" mode give complex test of EMail's. Score-based or basic rules. Tests: 1. Honeypot "On Arrival" mode => "SPAM-trap Mark". Work as "SPAM-trap Gray" but only flag/scoring message at HONEYPOT2_TIME. 2. DNSRBL with groups (?). Each grop flag/scoring message. Groups two types: "at least one", "isn't less than". ORF use first type with consecutive search. This good for test, but not for production. Need random use RBL's for balancing. Test use all groups. 3. My script for SPAM-trap mailbox + ClamAV => "SPAM-trap Hash". Messages to SPAM-trap addresses parsed and hashed (internally best that ClamAV). Hashes stored to database on any time (HONEYPOT3_TIME). Flag/score message if it hash exist in database and record not oldest that (CURRENT_DATETIME-HONEYPOT3_TIME). 4. SURBL. 5. SPF. 6. DKIM. 7. External agents. List of rules give result of test: Tag/Ban IP on any time/Reject/Delete/Redirect. -ASWL+"SPAM-trap Hash"+DNSRBL Delete +ASWL+"SPAM-trap Hash"+DNSRBL Tag -ASWL+"SPAM-trap Hash" Tag -ASWL+"SPAM-trap Mark" Tag -ASWL+DNSRBL Tag -ASWL+SURBL Tag -ASWL+SPF-DKIM Tag The more conditions the better. Or scoring (it doesn't seem to me the good idea) / Spamassassin. "SPAM-trap Hash" can be deliberately poisoned if EMail's parsed to text+attaches and hash each. "SPAM-trap Mark" not good for remote servers with mixed content. Only ASWL improved it.
by DenM 6 years ago

My Comment

Please sign in or sign up to comment.
hnp1 | hnp2