Feature #3302

Use DNSBL to fight spam

Added by Filippo Carletti about 3 years ago. Updated about 3 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-mail-filter
Target version:v6.7
Resolution: NEEDINFO:No

Description

DNS block list can be used to block spam in two ways:
  1. at connection stage
  2. as spamassassin rules

Method 1 is already implemented blocking SMTP connections from listed spammer servers.
Method 2 is the subject of this issue.


Related issues

Related to NethServer 6 - Feature #3294: Add unbound as DNS resolver for DNSBLs CLOSED

Associated revisions

Revision cb1395c2
Added by Filippo Carletti about 3 years ago

mail-filter: support DNSBL. Refs #3302

History

#1 Updated by Filippo Carletti about 3 years ago

  • Related to Feature #3294: Add unbound as DNS resolver for DNSBLs added

#2 Updated by Filippo Carletti about 3 years ago

  • Status changed from NEW to TRIAGED
  • Assignee set to Filippo Carletti
  • % Done changed from 0 to 20
To use DNSBL in spamassassin we need:
  1. a resolver (see related issue)
  2. some custom rules for spamassassin
  3. integrating unbound with dnsmasq

Links:
http://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf
http://vdhout.nl/2015/05/additional-spamassassin-dnsbls

#3 Updated by Filippo Carletti about 3 years ago

  • Status changed from TRIAGED to ON_DEV
  • % Done changed from 20 to 30

#4 Updated by Filippo Carletti about 3 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Filippo Carletti)
  • % Done changed from 30 to 60

#5 Updated by Filippo Carletti about 3 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-mail-filter-1.3.3-1.3.gcb1395c.ns6.noarch.rpm

Test case 1 - fresh nethserver installation

Prior to update check that DNSBL queries fail (they usually do if you set the DNS to 8.8.8.8 or your ISP DNS)

# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 74.125.181.194]" 

Install nethserver-mail-filter from nethserver-testing and check again:

# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "permanent testpoint" 

Also, update should install as a dependency nethserver-unbound.
/var/log/messages should show:

Oct 30 16:25:19 nscom dnsmasq[5115]: using nameserver 127.0.0.1#10053 for domain spamhaus.org
Oct 30 16:25:19 nscom dnsmasq[5115]: using nameserver 127.0.0.1#10053 for domain dnswl.org
Oct 30 16:25:19 nscom dnsmasq[5115]: using nameserver 127.0.0.1#10053 for domain uribl.com

Test case 2 - update a nethserver already using the mail server filter
As above, check uribl before and after upgrade.
Then receive some emails and check both email headers and /var/log/maillog.

#6 Updated by Alessio Fattorini about 3 years ago

  • Assignee set to Alessio Fattorini

#7 Updated by Alessio Fattorini about 3 years ago

Test case 2 - fresh install

System and Package Version installed
NethServer 6.7 fresh installation

Package Installed: nothing
Other Package installed: nothing

Test Original Problem

host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml

Install Updated Package

 yum --enablerepo=nethserver-testing install nethserver-mail-filter

Test Results after update

[root@localhost ~]# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "permanent testpoint" 

messages:

Nov  4 18:14:32 localhost dnsmasq[671]: using nameserver 127.0.0.1#10053 for domain spamhaus.org
Nov  4 18:14:32 localhost dnsmasq[671]: using nameserver 127.0.0.1#10053 for domain dnswl.org
Nov  4 18:14:32 localhost dnsmasq[671]: using nameserver 127.0.0.1#10053 for domain uribl.com
Nov  4 18:14:32 localhost dnsmasq[671]: using nameserver 8.8.8.8#53

Verified Or Reopen
Verified Test case 2

#8 Updated by Alessio Fattorini about 3 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

System and Package Version installed
...
Package Installed: nethserver-mail-filter.noarch 0:1.3.3-1.ns6
Other Package installed: ...

Test Original Problem
host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 74.125.181.31]"

Install Updated Package

 yum --enablerepo=nethserver-testing update nethserver-mail-filter

Test Results after update

host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "permanent testpoint" 

messages

Nov  5 12:02:16 localhost dnsmasq[3782]: using nameserver 127.0.0.1#10053 for domain spamhaus.org
Nov  5 12:02:16 localhost dnsmasq[3782]: using nameserver 127.0.0.1#10053 for domain dnswl.org
Nov  5 12:02:16 localhost dnsmasq[3782]: using nameserver 127.0.0.1#10053 for domain uribl.com
Nov  5 12:02:16 localhost dnsmasq[3782]: using nameserver 8.8.8.8#53

Verified Or Reopen
Verified test Case 2

#9 Updated by Giacomo Sanchietti about 3 years ago

  • Assignee deleted (Alessio Fattorini)

#10 Updated by Giacomo Sanchietti about 3 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-updates:
  • nethserver-mail-filter-1.3.4-1.ns6.noarch.rpm

Also available in: Atom PDF