Use as DNSBL

• Types of RBL lists provided by stirka.dev
• Mail servers configuration
  • Configuration in Exim
  • Configuration in Postfix
  • Configuration in rspamd
  • Configuration in spamassassin

DNSBL or RBL(Realtime Block List) is a service that allows checking for blacklisted or whitelisted ip addresses, domains(DBL) or email addresses(EBL). It can be used in various softwares such as mail servers, web servers, proxy servers for protection of malicious activities.

Types of RBL lists provided by stirka.dev

RBL	Description
fresh1.rbl.stirka.dev	freshly registered domains in the last day
fresh7.rbl.stirka.dev	freshly registered domains in the last 7 days
propaganda.rbl.stirka.dev	propaganda DBL from the propaganda blocklist
dbl.rbl.stirka.dev	spam DBL containing spam related domains

Mail servers configuration

Configuration in Exim

To configure any rbl in exim please add following to the acl configuration:

deny dnslists = fresh1.rbl.stirka.dev: \
                fresh7.rbl.stirka.dev

Original exim documentation

Configuration in Postfix

To configure any rbl in postfix please add this to the configuration:

postscreen_dnsbl_sites =
    fresh1.rbl.stirka.dev
    fresh7.rbl.stirka.dev

You can add multiplicator if you want this rbl to weight more:

postscreen_dnsbl_sites =
    fresh1.rbl.stirka.dev*2
    fresh7.rbl.stirka.dev

Official postfix documentation

Note

If you choose to supply multiplier it is recommended to set properly postscreen_dnsbl_threshold.

Configuration in rspamd

To configure an ip rbl in rspamd please add this to configuration:

In /etc/rspamd/local.d/rbl.conf:

    stirka {
        symbol = "RBL_STIRKA_FRESH1";
        checks = ["from"];
        rbl = "fresh1.rbl.stirka.dev";
    }

In /etc/rspamd/local.d/rbl_group.conf:

    "RBL_STIRKA_FRESH1" {
        weight = 2.0;
        description = "Domain registered in last 24 hours.";
        groups = ["fresh"];
    }

If you want to configure a dbl rbl in rspamd add this to configuration:

In /etc/rspamd/local.d/rbl.conf:

    stirka {
        symbol = "RBL_STIRKA_DBL";
        checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls'];
        no_ip = true;
        rbl = "dbl.rbl.stirka.dev";
    }

In /etc/rspamd/local.d/rbl_group.conf:

    "RBL_STIRKA_DBL" {
        weight = 2.0;
        description = "Domain blocklisted in stirka dbl.";
        groups = ["blocked"];
    }

Official rspamd documentation

Note

You can adjust the score to better integrate in your other scoring logic.

Configuration in spamassassin

To configure a rbl in spamassasin please add this to the configuration:

header        CUSTOM_LOOKUP    eval:check_rbl_txt('dnsrbl','fresh1.rbl.stirka.dev.')
describe      CUSTOM_LOOKUP    Domain registered in the last 24h and listed in fresh1.rbl.stirka.dev RBL
score         CUSTOM_LOOKUP    2.0

Official spamassasin documentation

Note

You can adjust the score for the spamassasin rule. Also you can run lint after editing the configuration but before restarting the daemon:

spamassassin --lint