White-, black- and greylisting combined

The idea is to lessen the need for manual whitelisting by making use of the DNS whitelisting service provided by DNSWL.org. Next is blacklisting dial-up "servers" that have no business sending you mail. After that comes the normal greylisting.

If you have lists of e.g. domains that should be statically whitelisted put them before the DNS lines to save network resources.

list "friendly domains" domain { friend.com }
list "users" rcpt { /.*@domain\.com/ }

dnsrbl "MTAWL" list.dnswl.org 127.0.0.0/16
dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10

racl whitelist list "friendly domains"
racl whitelist dnsrbl "MTAWL"
racl blacklist dnsrbl "SORBS DUN"
racl greylist list "users" delay 1m
racl whitelist default

You can also blacklist a "server" when listed on multiple DNS blacklists and greylist if listed at just one.

list "friendly domains" domain { friend.com }
list "users" rcpt { /.*@domain\.com/ }

racl whitelist list "friendly domains"
dnsrbl "MTAWL" list.dnswl.org 127.0.0.0/16

dnsrbl "NJABL" dnsbl.njabl.org 127.0.0.0/24                                                                                                                   
dnsrbl "CBL ABUSEAT" cbl.abuseat.org 127.0.0.2/32                                                                                                             
dnsrbl "SORBS" dnsbl.sorbs.net 127.0.0.0/24                                                                                                                   
dnsrbl "SPAMCOP" bl.spamcop.net 127.0.0.2/32                                                                                                                  

racl whitelist dnsrbl "MTAWL"                                                                                                                               

racl blacklist dnsrbl "SORBS" dnsrbl "CBL ABUSEAT" dnsrbl "NJABL" msg "Bad reputation - %i listed on too many DNS blacklists: %D" flushaddr                   
racl blacklist dnsrbl "SORBS" dnsrbl "CBL ABUSEAT" dnsrbl "SPAMCOP" msg "Bad reputation - %i listed on too many DNS blacklists: %D" flushaddr                 
racl blacklist dnsrbl "SORBS" dnsrbl "NJABL" dnsrbl "SPAMCOP" msg "Bad reputation - %i listed on too many DNS blacklists: %D" flushaddr                       
racl blacklist dnsrbl "CBL ABUSEAT" dnsrbl "SPAMCOP" dnsrbl "NJABL" msg "Bad reputation - %i listed on too many DNS blacklists: %D" flushaddr                 

racl greylist dnsrbl "CBL ABUSEAT" delay 1h msg "delaying messages from %i - listed at cbl.abuseat.org - try again in %Rt seconds"                            
racl greylist dnsrbl "SORBS" delay 1h msg "delaying messages from %i - listed at dnsbl.sorbs.net - try again in %Rt seconds"                                  
racl greylist dnsrbl "SPAMCOP" delay 1h msg "delaying messages from %i - listed at bl.spamcop.net - try again in %Rt seconds"                                 
racl greylist dnsrbl "NJABL" delay 1h msg "delaying messages from %i - listed at dnsbl.njabl.org - try again in %Rt seconds"

racl greylist list "users" delay 1m
racl whitelist default

Greylisting and blacklisting with weighting/scoring:

# whitelists
dnsrbl "WL_LISTDNSWL" list.dnswl.org 127.0.0.0/16
dnsrbl "WL_MAILSPIKE_H5" wl.mailspike.net 127.0.0.20/32

# blacklists
dnsrbl "BL_INPS" dnsbl.inps.de 127.0.0.2/32
dnsrbl "ZEN" zen.spamhaus.org 127.0.0.1/8
dnsrbl "NIXSPAM" ix.dnsbl.manitu.net 127.0.0.1/8
dnsrbl "JMF" hostkarma.junkemailfilter.com 127.0.0.2/32
dnsrbl "WPBL" db.wpbl.info 127.0.0.2/32
dnsrbl "BL_BARRACUDA" b.barracudacentral.org 127.0.0.2/32
dnsrbl "BL_SPAMEATINGMONKEY" bl.spameatingmonkey.net 127.0.0.2/32
dnsrbl "BL_SPAMCOP" bl.spamcop.net 127.0.0.2/32
dnsrbl "BL_SORBS" dnsbl.sorbs.net 127.0.0.0/24
dnsrbl "BL_SURRIEL" psbl.surriel.com 127.0.0.0/24
dnsrbl "BL_MAILSPIKE" bl.mailspike.net 127.0.0.0/24
dnsrbl "BL_GBUDB" truncate.gbudb.net 127.0.0.2/32
dnsrbl "BL_IMP" spamrbl.imp.ch 127.0.0.5/32

# dnsrbl checks and rating,
racl continue rset $bl_score=0
racl continue rset $bl_listname=""
racl continue dnsrbl "BL_INPS" set $bl_score+=4 set $bl_listname="%P{bl_listname}BL_INPS "
racl continue dnsrbl "ZEN" set $bl_score+=3 set $bl_listname="%P{bl_listname}ZEN "
racl continue dnsrbl "NIXSPAM" set $bl_score+=3 set $bl_listname="%P{bl_listname}NIXSPAM "
racl continue dnsrbl "JMF" set $bl_score+=3 set $bl_listname="%P{bl_listname}JMF "  
racl continue dnsrbl "WPBL" set $bl_score+=3 set $bl_listname="%P{bl_listname}WPBL "
racl continue dnsrbl "BL_BARRACUDA" set $bl_score+=2 set $bl_listname="%P{bl_listname}BL_BARRACUDA "
racl continue dnsrbl "BL_SPAMEATINGMONKEY" set $bl_score+=2 set $bl_listname="%P{bl_listname}BL_SPAMEATINGMONKEY "
racl continue dnsrbl "BL_GBUDB" set $bl_score+=2 set $bl_listname="%P{bl_listname}BL_GBUDB "
racl continue dnsrbl "BL_SPAMCOP" set $bl_score+=1 set $bl_listname="%P{bl_listname}BL_SPAMCOP "
racl continue dnsrbl "BL_SORBS" set $bl_score+=1 set $bl_listname="%P{bl_listname}BL_SORBS "   
racl continue dnsrbl "BL_SURRIEL" set $bl_score+=1 set $bl_listname="%P{bl_listname}BL_SURRIEL "
racl continue dnsrbl "BL_MAILSPIKE" set $bl_score+=1 set $bl_listname="%P{bl_listname}BL_MAILSPIKE "
racl continue dnsrbl "BL_IMP" set $bl_score+=1 set $bl_listname="%P{bl_listname}BL_IMP "
# dnswl
racl continue dnsrbl "WL_MAILSPIKE_H5" set $bl_score-=4 set $bl_listname="%P{bl_listname}WL_MAILSPIKE_H5 "

# whitelist DNSWL
racl "WL_DNSWL" whitelist dnsrbl "WL_LISTDNSWL"

# blacklist a host if listed on multiple DNS blacklists
racl "BL_DNSBL" blacklist $bl_score >= 4 msg "Bad reputation - %d [%i] listed on too many DNS blacklists: %P{bl_listname}(blhit %P{bl_score})" flushaddr

# extended greylisting if a host is listed on at least one DNS blacklist
racl "GL_DNSBL" greylist $bl_score >= 1 $bl_score <4 delay 12h autowhite 1d msg "Bad reputation - delaying messages from %d [%i] - listed on blacklists: %P{bl_listname}(blhit %P{bl_score})"
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License