Posted by RvdH under SpamAssassin on May 14 2015

Below you find additional DNSBL's I use to work with SpamAssassin and my hMailServer installations, both @home as @work.
Additionally i posted a rule that causes extra spam scoring if amessage is listed in multiple DNSBL's
 


# VIRBL (virus sender blacklist) http://virbl.bit.nl
header      RCVD_IN_VIRBL   eval:check_rbl_txt('virbl', 'virbl.dnsbl.bit.nl.')
describe    RCVD_IN_VIRBL   Listed in virbl.dnsbl.bit.nl
tflags      RCVD_IN_VIRBL   net
score       RCVD_IN_VIRBL   2.0 # adjust the score value as desired

# dnsbl.justspam.org
header		RCVD_IN_JUSTSPAM	eval:check_rbl('justspam.org','dnsbl.justspam.org.') 
describe	RCVD_IN_JUSTSPAM	Listed in dnsbl.justspam.org.
tflags		RCVD_IN_JUSTSPAM	net 
score		RCVD_IN_JUSTSPAM	0.5 # adjust the score value as desired 

# dnsbl.inps.de
header 		RCVD_IN_DNSBL_INPS_DE	eval:check_rbl('inps-de','dnsbl.inps.de.') 
describe 	RCVD_IN_DNSBL_INPS_DE	Received via a relay in inps.de DNSBL 
tflags 		RCVD_IN_DNSBL_INPS_DE	net 
score 		RCVD_IN_DNSBL_INPS_DE	3.0 # adjust the score value as desired

# spam.dnsbl.anonmails.de
header 		RCVD_IN_ANONMAILS	eval:check_rbl('anonmails-lastexternal', 'spam.dnsbl.anonmails.de.')
describe 	RCVD_IN_ANONMAILS	Relay is listed in spam.dnsbl.anonmails.de
tflags 		RCVD_IN_ANONMAILS	net
score 		RCVD_IN_ANONMAILS	2.0 # adjust the score value as desired

# UCEPROTECT1 (open relays/proxys/dialups) http://uceprotect.net
header          RCVD_IN_UCEPROTECT1	eval:check_rbl_txt('uceprotect1-lastexternal', 'dnsbl-1.uceprotect.net.')
describe        RCVD_IN_UCEPROTECT1	Listed in dnsbl-1.uceprotect.net
tflags          RCVD_IN_UCEPROTECT1	net
score           RCVD_IN_UCEPROTECT1	2.0 # adjust the score value as desired

# UCEPROTECT2 (open relays/proxys/dialups networks) http://uceprotect.net
header          RCVD_IN_UCEPROTECT2	eval:check_rbl_txt('uceprotect2-lastexternal', 'dnsbl-2.uceprotect.net.')
describe        RCVD_IN_UCEPROTECT2	Network listed in dnsbl-2.uceprotect.net
tflags          RCVD_IN_UCEPROTECT2	net
score           RCVD_IN_UCEPROTECT2	1.0 # adjust the score value as desired

# UCEPROTECT3 (bad networks) http://uceprotect.net
header          RCVD_IN_UCEPROTECT3	eval:check_rbl_txt('uceprotect3-lastexternal', 'dnsbl-3.uceprotect.net.')
describe        RCVD_IN_UCEPROTECT3	Network listed in dnsbl-3.uceprotect.net
tflags          RCVD_IN_UCEPROTECT3	net
score           RCVD_IN_UCEPROTECT3	0.5 # adjust the score value as desired

# SEM-BACKSCATTER
header RCVD_IN_SEMBACKSCATTER eval:check_rbl('sembackscatter-lastexternal', 'backscatter.spameatingmonkey.net.')
tflags RCVD_IN_SEMBACKSCATTER net
describe RCVD_IN_SEMBACKSCATTER Received from an IP listed by SEM-BACKSCATTER
score RCVD_IN_SEMBACKSCATTER 0.5 # adjust the score value as desired

# SEM-BLACK
header RCVD_IN_SEMBLACK eval:check_rbl('semblack-lastexternal', 'bl.spameatingmonkey.net.')
tflags RCVD_IN_SEMBLACK net
describe RCVD_IN_SEMBLACK Received from an IP listed by SEM-BLACK
score RCVD_IN_SEMBLACK 2.0 # adjust the score value as desired

# SEM-URI
urirhssub SEM_URI uribl.spameatingmonkey.net. A 2
body SEM_URI eval:check_uridnsbl('SEM_URI')
describe SEM_URI Contains a URI listed by SEM-URI
tflags SEM_URI net
score SEM_URI 0.5 # adjust the score value as desired

# SEM-URIRED
urirhssub SEM_URIRED urired.spameatingmonkey.net. A 2
body SEM_URIRED eval:check_uridnsbl('SEM_URIRED')
describe SEM_URIRED Contains a URI listed by SEM-URIRED
tflags SEM_URIRED net
score SEM_URIRED 0.5 # adjust the score value as desired

# SEM-FRESH
urirhssub SEM_FRESH fresh.spameatingmonkey.net. A 2
body SEM_FRESH eval:check_uridnsbl('SEM_FRESH')
describe SEM_FRESH Contains a domain registered less than 5 days ago
tflags SEM_FRESH net
score SEM_FRESH 0.5 # adjust the score value as desired

# HOSTKARMA
header __RCVD_IN_HOSTKARMA eval:check_rbl('HOSTKARMA-lastexternal','hostkarma.junkemailfilter.com.')
describe __RCVD_IN_HOSTKARMA Sender listed in JunkEmailFilter
tflags __RCVD_IN_HOSTKARMA net
 
header RCVD_IN_HOSTKARMA_W eval:check_rbl_sub('HOSTKARMA-lastexternal', '127.0.0.1')
describe RCVD_IN_HOSTKARMA_W Sender listed in HOSTKARMA-WHITE
tflags RCVD_IN_HOSTKARMA_W net nice
score RCVD_IN_HOSTKARMA_W -5 # adjust the score value as desired
 
header RCVD_IN_HOSTKARMA_BL eval:check_rbl_sub('HOSTKARMA-lastexternal', '127.0.0.2')
describe RCVD_IN_HOSTKARMA_BL Sender listed in HOSTKARMA-BLACK
tflags RCVD_IN_HOSTKARMA_BL net
score RCVD_IN_HOSTKARMA_BL 3.0 # adjust the score value as desired
 
header RCVD_IN_HOSTKARMA_BR eval:check_rbl_sub('HOSTKARMA-lastexternal', '127.0.0.4')
describe RCVD_IN_HOSTKARMA_BR Sender listed in HOSTKARMA-BROWN
tflags RCVD_IN_HOSTKARMA_BR net
score RCVD_IN_HOSTKARMA_BR 1.0 # adjust the score value as desired

# blockedservers.com
header   RCVD_IN_BLKSRV	eval:check_rbl('blockedservers-lastexternal', 'rbl.blockedservers.com.')
describe RCVD_IN_BLKSRV	Listed in rbl.blockedservers.com
tflags   RCVD_IN_BLKSRV	net
score    RCVD_IN_BLKSRV	2.0 # adjust the score value as desired

# Weighted Private Block List
header    RCVD_IN_WPBL  eval:check_rbl('wpbl-lastexternal','db.wpbl.info.','127.0.0.2')
describe  RCVD_IN_WPBL  Listed in db.wpbl.info
tflags    RCVD_IN_WPBL  net
score     RCVD_IN_WPBL  2.0 # adjust the score value as desired

# sorbs-spam
header RCVD_IN_SORBS_SPAM	eval:check_rbl_sub('sorbs', '127.0.0.6')
describe RCVD_IN_SORBS_SPAM	SORBS: sender is a spam source
tflags RCVD_IN_SORBS_SPAM	net
score RCVD_IN_SORBS_SPAM	0 2.0 0 2.0 # adjust the score value as desired

# NIX-SPAM
header		RCVD_IN_NIX_SPAM  eval:check_rbl('nix-spam-lastexternal','ix.dnsbl.manitu.net.')
describe	RCVD_IN_NIX_SPAM  Listed in NIX-SPAM DNSBL
tflags		RCVD_IN_NIX_SPAM  net
score		RCVD_IN_NIX_SPAM  2.0 # adjust the score value as desired


Extra scoring rules if a sender ip is listed in more than 2 configured DNSBL's

# Do a summary to give more weight to blacklists
meta       CUSTOM_MANY_BL (RCVD_IN_BL_SPAMCOP_NET + RCVD_IN_SBL + RCVD_IN_XBL + RCVD_IN_PBL + RCVD_IN_VIRBL + RCVD_IN_UCEPROTECT1 + RCVD_IN_WPBL + RCVD_IN_BLKSRV + RCVD_IN_ANONMAILS + RCVD_IN_DNSBL_INPS_DE + RCVD_IN_NIX_SPAM + RCVD_IN_SEMBLACK + RCVD_IN_HOSTKARMA_BL + RCVD_IN_JUSTSPAM + RCVD_IN_PSBL + RCVD_IN_SORBS_SPAM + RCVD_IN_SORBS_DUL + RCVD_IN_SORBS_HTTP) > 2
describe   CUSTOM_MANY_BL Message received in more than 2 RBLs
score      CUSTOM_MANY_BL 6.0

meta       CUSTOM_MANY_URIBL (URIBL_BLACK + URIBL_JP_SURBL + URIBL_WS_SURBL + URIBL_PH_SURBL + URIBL_MW_SURBL + URIBL_AB_SURBL + URIBL_DBL_SPAM + URIBL_DBL_PHISH + URIBL_DBL_MALWARE + URIBL_DBL_BOTNETCC + URIBL_SBL + URIBL_SBL_A + SEM_URI + SEM_FRESH + SEM_URIRED) > 2
describe   CUSTOM_MANY_URIBL Message received in more than 2 URIBL
score      CUSTOM_MANY_URIBL 6.0