/usr/share/spamassassin/25_uribl.cf is in spamassassin 3.4.2-1~deb9u1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 | # SpamAssassin - URIDNSBL rules
#
# Please don't modify this file as your changes will be overwritten with
# the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead.
# See 'perldoc Mail::SpamAssassin::Conf' for details.
#
# <@LICENSE>
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# </@LICENSE>
#
###########################################################################
# Requires the Mail::SpamAssassin::Plugin::URIDNSBL plugin be loaded.
# Note that this plugin defines a new config setting, 'uridnsbl',
# which lists the zones to look up in advance. The rules will
# not hit unless each rule has a corresponding 'uridnsbl' line.
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
###########################################################################
## Spamhaus
uridnssub URIBL_SBL zen.spamhaus.org. A 127.0.0.2
body URIBL_SBL eval:check_uridnsbl('URIBL_SBL')
describe URIBL_SBL Contains an URL's NS IP listed in the Spamhaus SBL blocklist
tflags URIBL_SBL net
reuse URIBL_SBL
if (version >= 3.004000)
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
uridnsbl URIBL_SBL_A sbl.spamhaus.org. A
body URIBL_SBL_A eval:check_uridnsbl('URIBL_SBL_A')
describe URIBL_SBL_A Contains URL's A record listed in the Spamhaus SBL blocklist
tflags URIBL_SBL_A net a
reuse URIBL_SBL_A
endif
endif
# DBL, http://www.spamhaus.org/dbl/
# changes axb 05-17-2014: as per http://www.spamhaus.org/news/article/713/
# SH changes effective 06-01-2014
if can(Mail::SpamAssassin::Plugin::URIDNSBL::has_tflags_domains_only)
urirhssub URIBL_DBL_SPAM dbl.spamhaus.org. A 127.0.1.2
body URIBL_DBL_SPAM eval:check_uridnsbl('URIBL_DBL_SPAM')
describe URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL blocklist
tflags URIBL_DBL_SPAM net domains_only
reuse URIBL_DBL_SPAM
urirhssub URIBL_DBL_PHISH dbl.spamhaus.org. A 127.0.1.4
body URIBL_DBL_PHISH eval:check_uridnsbl('URIBL_DBL_PHISH')
describe URIBL_DBL_PHISH Contains a Phishing URL listed in the Spamhaus DBL blocklist
tflags URIBL_DBL_PHISH net domains_only
reuse URIBL_DBL_PHISH
urirhssub URIBL_DBL_MALWARE dbl.spamhaus.org. A 127.0.1.5
body URIBL_DBL_MALWARE eval:check_uridnsbl('URIBL_DBL_MALWARE')
describe URIBL_DBL_MALWARE Contains a malware URL listed in the Spamhaus DBL blocklist
tflags URIBL_DBL_MALWARE net domains_only
reuse URIBL_DBL_MALWARE
urirhssub URIBL_DBL_BOTNETCC dbl.spamhaus.org. A 127.0.1.6
body URIBL_DBL_BOTNETCC eval:check_uridnsbl('URIBL_DBL_BOTNETCC')
describe URIBL_DBL_BOTNETCC Contains a botned C&C URL listed in the Spamhaus DBL blocklist
tflags URIBL_DBL_BOTNETCC net domains_only
reuse URIBL_DBL_BOTNETCC
urirhssub URIBL_DBL_ABUSE_SPAM dbl.spamhaus.org. A 127.0.1.102
body URIBL_DBL_ABUSE_SPAM eval:check_uridnsbl('URIBL_DBL_ABUSE_SPAM')
describe URIBL_DBL_ABUSE_SPAM Contains an abused spamvertized URL listed in the Spamhaus DBL blocklist
tflags URIBL_DBL_ABUSE_SPAM net domains_only
reuse URIBL_DBL_ABUSE_SPAM
urirhssub URIBL_DBL_ABUSE_REDIR dbl.spamhaus.org. A 127.0.1.103
body URIBL_DBL_ABUSE_REDIR eval:check_uridnsbl('URIBL_DBL_ABUSE_REDIR')
describe URIBL_DBL_ABUSE_REDIR Contains an abused redirector URL listed in the Spamhaus DBL blocklist
tflags URIBL_DBL_ABUSE_REDIR net domains_only
reuse URIBL_DBL_ABUSE_REDIR
urirhssub URIBL_DBL_ABUSE_PHISH dbl.spamhaus.org. A 127.0.1.104
body URIBL_DBL_ABUSE_PHISH eval:check_uridnsbl('URIBL_DBL_ABUSE_PHISH')
describe URIBL_DBL_ABUSE_PHISH Contains an abused phishing URL listed in the Spamhaus DBL blocklist
tflags URIBL_DBL_ABUSE_PHISH net domains_only
reuse URIBL_DBL_ABUSE_PHISH
urirhssub URIBL_DBL_ABUSE_MALW dbl.spamhaus.org. A 127.0.1.105
body URIBL_DBL_ABUSE_MALW eval:check_uridnsbl('URIBL_DBL_ABUSE_MALW')
describe URIBL_DBL_ABUSE_MALW Contains an abused malware URL listed in the Spamhaus DBL blocklist
tflags URIBL_DBL_ABUSE_MALW net domains_only
reuse URIBL_DBL_ABUSE_MALW
urirhssub URIBL_DBL_ABUSE_BOTCC dbl.spamhaus.org. A 127.0.1.106
body URIBL_DBL_ABUSE_BOTCC eval:check_uridnsbl('URIBL_DBL_ABUSE_BOTCC')
describe URIBL_DBL_ABUSE_BOTCC Contains an abused botnet C&C URL listed in the Spamhaus DBL blocklist
tflags URIBL_DBL_ABUSE_BOTCC net domains_only
reuse URIBL_DBL_ABUSE_BOTCC
# this indicates that IP-address queries were sent to DBL, and should
# never appear; if it does, something is wrong with SpamAssassin
urirhssub URIBL_DBL_ERROR dbl.spamhaus.org. A 127.0.1.255
body URIBL_DBL_ERROR eval:check_uridnsbl('URIBL_DBL_ERROR')
describe URIBL_DBL_ERROR Error: queried the Spamhaus DBL blocklist for an IP
tflags URIBL_DBL_ERROR net domains_only
reuse URIBL_DBL_ERROR
endif
###########################################################################
## SURBL
#MERGED INTO BIT 64 per bug 7279
#urirhssub URIBL_SC_SURBL multi.surbl.org. A 2
#body URIBL_SC_SURBL eval:check_uridnsbl('URIBL_SC_SURBL')
#describe URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
#tflags URIBL_SC_SURBL net
#reuse URIBL_SC_SURBL
urirhssub URIBL_WS_SURBL multi.surbl.org. A 4
body URIBL_WS_SURBL eval:check_uridnsbl('URIBL_WS_SURBL')
describe URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
tflags URIBL_WS_SURBL net
reuse URIBL_WS_SURBL
urirhssub URIBL_PH_SURBL multi.surbl.org. A 8
body URIBL_PH_SURBL eval:check_uridnsbl('URIBL_PH_SURBL')
describe URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
tflags URIBL_PH_SURBL net
reuse URIBL_PH_SURBL
urirhssub URIBL_MW_SURBL multi.surbl.org. A 16
body URIBL_MW_SURBL eval:check_uridnsbl('URIBL_MW_SURBL')
describe URIBL_MW_SURBL Contains a URL listed in the MW SURBL blocklist
tflags URIBL_MW_SURBL net
reuse URIBL_MW_SURBL
urirhssub URIBL_CR_SURBL multi.surbl.org. A 128
body URIBL_CR_SURBL eval:check_uridnsbl('URIBL_CR_SURBL')
describe URIBL_CR_SURBL Contains an URL listed in the CR SURBL blocklist
tflags URIBL_CR_SURBL net
reuse URIBL_CR_SURBL
#MERGED INTO BIT 64 per bug 7279
#urirhssub URIBL_AB_SURBL multi.surbl.org. A 32
#body URIBL_AB_SURBL eval:check_uridnsbl('URIBL_AB_SURBL')
#describe URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
#tflags URIBL_AB_SURBL net
#reuse URIBL_AB_SURBL
#JP MOVED INTO ABUSE AS WELL AND BIT REUSED per bug 7279
urirhssub URIBL_ABUSE_SURBL multi.surbl.org. A 64
body URIBL_ABUSE_SURBL eval:check_uridnsbl('URIBL_ABUSE_SURBL')
describe URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
tflags URIBL_ABUSE_SURBL net
reuse URIBL_ABUSE_SURBL
#SURBL BLOCK RULES - Bit 1 means your DNS has been blocked and this rule should be triggered to notify you.
urirhssub SURBL_BLOCKED multi.surbl.org. A 1
body SURBL_BLOCKED eval:check_uridnsbl('SURBL_BLOCKED')
describe SURBL_BLOCKED ADMINISTRATOR NOTICE: The query to SURBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information.
tflags SURBL_BLOCKED net noautolearn
reuse SURBL_BLOCKED
###########################################################################
## URIBL
urirhssub URIBL_BLACK multi.uribl.com. A 2
body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
describe URIBL_BLACK Contains an URL listed in the URIBL blacklist
tflags URIBL_BLACK net
reuse URIBL_BLACK
urirhssub URIBL_GREY multi.uribl.com. A 4
body URIBL_GREY eval:check_uridnsbl('URIBL_GREY')
describe URIBL_GREY Contains an URL listed in the URIBL greylist
tflags URIBL_GREY net
reuse URIBL_GREY
urirhssub URIBL_RED multi.uribl.com. A 8
body URIBL_RED eval:check_uridnsbl('URIBL_RED')
describe URIBL_RED Contains an URL listed in the URIBL redlist
tflags URIBL_RED net
reuse URIBL_RED
#URIBL BLOCK RULES - Bit 1 means your DNS has been blocked and this rule should be triggered to notify you.
urirhssub URIBL_BLOCKED multi.uribl.com. A 1
body URIBL_BLOCKED eval:check_uridnsbl('URIBL_BLOCKED')
describe URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information.
tflags URIBL_BLOCKED net noautolearn
reuse URIBL_BLOCKED
###########################################################################
## DOMAINS TO SKIP (KNOWN GOOD)
# Don't bother looking for example domains as per RFC 2606.
uridnsbl_skip_domain example.com example.net example.org
uridnsbl_skip_domain local.cf
# MUA CSS class definitions
uridnsbl_skip_domain div.tk p.tk li.tk no.tk
# (roughly) top 200 domains not blacklisted by SURBL
uridnsbl_skip_domain 126.com 163.com 2o7.net 4at1.com
uridnsbl_skip_domain 5iantlavalamp.com about.com adelphia.net adobe.com addthis.com
uridnsbl_skip_domain agora-inc.com agoramedia.com akamai.net
uridnsbl_skip_domain akamaitech.net amazon.com ancestry.com aol.com
uridnsbl_skip_domain apache.org apple.com arcamax.com astrology.com apple.news
uridnsbl_skip_domain atdmt.com att.net bbc.co.uk
uridnsbl_skip_domain bcentral.com bellsouth.net bfi0.com
uridnsbl_skip_domain bridgetrack.com cafe24.com charter.net
uridnsbl_skip_domain citibank.com citizensbank.com cjb.net
uridnsbl_skip_domain classmates.com clickbank.net cnet.com
uridnsbl_skip_domain cnn.com com.com com.ne.kr comcast.net
uridnsbl_skip_domain corporate-ir.net cox.net cs.com
uridnsbl_skip_domain custhelp.com daum.net dd.se debian.org
uridnsbl_skip_domain dell.com directtrack.com directnic.com domain.com
uridnsbl_skip_domain dsbl.org earthlink.net ebay.co.uk ebay.com
uridnsbl_skip_domain ebayimg.com ebaystatic.com edgesuite.net ediets.com
uridnsbl_skip_domain egroups.com emode.com excite.com f-secure.com
uridnsbl_skip_domain free.fr freebsd.org
uridnsbl_skip_domain gentoo.org geocities.com gmail.com gmx.net
uridnsbl_skip_domain go.com google.com googleadservices.com grisoft.com
uridnsbl_skip_domain hallmark.com hinet.net hotbar.com hotmail.com
uridnsbl_skip_domain hotpop.com hp.com ibm.com incredimail.com
uridnsbl_skip_domain investorplace.com ivillage.com joingevalia.com
uridnsbl_skip_domain juno.com kernel.org livejournal.com lycos.com
uridnsbl_skip_domain m7z.net mac.com macromedia.com
uridnsbl_skip_domain mail.com mail.ru mailscanner.info marketwatch.com
uridnsbl_skip_domain mcafee.com mchsi.com messagelabs.com
uridnsbl_skip_domain microsoft.com military.com mindspring.com mit.edu
uridnsbl_skip_domain monster.com msn.com nate.com
uridnsbl_skip_domain netflix.com netscape.com netscape.net netzero.net
uridnsbl_skip_domain norman.com nytimes.com optonline.net osdn.com
uridnsbl_skip_domain overstock.com pacbell.net pandasoftware.com
uridnsbl_skip_domain paypal.com peoplepc.com plaxo.com
uridnsbl_skip_domain prodigy.net radaruol.com.br
uridnsbl_skip_domain real.com redhat.com regions.com regionsnet.com
uridnsbl_skip_domain rogers.com rr.com sbcglobal.net sec.gov sf.net
uridnsbl_skip_domain shaw.ca shockwave.com smithbarney.com
uridnsbl_skip_domain sourceforge.net spamcop.net speedera.net sportsline.com
uridnsbl_skip_domain sun.com suntrust.com sympatico.ca t-online.de
uridnsbl_skip_domain tails.nl telus.net terra.com.br ticketmaster.com
uridnsbl_skip_domain tinyurl.com tiscali.co.uk tom.com
uridnsbl_skip_domain tone.co.nz tux.org uol.com.br
uridnsbl_skip_domain ups.com verizon.net w3.org usps.com
uridnsbl_skip_domain wamu.com wanadoo.fr washingtonpost.com weatherbug.com
uridnsbl_skip_domain web.de webshots.com webtv.net wsj.com
uridnsbl_skip_domain yahoo.ca yahoo.co.kr yahoo.co.uk
uridnsbl_skip_domain yahoo.com yahoo.com.br yahoogroups.com yimg.com
uridnsbl_skip_domain yopi.de yoursite.com zdnet.com
uridnsbl_skip_domain openxmlformats.org passport.com xmlsoap.org
uridnsbl_skip_domain abc.xyz avast.com schema.org
# wtogami's most frequent known good URIDNSBL lookups (1/1/2011)
uridnsbl_skip_domain alexa.com ask.com baidu.com bing.com craigslist.org
uridnsbl_skip_domain doubleclick.com ebay.de facebook.com flickr.com godaddy.com
uridnsbl_skip_domain google.co.in google.it mozilla.com myspace.com rediff.com
uridnsbl_skip_domain twitter.com wordpress.com yahoo.co.jp youtube.com
# axb's frequent known good URIDNSBL lookups
uridnsbl_skip_domain fedex.com
uridnsbl_skip_domain openoffice.org
uridnsbl_skip_domain vk.com
# pointless footer noise
uridnsbl_skip_domain security.cloud
uridnsbl_skip_domain yac.mx
# Microsoft on ns1.msedge.net
uridnsbl_skip_domain microsofttranslator.com office.com microsoftonline.com bing.com msedge.net
endif # Mail::SpamAssassin::Plugin::URIDNSBL
|