A ReputationList to add

[nicola.piazzi]

I suggest this reputation list from Cisco SenderBase
Scores vary from -10 Worst to 10 Best
Simply add this to local.cf or other cf file

## REPUTAZIONE SU SENDERBASE
header R_SB_FR eval:check_rbl_txt('rf.senderbase.org-lastexternal','rf.senderbase.org')
describe R_SB_FR Ip mittente con reputazione su SenderBase
tflags R_SB_FR net
score R_SB_FR 0.01
reuse R_SB_FR
#
header R_SB_FR_M10 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^-10')
describe R_SB_FR_M10 Reputazione SenderBase -10
score R_SB_FR_M10 1.10
reuse R_SB_FR_M10
#
header R_SB_FR_M09 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^-9\.')
describe R_SB_FR_M09 Reputazione SenderBase -9
score R_SB_FR_M09 1.00
reuse R_SB_FR_M09
#
header R_SB_FR_M08 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^-8\.')
describe R_SB_FR_M08 Reputazione SenderBase -8
score R_SB_FR_M08 0.90
reuse R_SB_FR_M08
#
header R_SB_FR_M07 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^-7\.')
describe R_SB_FR_M07 Reputazione SenderBase -7
score R_SB_FR_M07 0.80
reuse R_SB_FR_M07
#
header R_SB_FR_M06 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^-6\.')
describe R_SB_FR_M06 Reputazione SenderBase -6
score R_SB_FR_M06 0.70
reuse R_SB_FR_M06
#
header R_SB_FR_M05 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^-5\.')
describe R_SB_FR_M05 Reputazione SenderBase -5
score R_SB_FR_M05 0.60
reuse R_SB_FR_M05
#
header R_SB_FR_M04 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^-4\.')
describe R_SB_FR_M04 Reputazione SenderBase -4
score R_SB_FR_M04 0.50
reuse R_SB_FR_M04
#
header R_SB_FR_M03 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^-3\.')
describe R_SB_FR_M03 Reputazione SenderBase -3
score R_SB_FR_M03 0.40
reuse R_SB_FR_M03
#
header R_SB_FR_M02 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^-2\.')
describe R_SB_FR_M02 Reputazione SenderBase -2
score R_SB_FR_M02 0.30
reuse R_SB_FR_M02
#
header R_SB_FR_M01 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^-1\.')
describe R_SB_FR_M01 Reputazione SenderBase -1
score R_SB_FR_M01 0.20
reuse R_SB_FR_M01
#
header R_SB_FR_P00 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^0\.')
describe R_SB_FR_P00 Reputazione SenderBase 0
score R_SB_FR_P00 0.10
reuse R_SB_FR_P00
#
header R_SB_FR_P01 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^1\.')
describe R_SB_FR_P01 Reputazione SenderBase 1
score R_SB_FR_P01 0.00
reuse R_SB_FR_P01
#
header R_SB_FR_P02 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^2\.')
describe R_SB_FR_P02 Reputazione SenderBase 2
score R_SB_FR_P02 -0.10
reuse R_SB_FR_P02
#
header R_SB_FR_P03 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^3\.')
describe R_SB_FR_P03 Reputazione SenderBase 3
score R_SB_FR_P03 -0.20
reuse R_SB_FR_P03
#
header R_SB_FR_P04 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^4\.')
describe R_SB_FR_P04 Reputazione SenderBase 4
score R_SB_FR_P04 -0.30
reuse R_SB_FR_P04
#
header R_SB_FR_P05 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^5\.')
describe R_SB_FR_P05 Reputazione SenderBase 5
score R_SB_FR_P05 -0.40
reuse R_SB_FR_P05
#
header R_SB_FR_P06 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^6\.')
describe R_SB_FR_P06 Reputazione SenderBase 6
score R_SB_FR_P06 -0.50
reuse R_SB_FR_P06
#
header R_SB_FR_P07 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^7\.')
describe R_SB_FR_P07 Reputazione SenderBase 7
score R_SB_FR_P07 -0.60
reuse R_SB_FR_P07
#
header R_SB_FR_P08 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^8\.')
describe R_SB_FR_P08 Reputazione SenderBase 8
score R_SB_FR_P08 -0.70
reuse R_SB_FR_P08
#
header R_SB_FR_P09 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^9\.')
describe R_SB_FR_P09 Reputazione SenderBase 9
score R_SB_FR_P09 -0.80
reuse R_SB_FR_P09
#
header R_SB_FR_P10 eval:check_rbl_sub('rf.senderbase.org-lastexternal', '^10')
describe R_SB_FR_P10 Reputazione SenderBase 10
score R_SB_FR_P10 -0.90
reuse R_SB_FR_P10
#
meta R_SB_FR_BLACK ( R_SB_FR_M10 || R_SB_FR_M09 || R_SB_FR_M08 || R_SB_FR_M07 || R_SB_FR_M06 )
describe R_SB_FR_BLACK SenderBase BLACK
score R_SB_FR_BLACK 2.00
#
meta R_SB_FR_WHITE ( R_SB_FR_P10 || R_SB_FR_P09 || R_SB_FR_P08 || R_SB_FR_P07 || R_SB_FR_P06 || R_SB_FR_P05 || R_SB_FR_P04 )
describe R_SB_FR_WHITE SenderBase WHITE
score R_SB_FR_WHITE -0.70

[pdwalker]

looks interesting.

has anyone else used this before?

[nicola.piazzi]

When i found the rbl i wrote the .cf
it seems to have valid results in my incoming mail

[ovizii]

Nicola shared it with me and I'm also using it successfully with slight variations.

[pdwalker]

What changes did you make?

[pdwalker]

Also, how do you know it is working?

I assume I need to install additional perl modules to get senderbase to work correctly with spamassassin?

[ovizii]

I only adjusted the scores and I can see its working because SA hits those rules => EFA => Reports => SA Rule Hits

[pdwalker]

Did you install any additional perl modules?

[ovizii]

nope. sorry forgot to mention that but I highly suspect you need Net::SenderBase

here is more info about the return codes : http://stackoverflow.com/questions/1414 ... erbase-org
and here: https://metacpan.org/pod/Net::SenderBase::Results

[pdwalker]

I see.

I'm using Centos as my base, and Net::SenderBase is not one of the packages available.

And since it uses an older version of Perl, attempting to install the module via CPAN is usually a disaster that often trashes my perl installation.

I can find the package at the RPMForge repository. I'm going to enable the repository and installed the perl-Net-SenderBase package.

Warning for those following my footsteps - the RPMForge repository has not been updated in a long time. You might cause yourself a lot of future problems if you install packages from this repo.

[pdwalker]

ovizil,

What else did you do to get this working?

At the moment, the only results I am getting are like so:

Code: Select all

Spam Report:	
Score	Matching Rule	         Description
-1.90	BAYES_00                 Bayes spam probability is 0 to 1%
 0.25	GMD_PDF_HORIZ            Contains pdf 100-240 (high) x 450-800 (wide)
 0.00	HTML_MESSAGE             HTML included in message
 0.10	ImageCerberusPLG1        image Cerebrus check 1 - possible image spam
 1.00	KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any anti-forgery methods
 0.01	R_SB_FR                  Ip sender with SenderBase Reputation of
-0.00	SPF_HELO_PASS            SPF: HELO matches SPF record
 0.01	T_DOC_ATTACH_NO_EXT      Document attachment with suspicious name
 0.01	T_FILL_THIS_FORM_SHORT   Fill in a short form with personal information

so the R_SB_FR rule appears to be triggering, but none of the R_SB_FR_* rules appear to be executed.

If I run a check by hand, I can get valid results (where 117.120.16.199 is the last connecting ip address):

Code: Select all

[root@efa spamassassin]# dig txt 199.16.120.117.rf.senderbase.org

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> txt 199.16.120.117.rf.senderbase.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50534
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;199.16.120.117.rf.senderbase.org. IN	TXT

;; ANSWER SECTION:
199.16.120.117.rf.senderbase.org. 725 IN TXT	"1.9"

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jul 12 19:03:39 2016
;; MSG SIZE  rcvd: 66

do you have any thoughts on how I can find out why the later tests are not showing up?

[ovizii]

Hm, this is how I adjusted the file, I don't see any major differences but give it a try.
I don't know what is wrong but I couldn't attach the file either with .cf or .txt or .pdf - really no idea what is allowed here so I put it up on pastebin => http://pastebin.com/EGvSSTbG

[pdwalker]

testing with your configuration.

how did you install your copy of the perl::net::sendbase module?

[ovizii]

I didn't. I only found that perl module while googling for documentation and mentioned it. Having had another look at it, I don't think you need it.

I mean all that actually happens is eval:check_rbl_txt and eval:check_rbl_sub

so if any rbl checks work on your system this one should too (do other rbl checks work???).
From my limited understanding of the matter all you need is the SA plugin Mail::SpamAssassin::Plugin::DNSEval to be active.

[pdwalker]

I got it, and yes, I think you are correct.

I should be able to pull that perl module and disable the extra repo (phew!) and it should behave correctly.