We’ve added four new content tests to SpamAssassin for the Mailspike DNSBL.
- RCVD_IN_MSPIKE_ZBI 4.1 points
- RCVD_IN_MSPIKE_L5 4.1 points
- RCVD_IN_MSPIKE_L4 3.5 points
- RCVD_IN_MSPIKE_L3 2.9 points
Categories
Category: Changes
On the heels of our previous announcements we have two more DNSBLs that we’re adding to the default list: ivmSIP and ivmSIP/24. These are available individually as “sip.invaluement.local” and “sip24.invaluement.local” through the account control center DNSBL settings. If you’re not using our default list you’ll need to add them to your configuration in order to take advantage of them. In our test phase we observed excellent results and decided to roll them out officially.
There’s also a new URI DNSBL to compliment content scanning: ivmURI. This has been added to SpamAssassin as INVALUEMENT_URI and INVALUEMENT_IP_URI. The DNSBL tests also have corresponding content tests: RCVD_IN_IVMSIP and RCVD_IN_IVMSIP24.
We’ve created a new internal DNSBL “cidr.dnsbl.rollernet.net” that contains networks that have spammed us directly, contain abusive mail hosts, or providers that are sources of such.
This is not a new feature, other than making it available as a DNSBL. For many years this list of blocked networks has been maintained internally and we handled whitelisting requests on a per-customer basis. By moving it to a DNSBL you will now see entries in the mail logs, can opt to omit it from the DNSBL config, and add whitelist entries online. Additionally, anyone not using the DNSBL feature but is using SpamAssassin will now have access to it through the “ROLLERNET_CIDR” test.
The disadvantage of moving to a DNSBL is that anyone with the DNSBL feature disabled (or aren’t using the default list) may start seeing spam from these networks that were previously directly blocked by the internal list. We recommend enabling DNSBL and configuring “cidr.dnsbl.rollernet.net” to return to the previous behavior.
Networks are added through direct observation (or brought to our attention) and correspond to “whois” or RIR boundaries. Once added to the list entries are generally never removed unless the network owner requests removal and we can verify in our logs that the listed network is now clean.
UPDATE: On January 11, 2019 the zone name was changed to cidr.dnsbl.rollernet.net. This zone is not accessible outside of our network.
Categories
New SpamAssassin Test: ROLLERNET_URI
We’ve added a new SpamAssassin test to the system: ROLLERNET_URI
This is an internal URI DNSBL that we add spamvertized domains to when someone spams us directly, typically to our role accounts. This rule has a default score of 3 points if a match is found in the message body.
With this we have removed two redundant tests: ROLLERNET_DATEME and ROLLERNET_LEADRUSH. The domains from those rules have been added to our internal URI DNSBL and will match on ROLLERNET_URI.
Categories
Webmail Upgrade: Roundcube 0.7.2
We’ve upgraded our Roundcube webmail option to its latest stable version: 0.7.2. All basic functionality has been verified, but if you encounter any issues please reload or clear your browser cache before reporting them to us.