doc:appunti:linux:sa:spamassassin_private_dnsbl
This is an old revision of the document!
Table of Contents
How to use a private DNS Blocklist with SpamAssassin
Beside dnsbl.sorbs.net and zen.spamhaus.org…
Configure the DNS
/var/cache/bind/bl.rigacci.org
$TTL 900 ; 15 minutes
bl.rigacci.org IN SOA ns1.rigacci.org. postmaster.rigacci.org. (
1 ; serial
3600 ; refresh (1 hour)
600 ; retry (5 minutes)
432000 ; expire (5 days)
10 ; minimum (10 seconds)
)
NS ns1.rigacci.org.
NS ns2.rigacci.org.
$ORIGIN bl.rigacci.org.
$TTL 900 ; 15 minutes
Generate the DNS key:
dnssec-keygen -a HMAC-MD5 -b 512 -n USER bl-rigacci-org_rndc-key
Get the secret from the generated private file:
cat Kbl-rigacci-org_rndc-key.+157+27575.private ... Key: rg2aizg+T6XkKkmpI42K7g== ...
/etc/bind/bl-rigacci-org_rndc-key
Be sure to set the file into 640 mode and owned by bind:bind.
key "bl-rigacci-org_rndc-key" {
algorithm hmac-md5;
secret "rg2aizg+T6XkKkmpI42K7g==";
};
/etc/bind/named.conf.local
Suppose that 10.100.101.102 is your secondary DNS server:
//--------------------------------------------------------------
// Dynamic update zone for DNS BlockList.
//--------------------------------------------------------------
zone "bl.rigacci.org" {
type master;
allow-update { 127.0.0.1; 10.100.101.102; };
allow-transfer { 127.0.0.1; 10.100.101.102; };
file "bl.rigacci.org";
max-journal-size 500k;
};
include "/etc/bind/bl-rigacci-org_rndc-key";
Configure SpamAssassin
doc/appunti/linux/sa/spamassassin_private_dnsbl.1581956438.txt.gz · Last modified: by niccolo