SURBL filtering configuration

SURBLs are lists of web sites that have appeared in unsolicited messages. Unlike most lists, SURBLs are not lists of message senders.

Web sites seen in unsolicited messages tend to be more stable than the rapidly changing botnet IP addresses used to send the vast majority of them. Sender lists like zen.spamhaus.org can be used in a first stage filter to help identify 80% to 90% of unsolicited messages. SURBLs can help find about 75% of the otherwise difficult, remaining unsolicited messages in a second stage filter. Used together with sender lists, SURBLs have proven to be a highly-effective way to detect 95% of unsolicited messages.

The SURBL filter is part of the DKIM patch by Manvendra Bhangui and it's embedded in my combined patch.

Author: Manvendra Bhangui
Version: 1.39
ANNOUNCE
Original patch

To enable this filter you must export the variable SURBL with any value in your run file and pass the filter program to the QMAILQUEUE variable so that it can be executed before the delivery:

export SURBL=1
export QMAILQUEUE=/var/qmail/bin/surblqueue
export SURBLQUEUE=/var/qmail/bin/simscan

Actually the program is wrapped by surblqueue, as you can see. SURBLQUEUE will make the program to execute simscan when finished. If you don't define SURBLQUEUE the program executes qmail-queue to do the delivery.

NB: Remember to remove QMAILQUEUE from your tcp.smtp, otherwise it will overwrite your run file.

Be aware that the directory /var/qmail/control/cache must have the write priviledges for the user who runs qmail-smtpd, vpopmail in our case. I have adjusted my combined patch accordingly.

surblfilter requires two control files level2-tlds and level3-tlds in /var/qmail/control. The same can be obtained from surbl.org website http://www.surbl.org/tld/three-level-tlds http://www.surbl.org/tld/two-level-tlds. These files sholud not be confused with the SURBL lists themselves but it is worth to update them monthly or so on building a cronjob like this:

cat > /usr/local/bin/update_tlds.sh << __EOF__
#!/bin/bash
#

cd /var/qmail/control
/usr/bin/wget http://www.surbl.org/tld/three-level-tlds http://www.surbl.org/tld/two-level-tlds
mv two-level-tlds level2-tlds
mv three-level-tlds level3-tlds
__EOF__
chmod +x /usr/local/bin/update_tlds.sh

Now setup the cronjobs (the second one cleans the cache folder once a day):

# surbl tlds update
2 2 23 * * /usr/local/bin/update_tlds.sh 1> /dev/null
# surbl cache purge
2 9 * * * find /var/qmail/control/cache/* -cmin +5 -exec /bin/rm -f {} \;

Executing `surblfilter`, `qmail-dkim` and `simscan` in cascade

Using a combination of QMAILQUEUE, SURBLQUEUE and DKIMQUEUE will make you run both filters and finally pass the message to simscan, which in turn calls clamd, spamd and finally executes qmail-queue:

export SURBL=1  # Comment to disable SURBL filtering
export QMAILQUEUE=/var/qmail/bin/surblqueue # executes surblfilter
export SURBLQUEUE=/var/qmail/bin/qmail-dkim # executes qmail-dkim afer surblfilter
export DKIMQUEUE=/var/qmail/bin/simscan # simscan is executed after qmail-dkim
export DKIMKEY=/usr/local/etc/domainkeys/%/default
# DKIM verification. Use carefully
export DKIMVERIFY="FGHKLMNOQRTVWp"
# This is to allow msg without "subject" in the h= list
export UNSIGNED_SUBJECT=1
# This is to avoid verification of outgoing messages
export RELAYCLIENT_NODKIMVERIFY=1

Testing

Send yourself an email with an URL such as http://surbl-org-permanent-test-point.com/ in the body. You should see the filter in action in your qmail-smtpd log:

qmail-smtpd: message rejected (message contains an URL listed in SURBL blocklist): user@domain.xy from 123.45.67.89 to yourself@yourdomain.xy helo yourmailserver.xy

DKIM

Limiting per user/IP outgoing emails

add a comment

Comments

Error compiling surblfilter

Pablo Murillo February 14, 2019 03:07

Hi

I'm trying to apply the patch on FreeBsd, but after solving many errors I was stuck with this

./load surblfilter envread.o strerr_die.o strerr_sys.o control.o alloc.o alloc_re.o error.o error_str.o auto_qmail.o case_startb.o byte_diff.o str_cspn.o byte_copy.o byte_chr.o byte_rchr.o byte_cr.o getln.o getln2.o open_read.o str_len.o str_diffn.o str_cpy.o str_chr.o scan_xlong.o now.o scan_ulong.o mess822_ok.o constmap.o ip.o dns.o ipalloc.o fmt_str.o fmt_ulong.o socket_v6any.o socket_v4mappedprefix.o sgetopt.o subgetopt.o base64sub.o case_diffb.o stralloc.a substdio.a -lresolv

/usr/bin/ld: cannot find -lresolv

cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** Error code 1

After reading & reading I finally understund that FreeBSD doesn't have "resolv", so, the solution was to remove "-lresolv" from patch

I'm not using "all" the patch that you made, because I'm using ports on freebsd, but I use your guide to configure a lot of things

Thanks for your work

SURBL filtering configuration

Executing surblfilter, qmail-dkim and simscan in cascade

Testing

Comments

qmail notes

LXC scripts

Other contents

Recent comments

Recent posts

Executing `surblfilter`, `qmail-dkim` and `simscan` in cascade