Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
New Spamhaus zone and updates to the plugin
riccardo.alfieri at spamteq
Apr 30, 2020, 1:50 AM
Post #1 of 6 (684 views)
Permalink
Hello,

I'm happy to announce to the SpamAssassin community that Spamhaus has
released an updated version of our plugin that solves minor issues and,
more importantly, adds support for a new dataset we just released.

The new zone is called HBL (Hash BlockList) and deals with three
different email scenarios previously not covered by the plugin:

- Dropbox emails: emails - mostly on freemail providers - used in
419-like scams, sextortions and the like
- Cryptowallets: malicious crypto addresses used mainly in extortion
scams. Currently supports BTC,BCH,LTC,XRP,XMR and ETH
- Filehash: hashes of suspicious or confirmed malicious attachments

All the relevant technical information is available at
https://docs.spamhaustech.com/10-data-type-documentation/datasets/030-datasets.html#hbl


HBL is a zone available only to paid-for DQS users, but we do offer a
free trial; just follow the instructions at
https://github.com/spamhaus/spamassassin-dqs

Even if you are not planning to use HBL, we strongly suggest you to
update the plugin to the latest release for general security.

We'd love some feedback and I'm always open for suggestions or
discussion. Thank you!

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/
Re: New Spamhaus zone and updates to the plugin [ In reply to ]
axb.lists at gmail
Apr 30, 2020, 2:26 AM
Post #2 of 6 (681 views)
Permalink
Riccardo,

Is it also available to Spamhaus Rsync Datafeed customers?


On 2020-04-30 10:50, Riccardo Alfieri wrote:
> Hello,
>
> I'm happy to announce to the SpamAssassin community that Spamhaus has
> released an updated version of our plugin that solves minor issues and,
> more importantly, adds support for a new dataset we just released.
>
> The new zone is called HBL (Hash BlockList) and deals with three
> different email scenarios previously not covered by the plugin:
>
> - Dropbox emails: emails - mostly on freemail providers - used in
> 419-like scams, sextortions and the like
> - Cryptowallets: malicious crypto addresses used mainly in extortion
> scams. Currently supports BTC,BCH,LTC,XRP,XMR and ETH
> - Filehash: hashes of suspicious or confirmed malicious attachments
>
> All the relevant technical information is available at
> https://docs.spamhaustech.com/10-data-type-documentation/datasets/030-datasets.html#hbl
>
>
> HBL is a zone available only to paid-for DQS users, but we do offer a
> free trial; just follow the instructions at
> https://github.com/spamhaus/spamassassin-dqs
>
> Even if you are not planning to use HBL, we strongly suggest you to
> update the plugin to the latest release for general security.
>
> We'd love some feedback and I'm always open for suggestions or
> discussion. Thank you!
>
Re: New Spamhaus zone and updates to the plugin [ In reply to ]
dominic at timedicer
Apr 30, 2020, 3:07 AM
Post #3 of 6 (681 views)
Permalink
On Thu, 30 Apr 2020 at 09:51, Riccardo Alfieri <riccardo.alfieri@spamteq.com>
wrote:

> Hello,
>
> I'm happy to announce to the SpamAssassin community that Spamhaus has
> released an updated version of our plugin that solves minor issues and,
> more importantly, adds support for a new dataset we just released.
>
> The new zone is called HBL (Hash BlockList) and deals with three
> different email scenarios previously not covered by the plugin:
>
> - Dropbox emails: emails - mostly on freemail providers - used in
> 419-like scams, sextortions and the like
> - Cryptowallets: malicious crypto addresses used mainly in extortion
> scams. Currently supports BTC,BCH,LTC,XRP,XMR and ETH
> - Filehash: hashes of suspicious or confirmed malicious attachments
>
> All the relevant technical information is available at
>
> https://docs.spamhaustech.com/10-data-type-documentation/datasets/030-datasets.html#hbl
>
>
> HBL is a zone available only to paid-for DQS users, but we do offer a
> free trial; just follow the instructions at
> https://github.com/spamhaus/spamassassin-dqs
>
> Even if you are not planning to use HBL, we strongly suggest you to
> update the plugin to the latest release for general security.
>
> We'd love some feedback and I'm always open for suggestions or
> discussion. Thank you!
>

Thanks Riccardo this is a great tool and I have updated our SA plugin as
advised. I think it is a pity we small-scale users can't benefit from the
new HBL :( what was the logic here?

It might be worth posting on the postfix users list about the benefits of a
dqs account; I use it with postscreen and smtpd to good effect.
Re: New Spamhaus zone and updates to the plugin [ In reply to ]
riccardo.alfieri at spamteq
Apr 30, 2020, 3:25 AM
Post #4 of 6 (681 views)
Permalink
On 30/04/20 12:07, Dominic Raferd wrote:

>
> Thanks Riccardo this is a great tool and I have updated our SA plugin
> as advised. I think it is a pity we small-scale users can't benefit
> from the new HBL :( what was the logic here?
>
I don't know anything about the decisions behind the usage policy sorry
:) Try emailing the sales dept as advised in the README, maybe you'll
work something out.
> It might be worth posting on the postfix users list about the benefits
> of a dqs account; I use it with postscreen and smtpd to good effect.

I thought about that, but there are some issues I think.

If you put ZEN/DBL in postfix and reject at SMTP level you are basically
crippling what spamassassin is doing in postqueue, because it will never
see emails coming ie: from bots, probably giving problems to the
autolearn algo and other things like I think meta rules based on
Spamhaus zones.

You could still do prequeue rejections with SpamAssassin if you use a
milter, and if you keep ZEN shortcircuiting I don't think the overall
load avg would increase very much.

Oviously YMMV :)

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/
Re: New Spamhaus zone and updates to the plugin [ In reply to ]
spamassassin at arcsin
May 3, 2020, 4:24 AM
Post #5 of 6 (677 views)
Permalink
>> It might be worth posting on the postfix users list about the benefits
>> of a dqs account; I use it with postscreen and smtpd to good effect.
>
> I thought about that, but there are some issues I think.

There is another generic benefit: It might be the only alternative to
access ZEN when spamhaus.org's cut-off [2] is in effect. The cut-off
doesn't need to be ones own fault but might have happened before one
acquired the affected IP address.

[2] https://www.spamhaus.org/organization/dnsblusage/
Re: New Spamhaus zone and updates to the plugin [ In reply to ]
spamassassin at arcsin
May 3, 2020, 4:40 AM
Post #6 of 6 (677 views)
Permalink
> Am 03.05.20 um 13:24 schrieb Damian:
>>>> It might be worth posting on the postfix users list about the benefits
>>>> of a dqs account; I use it with postscreen and smtpd to good effect.
>>>
>>> I thought about that, but there are some issues I think.
>>
>> There is another generic benefit: It might be the only alternative to
>> access ZEN when spamhaus.org's cut-off [2] is in effect. The cut-off
>> doesn't need to be ones own fault but might have happened before one
>> acquired the affected IP address.
>>
>> [2] https://www.spamhaus.org/organization/dnsblusage/
>
> and you think spamhaus knows or cares if your request comes from
> spamassassin or postscreen?

No, that is why I wrote "generic". I learned about the existence of DQS
from mail correspondence with spamhaustech, after I tried and failed to
obtain information at the spamhaus.org website of how to lift the
cut-off. So maybe the guys could advertise DQS more, in general.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal