How to ... filter spam mail with real-time block lists (RBL)?

1.) Prepare script

Hamster Playground comes with a "ready-to-use" script named "Demo-RBL-Check.hsc" and an accompanying script module named "RblChecker.hsm". The script will lookup the IPs in the "Received:" headers of new mails and add "X-RBL-Warning:" headers for senders listed in any of the configured RBL.

Before you use the script, it is strongly suggested to only work with a copy of that script, because the one named "Demo-RBL-Check.hsc" will be overwritten next time you update Hamster. So copy or rename this script to "My-RBL-Check.hsc" first if you want to change it.

The only required configuration is the list of RBL hosts to be checked. The demo script already contains some widely used ones, highlighted in the script snippet below:

 

2.) Activate script

The "Demo-RBL-Check.hsc" script (or your personal "My-RBL-Check.hsc" script) is not intended to be started manually, it has to be started automatically whenever a new mail comes in instead.

To achieve this, just assign the script to the action named "MailInHeader". Be sure to mark the "Wait" option for it, but do not mark the "Lock" option!

After assigning the script to the "MailInHeader" action, every mail fetched from an external POP3 server will get additional "X-RBL-Warning:" headers whenever a sender is listed in one or more of the configured RBL.

Such "X-RBL-Warning:" headers will contain the following information:

<RBL-HOST> returned <RESULT> (<COMMENT>) for <IP> (<POSITION>)

<RBL-HOST> is the RBL host as given in the script.
<RESULT> is what the host has returned.
<COMMENT> is a description of the result as set in the script (just "listed" if none given).
<IP> is the IP number that was checked.
<POSITION> is a counter for the "Received:" header containing the IP ("1st", "2nd", "3rd, "4th" etc.).

Examples:

X-RBL-Warning: sbl-xbl.spamhaus.org returned 127.0.0.4 (spam source) for 210.127.65.50 (1st)
X-RBL-Warning: zz.countries.nerd.dk returned 127.0.1.154 (from .kr) for 210.127.65.50 (1st)

 

4.) Add filters

The information of the RBL lookup is now contained in the "X-RBL-Warning:" headers of mails, so this header can be used to filter out unwanted mails, e. g. by scoring them down with "Mail Traps":

Before someone asks: The regular expression patterns in the examples shown above just have a "." (=any character) where a "\." (=dot character) would be more appropriate. This is intended to improve readability and really doesn't matter in this case ...

[www.elbiah.de Hamster Playground Documentation]