poste.io2

Implementing Spamhaus DQS

Spamhaus DQS is service which solves public/open resolvers problems. DQS has better quality dataset than public service.

Registration

If you are not already regitered you can freely sign up to trial with limited usage - https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account/

Download and configuration

Next step is cloning default configuration for RSPAMd which will already work with DQS service:

$ cd ~ $ git clone https://github.com/spamhaus/rspamd-dqs

Files need to be edited to change all keys which is available in Spamhaus portal:

$ cd rspamd-dqs/3.x
$ $ grep key *
rbl.conf:        rbl = "your_DQS_key.zen.dq.spamhaus.net";
rbl.conf:        rbl = "your_DQS_key.zen.dq.spamhaus.net";
rbl.conf:        rbl = "your_DQS_key.authbl.dq.spamhaus.net";
rbl.conf:        rbl = "your_DQS_key.dbl.dq.spamhaus.net";
rbl.conf:	rbl = "your_DQS_key.dbl.dq.spamhaus.net";
rbl.conf:        rbl = "your_DQS_key.zrd.dq.spamhaus.net";
rbl.conf:      rbl = "your_DQS_key.zen.dq.spamhaus.net";
rbl.conf:       rbl = "your_DQS_key.dbl.dq.spamhaus.net"
rbl.conf:       rbl = "your_DQS_key.zrd.dq.spamhaus.net"
rbl.conf:      rbl = "your_DQS_key.dbl.dq.spamhaus.net";
rbl.conf:      rbl = "your_DQS_key.zrd.dq.spamhaus.net";
rbl.conf:        rbl = "your_DQS_key.sbl.dq.spamhaus.net";
rspamd.local.lua:local check_cw_dns = '._cw.your_DQS_key.hbl.dq.spamhaus.net.'
sh_rbl_hbl.conf:  rbl = "_email.your_DQS_key.hbl.dq.spamhaus.net";
sh_rbl_hbl.conf:  rbl = "_file.your_DQS_key.hbl.dq.spamhaus.net.";

Keys can be edited by hand but having command line and sed we can change all keys programaticaly:

$ sed -i 's/your\_DQS\_key/abcdefghijklmnopq123456789/g' *.conf rspamd.local.lua

Implementing to poste.io

To add configuration to Poste.io we need to use mechanisms described at "mailserver customization page"

$ mkdir -p /data/mailserver/_override/etc/rspamd/local.d
mkdir -p /your-data-dir/data/_override/etc/rspamd/local.d

// If you have HBL enabled
# cp *.conf /data/mailserver/_override/etc/rspamd/local.d
# cp rspamd.local.lua /data/mailserver/_override/etc/rspamd

// if you are using FREE version
$ cp rbl.conf rbl_group.conf /data/mailserver/_override/etc/rspamd/local.d

Restart and test

Restart container, you should see notice about overriding defaults immidietely after start:

...
[cont-init.d] 01-override-defaults.sh: executing...
* overwriting defaults with /data/_override directory
  ...

Now it is best time to test changes - go to https://blt.spamhaus.com/ and run tests against your email address. All "invalid" emails should end up either in quarantine, marked as spam or blocked before actual delivery (Poste due good reasons rarely block emails at time of SMTP communication)