poste.io2

Implementing Spamhaus DQS

Spamhaus DQS is a service that solves the problems of public/open resolvers. DQS has better quality data than the public service.

Registration

If you are not yet registered, you can sign up for a free trial with limited use of the service - https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account/

Download and configuration

The next step is to clone the default configuration for RSPAMd, which will already work with the DQS service:

$ cd ~
$ git clone https://github.com/spamhaus/rspamd-dqs

Files need to be edited to change all the keys available on the Spamhaus portal:

$ cd rspamd-dqs/3.x
$ $ grep key *
rbl.conf:        rbl = "your_DQS_key.zen.dq.spamhaus.net";
rbl.conf:        rbl = "your_DQS_key.zen.dq.spamhaus.net";
rbl.conf:        rbl = "your_DQS_key.authbl.dq.spamhaus.net";
rbl.conf:        rbl = "your_DQS_key.dbl.dq.spamhaus.net";
rbl.conf:	rbl = "your_DQS_key.dbl.dq.spamhaus.net";
rbl.conf:        rbl = "your_DQS_key.zrd.dq.spamhaus.net";
rbl.conf:      rbl = "your_DQS_key.zen.dq.spamhaus.net";
rbl.conf:       rbl = "your_DQS_key.dbl.dq.spamhaus.net"
rbl.conf:       rbl = "your_DQS_key.zrd.dq.spamhaus.net"
rbl.conf:      rbl = "your_DQS_key.dbl.dq.spamhaus.net";
rbl.conf:      rbl = "your_DQS_key.zrd.dq.spamhaus.net";
rbl.conf:        rbl = "your_DQS_key.sbl.dq.spamhaus.net";
rspamd.local.lua:local check_cw_dns = '._cw.your_DQS_key.hbl.dq.spamhaus.net.'
sh_rbl_hbl.conf:  rbl = "_email.your_DQS_key.hbl.dq.spamhaus.net";
sh_rbl_hbl.conf:  rbl = "_file.your_DQS_key.hbl.dq.spamhaus.net.";

Keys can be edited manually, but with the command line and sed we can change all the keys programmatically:

$ sed -i 's/your\_DQS\_key/abcdefghijklmnopq123456789/g' *.conf rspamd.local.lua

Implementing to poste.io

To add configuration to Poste.io we need to use the mechanisms described in "mailserver customization page"

$ mkdir -p /data/mailserver/_override/etc/rspamd/local.d
mkdir -p /your-data-dir/data/_override/etc/rspamd/local.d

// If you have HBL enabled
# cp *.conf /data/mailserver/_override/etc/rspamd/local.d
# cp rspamd.local.lua /data/mailserver/_override/etc/rspamd

// if you are using FREE version
$ cp rbl.conf rbl_group.conf /data/mailserver/_override/etc/rspamd/local.d

DQS in Haraka

Because there are multiple systems preventing SPAM we also need to adjust settings in Haraka. Go to the Administration > System settings > Spam & virus checks and update Spamhaus's url at DNSBL field:

Restart and test

Restart the container, you should see a message about overriding defaults immediately after startup:

...
[cont-init.d] 01-override-defaults.sh: executing...
* overwriting defaults with /data/_override directory
  ...

Now is the best time to test the changes - go to https://blt.spamhaus.com/ and run tests against your email address. All "invalid" emails should either end up in quarantine, marked as spam or blocked before actual delivery (Poste, for good reasons, rarely blocks emails at the time of SMTP communication).