Basics User Guide Anti-spam Plugins SH

SH

The Spamhaus data query service (DQS) is a set of DNSBLs with real time updates operated by Spamhaus Technology.

How to get a Spamhaus API key

Signup for the non-commercial use key here or the commercial use key here
Navigate to Warden Antispam and Virus Protection -> Plugin Settings -> SH and enter the license key under Data Query Service API key and press the update button. Warden will create the service rules file /etc/mail/spamassassin/SH.cf with the default scores.
If using a commercial use key you can enable the Hash Blocklist (HBL). This blocklist specilaizes in blocking cryptowallet, malware, email addresses and URLs (including shorteners, redirectors and online file storage providers). Important: The HBL is included in the commercial use key only so it should not be enabled when using a non-commercial key.

Tests

Test name	Default scores
`RCVD_IN_AUTHBL`	2.5
`SH_BODYURI_REVERSE_SBL`	8
`SH_BODYURI_REVERSE_CSS`	3
`SH_BODYURI_REVERSE_DROP`	8
`SH_BODYURI_REVERSE_XBL`	2
`RCVD_IN_ZEN_LASTEXTERNAL`	8
`RCVD_IN_XBL`	1
`RCVD_IN_PBL`	0.001
`RCVD_IN_SBL`	6
`RCVD_IN_SBL_CSS`	3
`RCVD_IN_SBL_DROP`	6
`URIBL_SBL`	6
`URIBL_SBL_A`	0.1
`URIBL_DBL_SPAM`	8
`URIBL_DBL_PHISH`	8
`URIBL_DBL_MALWARE`	8
`URIBL_DBL_BOTNETCC`	8
`URIBL_DBL_ABUSE_SPAM`	7
`URIBL_DBL_ABUSE_REDIR`	0.5
`URIBL_DBL_ABUSE_PHISH`	7
`URIBL_DBL_ABUSE_MALW`	7
`URIBL_DBL_ABUSE_BOTCC`	7
`URIBL_DBL_ERROR`	0.001
`URIBL_CSS`	0.1
`URIBL_CSS_A`	0.1
`URIBL_ZRD`	6
`SH_DBL_BODY`	8
`SH_DBL_HEADERS`	8
`SH_DBL_HEADERS_ABUSED`	0.001
`SH_ZRD_HEADERS_VERY_FRESH`	8
`SH_ZRD_HEADERS_FRESH`	6
`SH_REVERSE_ZRD_VERY_FRESH`	8
`SH_REVERSE_ZRD_FRESH`	6
`SH_REVERSE_DBL`	8
`SH_REVERSE_DBL_ABUSED`	0.001
`SH_HELO_ZRD_VERY_FRESH`	6
`SH_HELO_ZRD_FRESH`	8
`SH_HELO_DBL`	8
`SH_HELO_DBL_ABUSED`	0.001
`SH_AUTHBL_AND_DBL_ABUSED`	6
`SH_ZRD_BODY_FRESH`	6
`SH_ZRD_BODY_VERY_FRESH`	8
`URIBL_DBL_BLOCKED_OPENDNS`	0
`URIBL_ZEN_BLOCKED_OPENDNS`	0
`RCVD_IN_ZEN_BLOCKED_OPENDNS`	0
`URIBL_DBL_BLOCKED`	0.001
`URIBL_ZEN_BLOCKED`	0.001
`RCVD_IN_ZEN_BLOCKED`	0.001
`SH_DBL_ABUSED_FULLHOST`	6
`SH_SBL_URL`	6

Hash Blocklist (HBL) Tests

Test name	Default scores
`SH_HBL_FILE_MALWARE`	10
`SH_HBL_FILE_SUSPICIOUS`	10
`SH_HBL_CW_BTC`	10
`SH_HBL_CW_ETH`	10
`SH_HBL_CW_BCH`	10
`SH_HBL_CW_XMR`	10
`SH_HBL_CW_LTC`	10
`SH_HBL_CW_XRP`	10
`SH_HBL_EMAILS`	8
`SH_URLHASH_ALL`	8
`SH_URLHASH_WITHQM`	8
`SH_URLHASH_NOSLASH`	8
`SH_URLHASH_DEFAULT`	8
`SH_URLHASH_SHORTENERS`	8

Related Pages