👋 How can we help you?

Getting Started

How to integrate your MTA, Filter, or Security Appliance with Abusix Mail Intelligence.

Introduction

Exim

To add Abusix Mail Intelligence

Single configuration file

If you are using a single configuration file, open exim.conf and find the "acl_check_rcpt:" section, and add:

deny message = $dnslist_text
dnslists = <APIKEY>.combined.mail.abusix.zone

Replace <APIKEY> with “Your API key” from your account in app.abusix.com.

Then restart Exim.

 

Split configuration file

If you are using Exim split configuration, then open /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt and find the “.ifdef CHECK_RCPT_IP_DNSBLS” section and add the following after the “.endif”:

deny
    dnslists = <APIKEY>.combined.mail.abusix.zone
    add_header = X-Warning: $sender_host_address is listed by Abusix ($dnslist_value: $dnslist_text)
    log_message = $sender_host_address is listed by Abusix\n$dnslist_text

Replace <APIKEY> with “Your API key” from your account in app.abusix.com.

Then restart Exim.

Microsoft Exchange

To add Abusix Mail Intelligence

Add the following code below as described in the following Microsoft Support Documentation:

Add-IPBlockListProvider -Name "Abusix" -LookupDomain <APIKEY>.combined.mail.abusix.zone -RejectionResponse "Source IP address is listed by Abusix Mail Intelligence" -AnyMatch $true

Replace “APIKEY with “Your API key” from your account in app.abusix.com.

Qmail

To add Abusix Mail Intelligence

Edit your /var/qmail/supervise/qmail-smtpd/run file, adding "-r" or "-a" to the configuration file so that rblsmtpd runs before Qmail.

Create a run file using the following sample code.

exec
    /usr/local/bin/softlimit -m 30000000 \
    /usr/local/bin/tcpserver -v -H -R -l 0 -x /etc/tcp.smtp.cdb -c MAX-SMTP-CONNS -u QMAIL-USER -g QMAIL-GROUP 0 smtp \
        /usr/local/bin/rblsmtpd -t 5 \
            -b -r <APIKEY>.combined.mail.abusix.zone \
        /var/qmail/bin/qmail-smtpd 2>&1

Replace <APIKEY> with “Your API key” from your account in app.abusix.com.

 

Postfix

There are various ways to configure Postfix with Abusix Mail Intelligence. The following is our preferred method.

Edit /etc/postfix/main.cf

Add the following in the "smtpd_recipient_restrictions" parameter. It should be placed after "reject_unauth_destination".

smtpd_recipient_restrictions =
    ...
    reject_unauth_destination
    # Check rDNS in domain blacklist (optional)
    reject_rhsbl_client <APIKEY>.dblack.mail.abusix.zone
    # Check HELO/EHLO in domain blacklist (optional)
    reject_rhsbl_helo <APIKEY>.dblack.mail.abusix.zone
    # Check FROM domain in blacklist (optional)
    reject_rhsbl_sender <APIKEY>.dblack.mail.abusix.zone
    # Check connecting IP in whitelist (optional)
    # permit_dnswl_client entries should be placed before any reject directives
    # that want to skip, but should always be before any reject_rbl_client
    # entries to ensure that any IP listed on the whitelist not rejected.
    permit_dnswl_client <APIKEY>.white.mail.abusix.zone
    # Reject any IP listed in the blacklist
    reject_rbl_client <APIKEY>.combined.mail.abusix.zone

rbl_reply_maps = texthash:/etc/postfix/rbl_reply_map

Replace <APIKEY> with “Your API key” from your account in app.abusix.com.

 

Next, to prevent your API key from being leaked, create /etc/postfix/rbl_reply_map with the following:

<APIKEY>.combined.mail.abusix.zone        $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using Abusix Mail Intelligence${rbl_reason?; $rbl_reason}
<APIKEY>.dblack.mail.abusix.zone        $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using Abusix Mail Intelligence${rbl_reason?; $rbl_reason}

Replace <APIKEY> with “Your API key” from your account in app.abusix.com.

 

If you are using Postscreen, you can omit the "reject_rbl_client" entry and instead add:

postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply_map
postscreen_dnsbl_sites = <APIKEY>.combined.mail.abusix.zone

Replace <APIKEY> with “Your API key” from your account in app.abusix.com.

 

Then to prevent your API key from leaking, create /etc/postfix/postscreen_dnsbl_reply_map, which should contain the following:

<APIKEY>.combined.mail.abusix.zone                mail.abusix.zone

Replace <APIKEY> with “Your API key” from your account in app.abusix.com.

Then reload Postfix to activate this configuration.

 

Sendmail

To add Abusix Mail Intelligence

Edit your sendmail.mc file (usually found in /etc/mail) and add the following:

FEATURE(`dnsbl',`<APIKEY>.combined.mail.abusix.zone',`"554 Rejected " $&{client_addr} " is listed by Abusix Mail Intelligence see http://abusix.ai/search?q="$&{client_addr}')dnl

Replace <APIKEY> with “Your API key” from your account in app.abusix.com.

Compile sendmail.mc by running “make” in the same directory and then restart the Sendmail daemon.

 
 

SpamAssassin

To add Abusix Mail Intelligence

Edit local.cf (usually found in /etc/mail/spamassassin) as follows.

ifplugin Mail::SpamAssassin::Plugin::DNSEval
    header    __RCVD_IN_AMI       eval:check_rbl('ami', '<APIKEY>.combined.mail.abusix.zone.')
    describe  __RCVD_IN_AMI       Received via a relay in Abusix Mail Intelligence
    tflags    __RCVD_IN_AMI       net

    header    RCVD_IN_AMI_BLACK   eval:check_rbl_sub('ami', '^127\.0\.0\.(?:[23]|200)$')
    describe  RCVD_IN_AMI_BLACK   Received via a relay in Abusix Mail Intelligence Black
    score     RCVD_IN_AMI_BLACK   3.0
    tflags    RCVD_IN_AMI_BLACK   net

    header    RCVD_IN_AMI_EXPLOIT eval:check_rbl_sub('ami', '127.0.0.4')
    describe  RCVD_IN_AMI_EXPLOIT Received via a relay in Abusix Mail Intelligence Exploit
    score     RCVD_IN_AMI_EXPLOIT 3.0
    tflags    RCVD_IN_AMI_EXPLOIT net

    header    RCVD_IN_AMI_DYN     eval:check_rbl('ami-lastexternal', '<APIKEY>.combined.mail.abusix.zone.', '^127\.0\.0\.1[12]$')
    describe  RCVD_IN_AMI_DYN     Received via a relay in Abusix Mail Intelligence Dynamic
    score     RCVD_IN_AMI_DYN     3.0
    tflags    RCVD_IN_AMI_DYN     net

    header    RCVD_IN_AMI_WHITE   eval:check_rbl('ami-firsttrusted', '<APIKEY>.combined.mail.abusix.zone.', '127.0.2.1')
    describe  RCVD_IN_AMI_WHITE   Received via a relay in Abusix Mail Intelligence White
    score     RCVD_IN_AMI_WHITE   -0.1
    tflags    RCVD_IN_AMI_WHITE   nice net
endif

ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
    urirhsbl  URIBL_AMI_DBLACK    <APIKEY>.dblack.mail.abusix.zone. A
    body      URIBL_AMI_DBLACK    eval:check_uridnsbl('URIBL_AMI_DBLACK')
    describe  URIBL_AMI_DBLACK    Contains a spam URL listed in the Abusix Mail Intelligence domain blocklist
    score     URIBL_AMI_DBLACK    3.0
    tflags    URIBL_AMI_DBLACK    net

    urirhssub URIBL_AMI_WHITE     <APIKEY>.white.mail.abusix.zone. A 127.0.2.1
    body      URIBL_AMI_WHITE     eval:check_uridnsbl('URIBL_AMI_WHITE')
    describe  URIBL_AMI_WHITE     Contains a domain listed in the Abusix Mail Intelligence domain whitelist
    score     URIBL_AMI_WHITE     -0.1
    tflags    URIBL_AMI_WHITE     nice net
endif

Replace “APIKEY in all places with “Your API key” from your account in app.abusix.com.

Then restart SpamAssassin.

 

Rspamd

To add Abusix Mail Intelligence

Updated: 2022-12-13

⚠️
These instructions are for rspamd 3.x - if you aren’t running the latest version, you should be! You wouldn’t use an out-of-date Anti-Virus engine, so don’t run an out-of-date Anti-Spam engine.

You need to edit the following files (or create them if they don't already exist).

/etc/rspamd/local.d/rbl.conf

rbls {
    abusix_dnsbls_lasthop {
        symbol = "RBL_AMI_LASTHOP";
        rbl = "<APIKEY>.combined.mail.abusix.zone";
        checks = [ "from" ];
        unknown = false;
        returncodes {
            RBL_AMI_POLICY = [ "127.0.0.11", "127.0.0.12" ];
            RBL_AMI_BLACK = [ "127.0.0.2", "127.0.0.3", "127.0.0.200" ];
            RBL_AMI_EXPLOIT = [ "127.0.0.4" ];
        }
    }
    abusix_dnsbls_authbl {
        symbol = "RBL_AMI_AUTHBL";
        rbl = "<APIKEY>.authbl.mail.abusix.zone";
        checks = [ "from" ];
        exclude_users = false;
    }
    abusix_dnsbls_anyhop {
        symbol = "RBL_AMI_RCVD";
        rbl = "<APIKEY>.combined.mail.abusix.zone";
        checks = [ "received" ];
        unknown = false;
        returncodes {
            RBL_AMI_BLACK_RCVD = [ "127.0.0.2", "127.0.0.3", "127.0.0.200" ];
            RBL_AMI_EXPLOIT_RCVD = "127.0.0.4";
        }
    }
    abusix_dnsbls_noip {
        symbol = "RBL_AMI_NOIP";
        rbl = "<APIKEY>.noip.mail.abusix.zone";
        checks = [ "from", "received" ];
    }
    abusix_dnsbls_dblack {
        symbol = "RBL_AMI_DBLACK";
        rbl = "<APIKEY>.dblack.mail.abusix.zone";
        checks = [ "content_urls", "dkim" ];
        selector = "urls:get_host";
    }
    abusix_dnsbls_nod {
        symbol = "RBL_AMI_NOD";
        rbl = "<APIKEY>.nod.mail.abusix.zone";
        checks = [ "content_urls", "dkim", "urls" ];
    }
    abusix_dnsbls_emailbl {
        symbol = "RBL_AMI_EMAILBL"; 
        rbl = "<APIKEY>.emailbl.mail-beta.abusix.zone";
        selector = "from('mime').lower;from('smtp').lower";
        checks = ['emails', 'replyto'];
        hash = "sha1";
    }
    abusix_dnsbls_attachments {
        symbol = "RBL_AMI_ATTACH";
        rbl = "<APIKEY>.attachhash.mail-beta.abusix.zone";
        selector = "attachments('hex', 'sha1')";
    }
    abusix_dnswls_lasthop {
        symbol = "RWL_AMI_LASTHOP";
        rbl = "<APIKEY>.white.mail.abusix.zone";
        checks = [ "from" ];
        is_whitelist = true;        
    }
}

Replace <APIKEY> in all places with “Your API key” from your account in app.abusix.com.

 

/etc/rspamd/local.d/groups.conf

group "abusix" {
    description = "Abusix Mail Intelligence"
    symbols = {
        "RBL_AMI_BLACK" {
            score = 6.5;
            description = "Delivered by a host in the Abusix Mail Intelligence Block list";
        }
        "RBL_AMI_EXPLOIT" {
            score = 6.5;
            description = "Delivered by a host in the Abusix Mail Intelligence Exploit list";
        }
        "RBL_AMI_POLICY" {
            score = 2.0;
            description = "Delivered by a host in the Abusix Mail Intelligence Policy list";
        }
        "RBL_AMI_AUTHBL" {
            score = 15.0;
            description = "Delivered by a host in the Abusix Mail Intelligence Authentication block list";
        }
        "RBL_AMI_BLACK_RCVD" {
            score = 3.0;
            description = "Received via a host in the Abusix Mail Intelligence Black list";
        }
        "RBL_AMI_EXPLOIT_RCVD" {
            score = 3.0;
            description = "Received via a host in the Abusix Mail Intelligence Exploit list";
        }
        "RBL_AMI_BLACK_HTTP" {
            score = 4.5;
            description = "Message was injected via HTTP from a host in the Abusix Mail Intelligence Block list";
        }
        "RBL_AMI_NOIP" {
            score = 4.5;
            description = "Delivered or Received via a host in the Abusix Mail Intelligence Newly Observed IPs list";
        }
        "RWL_AMI_LASTHOP" {
            score = -1.0;
            description = "Delivered by a host in the Abusix Mail Intelligence White list";
        }
        "RBL_AMI_DBLACK" {
            score = 6.5;
            description = "Message contains a domain listed in the Abusix Mail Intelligence Block list";
        }
        "RBL_AMI_NOD" {
            score = 2.0;
            description = "Message contains a domain listed in the Abusix Mail Intelligence Newly Observed Domains list";
        }
        "RBL_AMI_EMAILBL" {
            score = 4.5;
            description = "Message contains an email address listed in the Abusix Mail Intelligence Email block list";
        }
        "RBL_AMI_BTC" {
            score = 6.5;
            description = "Message contains a Bitcoin wallet address listed in the Abusix Mail Intelligence BTC Wallet block list";
        }
        "RBL_AMI_SHORTURL" {
            score = 6.5;
            description = "Message contains a Short URL listed in the Abusix Mail Intelligence Short URL block list";
        }
        "RBL_AMI_DISKURL" {
            score = 6.5;
            description = "Message contains a Disk URL listed in the Abusix Mail Intelligence Disk URL block list";
        }
        "RBL_AMI_ATTACH" {
            score = 4.5;
            description = "Message contains an attachment listed in the Abusix Mail Intelligence Attachment block list";
        }
    }
}

/etc/rspamd/rspamd.local.lua

 

IMPORTANT:

If you use rsync, change the check_*_dns values to reflect the namespace in your local rbldnsd that should be queried.

You can comment out the relevant check_*_dns setting to disable the lookup.

 
local rregexp = require "rspamd_regexp"
local rlogger = require "rspamd_logger"
local rhash   = require "rspamd_cryptobox_hash"
local rutil   = require "lua_util"
local rip     = require "rspamd_ip"

-- IMPORTANT: change <APIKEY> with the key from your account in app.abusix.com.
local ABUSIX_API_KEY = '<APIKEY>';

-- Comment any of the following lines out to disable the lookups
-- NOTE: if you run rbldnsd yourself and rsync the data then you might need to modify these.
local check_shorturls_dns      = '.' .. ABUSIX_API_KEY .. '.shorthash.mail.abusix.zone.'
local check_diskurls_dns       = '.' .. ABUSIX_API_KEY .. '.diskhash.mail.abusix.zone.'
local check_web_submission_dns = '.' .. ABUSIX_API_KEY .. '.combined.mail.abusix.zone.'
local check_btc_dns            = '.' .. ABUSIX_API_KEY .. '.btc-wallets.mail-beta.abusix.zone.'

local re_short_path = rregexp.create_cached('/^(?!(?:[a-z]+|[A-Z]+|[0-9]+)$)[a-zA-Z0-9]{3,11}$/')

local check_shorturls_cb = function (task)
    -- Disable checks if no DNS namespace is set-up
    if not (check_shorturls_dns) then return false end

    local function find_short_urls (url)
        local path = url:get_path();
        if (re_short_path:match(path)) then
            return true
        end
    end
    local shorturls = rutil.extract_specific_urls({
        task = task,
        limit = 5,
        prefix = 'shorturls',
        filter = find_short_urls
    });

    if (not shorturls) then return false end

    local r = task:get_resolver()

    for _, url in pairs(shorturls) do
        -- Normalize
        local surl = url:get_host():lower() .. '/' .. url:get_path()
        local surl_hash = rhash.create_specific('sha1', surl):hex()
        local lookup = surl_hash .. check_shorturls_dns
        local function dns_cb(_,_,results,err)
            if (not results) then return false end
            if (tostring(results[1]) == '127.0.3.1') then
                rlogger.errx('found URL %s (%s) in Short URL blacklist', surl, surl_hash)
                return task:insert_result('RBL_AMI_SHORTURL', 1.0, surl);
            end
        end
        r:resolve_a({ task = task, name = lookup , callback = dns_cb })
    end
end

local check_shorturls = rspamd_config:register_symbol({
    name = "RBL_AMI_SHORTURL",
    type = "callback",
    callback = check_shorturls_cb
});

local re_disk_urls = rregexp.create_cached('/^(?:drive\\.google\\.com$|yadi\\.sk$|disk\\.yandex\\.)/')

local check_diskurls_cb = function (task)
    -- Disable checks if no DNS namespace is set-up
    if not (check_diskurls_dns) then return false end

    local function find_disk_urls (url)
        local host = url:get_host():lower();
        if (re_disk_urls:match(host)) then
            return true
        end
    end
    local diskurls = rutil.extract_specific_urls({
        task = task,
        limit = 5,
        prefix = 'diskurls',
        filter = find_disk_urls
    });

    if (not diskurls) then return false end

    local r = task:get_resolver()

    for _, url in pairs(diskurls) do
        -- Normalize
        local durl = url:get_host():lower() .. '/' .. url:get_path()
        local durl_hash = rhash.create_specific('sha1', durl):hex()
        local lookup = durl_hash .. check_diskurls_dns
        local function dns_cb(_,_,results,err)
            if (not results) then return false end
            if (tostring(results[1]) == '127.0.3.2') then
                rlogger.errx('found URL %s (%s) in Disk URL blacklist', durl, durl_hash)
                return task:insert_result('RBL_AMI_DISKURL', 1.0, durl);
            end
        end
        r:resolve_a({ task = task, name = lookup , callback = dns_cb })
    end
end

local check_diskurls = rspamd_config:register_symbol({
    name = "RBL_AMI_DISKURL",
    type = "callback",
    callback = check_diskurls_cb
});

local re_web_submission_ips = rregexp.create_cached('/for (.+)$/')

local check_web_submission_ips_cb = function (task)
    -- Disable checks if no DNS namespace is set-up
    if not (check_web_submission_dns) then return false end

    local ips
    if (task:has_header('x-php-script')) then
        local h = task:get_header('x-php-script')
        local m = re_web_submission_ips:search(h, false, true)
        if (m and m[1] and m[1][2]) then
            ips = m[1][2]
        end
    end

    if (task:has_header('http-posting-client')) then
        if (ips) then
            ips = ips .. ' ' .. task:get_header('http-posting-client')
        else
            ips = task:get_header('http-posting-client')
        end
    end

    if not (ips) then return false end

    local dedup = {}
    for ip in string.gmatch(ips, '([^, ]+)') do
        dedup[ip] = true;
    end

    local c = task:get_from_ip()
    local cip
    if (c) then
        cip = c:to_string()
    end

    local r = task:get_resolver()

    for k, v in pairs(dedup) do
        -- Exclude IPs that match the From IP
        if (k ~= cip) then
            local ip4 = rip.from_string(k)
            if not (ip4) then goto continue end
	    local lookup = table.concat(ip4:inversed_str_octets(), '.') .. check_web_submission_dns
            local function dns_cb(_,_,results,err)
		rlogger.errx('lookup=%s, results=%s, err=%s', lookup, results, err)
                if (not results) then return false end 
                for _, result in ipairs(results) do 
                    if (tostring(result) == '127.0.0.4') then
                        return task:insert_result('RBL_AMI_BLACK_HTTP', 1.0, k);
	            end
		end
            end
            r:resolve_a({ task = task, name = lookup , callback = dns_cb })
	    ::continue::
	end
    end
end

local check_diskurls = rspamd_config:register_symbol({
    name = "RBL_AMI_BLACK_HTTP",
    type = "callback",
    callback = check_web_submission_ips_cb
});

local btc_wallet_re = rregexp.create_cached('/(?:^|\\s)((?:[13]|bc1)[A-HJ-NP-Za-km-z1-9]{27,34})(?:\\s|$)/')

local check_btc_cb = function (task)
    -- Disable checks if no DNS namespace is set-up
    if not (check_btc_dns) then return false end

    local parts = task:get_text_parts()
    if not parts then return false end
    local r = task:get_resolver()
    for _, part in ipairs(parts) do
        local words = part:get_words('raw')
        for _, word in ipairs(words) do
            local match = btc_wallet_re:match(word)
            if match then
                local btc_hash = rhash.create_specific('sha1', word):hex()
                local lookup = btc_hash .. check_btc_dns
                local function dns_cb(_,_,results,err)
                    if (not results) then return false end
                    if (tostring(results[1]) == '127.0.4.1') then
                        rlogger.errx('found BTC wallet %s (%s) in BTC Wallet blacklist', word, btc_hash)
                        return task:insert_result('RBL_AMI_BTC', 1.0, word);
                    end
                end
                r:resolve_a({ task = task, name = lookup , callback = dns_cb, forced = true })
            end
        end
    end
end

local check_btc = rspamd_config:register_symbol({
    name = "RBL_AMI_BTC",
    type = "callback",
    callback = check_btc_cb
});

Replace <APIKEY> in all places with “Your API key” from your account in app.abusix.com.

Once you have created these files, restart rspamd.

 

Barracuda Email Firewall

To add Abusix Mail Intelligence

Go to BLOCK/ACCEPT -> IP Reputation in Barracuda, and under Custom External RBLs, add:

<APIKEY>.combined.mail.abusix.zone

Replace <APIKEY> with “Your API key” from your account in app.abusix.com.

And select "BLOCK.”

 

Example

Once set up, you will see "Blocked" items in the Message Log, and within those, the messages that Abusix Mail Intelligence blocked.

 

Example

 
 
 

Symantec Email Gateway

To add Abusix Mail Intelligence

In the Symantec Email Gateway appliance, in the Control Center, go to Reputation -> Bad Senders, ensure that 'Enable Third-Party Bad Sender detection' is enabled, click 'Add', and enter:

<APIKEY>.combined.mail.abusix.zone.

Replace <APIKEY> with “Your API key” from your account in app.abusix.com.

Please make sure the Action is set to 'Reject SMTP Connection' and then click 'Save.’

 
 
 

Plesk

To add Abusix Mail Intelligence

In the Plesk console, go to "Tools & Settings" and "Mail Server Settings" under the "Mail" heading.

Scroll to the bottom of the page and enable the option "Turn on spam protection based on DNS blackhole lists,” then set "DNS zones for DNSBL service" to:

<APIKEY>.combined.mail.abusix.zone

Replace <APIKEY> with “Your API key” from your account in app.abusix.com.

Then click 'OK.'

 

SpamAssassin can also be installed on Plesk, allowing Abusix Mail Intelligence to provide additional filtering.

This can be installed by going to "Tools & Settings,” "Plesk,” "Updates,” "Add/Remove Components", expanding "Mail Hosting" by clicking the + next to it, selecting "Install" under "SpamAssassin" and click "Continue."

Once SpamAssassin is installed, you can use the following instructions to configure it to use Abusix Mail Intelligence. You will need to use SSH and edit the necessary files by hand, as Plesk does not provide a way to do this via the console.

 

Instructions

Edit local.cf (usually found in /etc/mail/spamassassin) as follows.

ifplugin Mail::SpamAssassin::Plugin::DNSEval
    header    __RCVD_IN_AMI       eval:check_rbl('ami', '<APIKEY>.combined.mail.abusix.zone.')
    describe  __RCVD_IN_AMI       Received via a relay in Abusix Mail Intelligence
    tflags    __RCVD_IN_AMI       net

    header    RCVD_IN_AMI_BLACK   eval:check_rbl_sub('ami', '^127\.0\.0\.(?:[23]|200)$')
    describe  RCVD_IN_AMI_BLACK   Received via a relay in Abusix Mail Intelligence Black
    score     RCVD_IN_AMI_BLACK   3.0
    tflags    RCVD_IN_AMI_BLACK   net

    header    RCVD_IN_AMI_EXPLOIT eval:check_rbl_sub('ami', '127.0.0.4')
    describe  RCVD_IN_AMI_EXPLOIT Received via a relay in Abusix Mail Intelligence Exploit
    score     RCVD_IN_AMI_EXPLOIT 3.0
    tflags    RCVD_IN_AMI_EXPLOIT net

    header    RCVD_IN_AMI_DYN     eval:check_rbl('ami-lastexternal', '<APIKEY>.combined.mail.abusix.zone.', '^127\.0\.0\.1[12]$')
    describe  RCVD_IN_AMI_DYN     Received via a relay in Abusix Mail Intelligence Dynamic
    score     RCVD_IN_AMI_DYN     3.0
    tflags    RCVD_IN_AMI_DYN     net

    header    RCVD_IN_AMI_WHITE   eval:check_rbl('ami-firsttrusted', '<APIKEY>.combined.mail.abusix.zone.', '127.0.2.1')
    describe  RCVD_IN_AMI_WHITE   Received via a relay in Abusix Mail Intelligence White
    score     RCVD_IN_AMI_WHITE   -0.1
    tflags    RCVD_IN_AMI_WHITE   nice net
endif

ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
    urirhsbl  URIBL_AMI_DBLACK    <APIKEY>.dblack.mail.abusix.zone. A
    body      URIBL_AMI_DBLACK    eval:check_uridnsbl('URIBL_AMI_DBLACK')
    describe  URIBL_AMI_DBLACK    Contains a spam URL listed in the Abusix Mail Intelligence domain blocklist
    score     URIBL_AMI_DBLACK    3.0
    tflags    URIBL_AMI_DBLACK    net

    urirhssub URIBL_AMI_WHITE     <APIKEY>.white.mail.abusix.zone. A 127.0.2.1
    body      URIBL_AMI_WHITE     eval:check_uridnsbl('URIBL_AMI_WHITE')
    describe  URIBL_AMI_WHITE     Contains a domain listed in the Abusix Mail Intelligence domain whitelist
    score     URIBL_AMI_WHITE     -0.1
    tflags    URIBL_AMI_WHITE     nice net
endif

Replace <APIKEY> in all places with “Your API key” from your account in app.abusix.com.

Then restart SpamAssassin.

Once you have made these changes, run "systemctl restart spamassassin" to restart it.

CPanel

To add Abusix Mail Intelligence

  1. Log into WHM.
  1. On the left, select "Exim Configuration Manager,” then select the "RBLs" tab.
  1. Select "Manage Custom RBLs.”
  1. Under "Add a new RBL," enter the following:
    1. Rbl Name: abusix
      Rbl Info URL: https://lookup.abusix.com
      Dns List: <APIKEY>.combined.mail.abusix.zone
      (Replace <APIKEY> with Your API key from your account in 
  1. Replace <APIKEY> in all places with “Your API key” from your account in app.abusix.com.
  1. Click "Add" - you'll be shown a notification page directing you to enable it in your Configuration Editor, then rebuild your Exim config.
  1. Click "Exim Configuration Editor" and select the "RBLs" tab.
  1. To the right of "Custom RBL: abusix", select "On"
  1. Click "Save" to rebuild the Exim Configuration.
 

Cisco Email Security Appliance

To add Abusix Mail Intelligence

  1. In your Cisco Email Security Appliance, go to "Mail Policies" -> "HAT Overview"
  1. Click on the BLACKLIST or BLOCKED_LIST sender group (this depends on which version of the software you are running)
  1. Click Edit settings and under the DNS lists section, add <APIKEY>.combined.mail.abusix.zone. Replace <APIKEY> with “Your API key” from your account in app.abusix.com.

Learn more about Abusix Mail Intelligence

Learn more about Abusix Mail Intelligence

 

Still, need help?

No problem; click the chat button in the bottom right-hand corner of the screen and send us your questions. Alternatively, you can email us at support@abusix.com

 

also, follow our LinkedIn Channel for updates & subscribe to our YouTube Channel for the latest Abusix how-to-videos.

Did this answer your question?
😞
😐
🤩