Introduction
Exim
To add Abusix Mail Intelligence
Single configuration file
If you are using a single configuration file, open exim.conf and find the "acl_check_rcpt:" section, and add:
deny message = $dnslist_text
dnslists = <APIKEY>.combined.mail.abusix.zoneReplace <APIKEY> with “Your API key” from your account in app.abusix.com.
Then restart Exim.
Split configuration file
If you are using Exim split configuration, then open /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt and find the “.ifdef CHECK_RCPT_IP_DNSBLS” section and add the following after the “.endif”:
deny
dnslists = <APIKEY>.combined.mail.abusix.zone
add_header = X-Warning: $sender_host_address is listed by Abusix ($dnslist_value: $dnslist_text)
log_message = $sender_host_address is listed by Abusix\n$dnslist_textReplace <APIKEY> with “Your API key” from your account in app.abusix.com.
Then restart Exim.
Microsoft Exchange
To add Abusix Mail Intelligence
Add the following code below as described in the following Microsoft Support Documentation:
Add-IPBlockListProvider -Name "Abusix" -LookupDomain <APIKEY>.combined.mail.abusix.zone -RejectionResponse "Source IP address is listed by Abusix Mail Intelligence" -AnyMatch $trueReplace “APIKEY” with “Your API key” from your account in app.abusix.com.
Qmail
To add Abusix Mail Intelligence
Edit your /var/qmail/supervise/qmail-smtpd/run file, adding "-r" or "-a" to the configuration file so that rblsmtpd runs before Qmail.
Create a run file using the following sample code.
exec
/usr/local/bin/softlimit -m 30000000 \
/usr/local/bin/tcpserver -v -H -R -l 0 -x /etc/tcp.smtp.cdb -c MAX-SMTP-CONNS -u QMAIL-USER -g QMAIL-GROUP 0 smtp \
/usr/local/bin/rblsmtpd -t 5 \
-b -r <APIKEY>.combined.mail.abusix.zone \
/var/qmail/bin/qmail-smtpd 2>&1Replace <APIKEY> with “Your API key” from your account in app.abusix.com.
Postfix
There are various ways to configure Postfix with Abusix Mail Intelligence. The following is our preferred method.
Edit /etc/postfix/main.cf
Add the following in the "smtpd_recipient_restrictions" parameter. It should be placed after "reject_unauth_destination".
smtpd_recipient_restrictions =
...
reject_unauth_destination
# Check rDNS in domain blacklist (optional)
reject_rhsbl_client <APIKEY>.dblack.mail.abusix.zone
# Check HELO/EHLO in domain blacklist (optional)
reject_rhsbl_helo <APIKEY>.dblack.mail.abusix.zone
# Check FROM domain in blacklist (optional)
reject_rhsbl_sender <APIKEY>.dblack.mail.abusix.zone
# Check connecting IP in whitelist (optional)
# permit_dnswl_client entries should be placed before any reject directives
# that want to skip, but should always be before any reject_rbl_client
# entries to ensure that any IP listed on the whitelist not rejected.
permit_dnswl_client <APIKEY>.white.mail.abusix.zone
# Reject any IP listed in the blacklist
reject_rbl_client <APIKEY>.combined.mail.abusix.zone
rbl_reply_maps = texthash:/etc/postfix/rbl_reply_mapReplace <APIKEY> with “Your API key” from your account in app.abusix.com.
Next, to prevent your API key from being leaked, create /etc/postfix/rbl_reply_map with the following:
<APIKEY>.combined.mail.abusix.zone $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using Abusix Mail Intelligence${rbl_reason?; $rbl_reason}
<APIKEY>.dblack.mail.abusix.zone $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using Abusix Mail Intelligence${rbl_reason?; $rbl_reason}Replace <APIKEY> with “Your API key” from your account in app.abusix.com.
If you are using Postscreen, you can omit the "reject_rbl_client" entry and instead add:
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply_map
postscreen_dnsbl_sites = <APIKEY>.combined.mail.abusix.zoneReplace <APIKEY> with “Your API key” from your account in app.abusix.com.
Then to prevent your API key from leaking, create /etc/postfix/postscreen_dnsbl_reply_map, which should contain the following:
<APIKEY>.combined.mail.abusix.zone mail.abusix.zoneReplace <APIKEY> with “Your API key” from your account in app.abusix.com.
Then reload Postfix to activate this configuration.
Sendmail
To add Abusix Mail Intelligence
Edit your sendmail.mc file (usually found in /etc/mail) and add the following:
FEATURE(`dnsbl',`<APIKEY>.combined.mail.abusix.zone',`"554 Rejected " $&{client_addr} " is listed by Abusix Mail Intelligence see http://abusix.ai/search?q="$&{client_addr}')dnlReplace <APIKEY> with “Your API key” from your account in app.abusix.com.
Compile sendmail.mc by running “make” in the same directory and then restart the Sendmail daemon.
SpamAssassin
To add Abusix Mail Intelligence
Edit local.cf (usually found in /etc/mail/spamassassin) as follows.
ifplugin Mail::SpamAssassin::Plugin::DNSEval
header __RCVD_IN_AMI eval:check_rbl('ami', '<APIKEY>.combined.mail.abusix.zone.')
describe __RCVD_IN_AMI Received via a relay in Abusix Mail Intelligence
tflags __RCVD_IN_AMI net
header RCVD_IN_AMI_BLACK eval:check_rbl_sub('ami', '^127\.0\.0\.(?:[23]|200)$')
describe RCVD_IN_AMI_BLACK Received via a relay in Abusix Mail Intelligence Black
score RCVD_IN_AMI_BLACK 3.0
tflags RCVD_IN_AMI_BLACK net
header RCVD_IN_AMI_EXPLOIT eval:check_rbl_sub('ami', '127.0.0.4')
describe RCVD_IN_AMI_EXPLOIT Received via a relay in Abusix Mail Intelligence Exploit
score RCVD_IN_AMI_EXPLOIT 3.0
tflags RCVD_IN_AMI_EXPLOIT net
header RCVD_IN_AMI_DYN eval:check_rbl('ami-lastexternal', '<APIKEY>.combined.mail.abusix.zone.', '^127\.0\.0\.1[12]$')
describe RCVD_IN_AMI_DYN Received via a relay in Abusix Mail Intelligence Dynamic
score RCVD_IN_AMI_DYN 3.0
tflags RCVD_IN_AMI_DYN net
header RCVD_IN_AMI_WHITE eval:check_rbl('ami-firsttrusted', '<APIKEY>.combined.mail.abusix.zone.', '127.0.2.1')
describe RCVD_IN_AMI_WHITE Received via a relay in Abusix Mail Intelligence White
score RCVD_IN_AMI_WHITE -0.1
tflags RCVD_IN_AMI_WHITE nice net
endif
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
urirhsbl URIBL_AMI_DBLACK <APIKEY>.dblack.mail.abusix.zone. A
body URIBL_AMI_DBLACK eval:check_uridnsbl('URIBL_AMI_DBLACK')
describe URIBL_AMI_DBLACK Contains a spam URL listed in the Abusix Mail Intelligence domain blocklist
score URIBL_AMI_DBLACK 3.0
tflags URIBL_AMI_DBLACK net
urirhssub URIBL_AMI_WHITE <APIKEY>.white.mail.abusix.zone. A 127.0.2.1
body URIBL_AMI_WHITE eval:check_uridnsbl('URIBL_AMI_WHITE')
describe URIBL_AMI_WHITE Contains a domain listed in the Abusix Mail Intelligence domain whitelist
score URIBL_AMI_WHITE -0.1
tflags URIBL_AMI_WHITE nice net
endifReplace “APIKEY” in all places with “Your API key” from your account in app.abusix.com.
Then restart SpamAssassin.
Rspamd
To add Abusix Mail Intelligence
Updated: 2022-12-13
You need to edit the following files (or create them if they don't already exist).
/etc/rspamd/local.d/rbl.conf
rbls {
abusix_dnsbls_lasthop {
symbol = "RBL_AMI_LASTHOP";
rbl = "<APIKEY>.combined.mail.abusix.zone";
checks = [ "from" ];
unknown = false;
returncodes {
RBL_AMI_POLICY = [ "127.0.0.11", "127.0.0.12" ];
RBL_AMI_BLACK = [ "127.0.0.2", "127.0.0.3", "127.0.0.200" ];
RBL_AMI_EXPLOIT = [ "127.0.0.4" ];
}
}
abusix_dnsbls_authbl {
symbol = "RBL_AMI_AUTHBL";
rbl = "<APIKEY>.authbl.mail.abusix.zone";
checks = [ "from" ];
exclude_users = false;
}
abusix_dnsbls_anyhop {
symbol = "RBL_AMI_RCVD";
rbl = "<APIKEY>.combined.mail.abusix.zone";
checks = [ "received" ];
unknown = false;
returncodes {
RBL_AMI_BLACK_RCVD = [ "127.0.0.2", "127.0.0.3", "127.0.0.200" ];
RBL_AMI_EXPLOIT_RCVD = "127.0.0.4";
}
}
abusix_dnsbls_noip {
symbol = "RBL_AMI_NOIP";
rbl = "<APIKEY>.noip.mail.abusix.zone";
checks = [ "from", "received" ];
}
abusix_dnsbls_dblack {
symbol = "RBL_AMI_DBLACK";
rbl = "<APIKEY>.dblack.mail.abusix.zone";
checks = [ "content_urls", "dkim" ];
selector = "urls:get_host";
}
abusix_dnsbls_nod {
symbol = "RBL_AMI_NOD";
rbl = "<APIKEY>.nod.mail.abusix.zone";
checks = [ "content_urls", "dkim", "urls" ];
}
abusix_dnsbls_emailbl {
symbol = "RBL_AMI_EMAILBL";
rbl = "<APIKEY>.emailbl.mail-beta.abusix.zone";
selector = "from('mime').lower;from('smtp').lower";
checks = ['emails', 'replyto'];
hash = "sha1";
}
abusix_dnsbls_attachments {
symbol = "RBL_AMI_ATTACH";
rbl = "<APIKEY>.attachhash.mail-beta.abusix.zone";
selector = "attachments('hex', 'sha1')";
}
abusix_dnswls_lasthop {
symbol = "RWL_AMI_LASTHOP";
rbl = "<APIKEY>.white.mail.abusix.zone";
checks = [ "from" ];
is_whitelist = true;
}
}Replace <APIKEY> in all places with “Your API key” from your account in app.abusix.com.
/etc/rspamd/local.d/groups.conf
group "abusix" {
description = "Abusix Mail Intelligence"
symbols = {
"RBL_AMI_BLACK" {
score = 6.5;
description = "Delivered by a host in the Abusix Mail Intelligence Block list";
}
"RBL_AMI_EXPLOIT" {
score = 6.5;
description = "Delivered by a host in the Abusix Mail Intelligence Exploit list";
}
"RBL_AMI_POLICY" {
score = 2.0;
description = "Delivered by a host in the Abusix Mail Intelligence Policy list";
}
"RBL_AMI_AUTHBL" {
score = 15.0;
description = "Delivered by a host in the Abusix Mail Intelligence Authentication block list";
}
"RBL_AMI_BLACK_RCVD" {
score = 3.0;
description = "Received via a host in the Abusix Mail Intelligence Black list";
}
"RBL_AMI_EXPLOIT_RCVD" {
score = 3.0;
description = "Received via a host in the Abusix Mail Intelligence Exploit list";
}
"RBL_AMI_BLACK_HTTP" {
score = 4.5;
description = "Message was injected via HTTP from a host in the Abusix Mail Intelligence Block list";
}
"RBL_AMI_NOIP" {
score = 4.5;
description = "Delivered or Received via a host in the Abusix Mail Intelligence Newly Observed IPs list";
}
"RWL_AMI_LASTHOP" {
score = -1.0;
description = "Delivered by a host in the Abusix Mail Intelligence White list";
}
"RBL_AMI_DBLACK" {
score = 6.5;
description = "Message contains a domain listed in the Abusix Mail Intelligence Block list";
}
"RBL_AMI_NOD" {
score = 2.0;
description = "Message contains a domain listed in the Abusix Mail Intelligence Newly Observed Domains list";
}
"RBL_AMI_EMAILBL" {
score = 4.5;
description = "Message contains an email address listed in the Abusix Mail Intelligence Email block list";
}
"RBL_AMI_BTC" {
score = 6.5;
description = "Message contains a Bitcoin wallet address listed in the Abusix Mail Intelligence BTC Wallet block list";
}
"RBL_AMI_SHORTURL" {
score = 6.5;
description = "Message contains a Short URL listed in the Abusix Mail Intelligence Short URL block list";
}
"RBL_AMI_DISKURL" {
score = 6.5;
description = "Message contains a Disk URL listed in the Abusix Mail Intelligence Disk URL block list";
}
"RBL_AMI_ATTACH" {
score = 4.5;
description = "Message contains an attachment listed in the Abusix Mail Intelligence Attachment block list";
}
}
}/etc/rspamd/rspamd.local.lua
IMPORTANT:
If you use rsync, change the check_*_dns values to reflect the namespace in your local rbldnsd that should be queried.
You can comment out the relevant check_*_dns setting to disable the lookup.
local rregexp = require "rspamd_regexp"
local rlogger = require "rspamd_logger"
local rhash = require "rspamd_cryptobox_hash"
local rutil = require "lua_util"
local rip = require "rspamd_ip"
-- IMPORTANT: change <APIKEY> with the key from your account in app.abusix.com.
local ABUSIX_API_KEY = '<APIKEY>';
-- Comment any of the following lines out to disable the lookups
-- NOTE: if you run rbldnsd yourself and rsync the data then you might need to modify these.
local check_shorturls_dns = '.' .. ABUSIX_API_KEY .. '.shorthash.mail.abusix.zone.'
local check_diskurls_dns = '.' .. ABUSIX_API_KEY .. '.diskhash.mail.abusix.zone.'
local check_web_submission_dns = '.' .. ABUSIX_API_KEY .. '.combined.mail.abusix.zone.'
local check_btc_dns = '.' .. ABUSIX_API_KEY .. '.btc-wallets.mail-beta.abusix.zone.'
local re_short_path = rregexp.create_cached('/^(?!(?:[a-z]+|[A-Z]+|[0-9]+)$)[a-zA-Z0-9]{3,11}$/')
local check_shorturls_cb = function (task)
-- Disable checks if no DNS namespace is set-up
if not (check_shorturls_dns) then return false end
local function find_short_urls (url)
local path = url:get_path();
if (re_short_path:match(path)) then
return true
end
end
local shorturls = rutil.extract_specific_urls({
task = task,
limit = 5,
prefix = 'shorturls',
filter = find_short_urls
});
if (not shorturls) then return false end
local r = task:get_resolver()
for _, url in pairs(shorturls) do
-- Normalize
local surl = url:get_host():lower() .. '/' .. url:get_path()
local surl_hash = rhash.create_specific('sha1', surl):hex()
local lookup = surl_hash .. check_shorturls_dns
local function dns_cb(_,_,results,err)
if (not results) then return false end
if (tostring(results[1]) == '127.0.3.1') then
rlogger.errx('found URL %s (%s) in Short URL blacklist', surl, surl_hash)
return task:insert_result('RBL_AMI_SHORTURL', 1.0, surl);
end
end
r:resolve_a({ task = task, name = lookup , callback = dns_cb })
end
end
local check_shorturls = rspamd_config:register_symbol({
name = "RBL_AMI_SHORTURL",
type = "callback",
callback = check_shorturls_cb
});
local re_disk_urls = rregexp.create_cached('/^(?:drive\\.google\\.com$|yadi\\.sk$|disk\\.yandex\\.)/')
local check_diskurls_cb = function (task)
-- Disable checks if no DNS namespace is set-up
if not (check_diskurls_dns) then return false end
local function find_disk_urls (url)
local host = url:get_host():lower();
if (re_disk_urls:match(host)) then
return true
end
end
local diskurls = rutil.extract_specific_urls({
task = task,
limit = 5,
prefix = 'diskurls',
filter = find_disk_urls
});
if (not diskurls) then return false end
local r = task:get_resolver()
for _, url in pairs(diskurls) do
-- Normalize
local durl = url:get_host():lower() .. '/' .. url:get_path()
local durl_hash = rhash.create_specific('sha1', durl):hex()
local lookup = durl_hash .. check_diskurls_dns
local function dns_cb(_,_,results,err)
if (not results) then return false end
if (tostring(results[1]) == '127.0.3.2') then
rlogger.errx('found URL %s (%s) in Disk URL blacklist', durl, durl_hash)
return task:insert_result('RBL_AMI_DISKURL', 1.0, durl);
end
end
r:resolve_a({ task = task, name = lookup , callback = dns_cb })
end
end
local check_diskurls = rspamd_config:register_symbol({
name = "RBL_AMI_DISKURL",
type = "callback",
callback = check_diskurls_cb
});
local re_web_submission_ips = rregexp.create_cached('/for (.+)$/')
local check_web_submission_ips_cb = function (task)
-- Disable checks if no DNS namespace is set-up
if not (check_web_submission_dns) then return false end
local ips
if (task:has_header('x-php-script')) then
local h = task:get_header('x-php-script')
local m = re_web_submission_ips:search(h, false, true)
if (m and m[1] and m[1][2]) then
ips = m[1][2]
end
end
if (task:has_header('http-posting-client')) then
if (ips) then
ips = ips .. ' ' .. task:get_header('http-posting-client')
else
ips = task:get_header('http-posting-client')
end
end
if not (ips) then return false end
local dedup = {}
for ip in string.gmatch(ips, '([^, ]+)') do
dedup[ip] = true;
end
local c = task:get_from_ip()
local cip
if (c) then
cip = c:to_string()
end
local r = task:get_resolver()
for k, v in pairs(dedup) do
-- Exclude IPs that match the From IP
if (k ~= cip) then
local ip4 = rip.from_string(k)
if not (ip4) then goto continue end
local lookup = table.concat(ip4:inversed_str_octets(), '.') .. check_web_submission_dns
local function dns_cb(_,_,results,err)
rlogger.errx('lookup=%s, results=%s, err=%s', lookup, results, err)
if (not results) then return false end
for _, result in ipairs(results) do
if (tostring(result) == '127.0.0.4') then
return task:insert_result('RBL_AMI_BLACK_HTTP', 1.0, k);
end
end
end
r:resolve_a({ task = task, name = lookup , callback = dns_cb })
::continue::
end
end
end
local check_diskurls = rspamd_config:register_symbol({
name = "RBL_AMI_BLACK_HTTP",
type = "callback",
callback = check_web_submission_ips_cb
});
local btc_wallet_re = rregexp.create_cached('/(?:^|\\s)((?:[13]|bc1)[A-HJ-NP-Za-km-z1-9]{27,34})(?:\\s|$)/')
local check_btc_cb = function (task)
-- Disable checks if no DNS namespace is set-up
if not (check_btc_dns) then return false end
local parts = task:get_text_parts()
if not parts then return false end
local r = task:get_resolver()
for _, part in ipairs(parts) do
local words = part:get_words('raw')
for _, word in ipairs(words) do
local match = btc_wallet_re:match(word)
if match then
local btc_hash = rhash.create_specific('sha1', word):hex()
local lookup = btc_hash .. check_btc_dns
local function dns_cb(_,_,results,err)
if (not results) then return false end
if (tostring(results[1]) == '127.0.4.1') then
rlogger.errx('found BTC wallet %s (%s) in BTC Wallet blacklist', word, btc_hash)
return task:insert_result('RBL_AMI_BTC', 1.0, word);
end
end
r:resolve_a({ task = task, name = lookup , callback = dns_cb, forced = true })
end
end
end
end
local check_btc = rspamd_config:register_symbol({
name = "RBL_AMI_BTC",
type = "callback",
callback = check_btc_cb
});Replace <APIKEY> in all places with “Your API key” from your account in app.abusix.com.
Once you have created these files, restart rspamd.
Barracuda Email Firewall
To add Abusix Mail Intelligence
Go to BLOCK/ACCEPT -> IP Reputation in Barracuda, and under Custom External RBLs, add:
<APIKEY>.combined.mail.abusix.zoneReplace <APIKEY> with “Your API key” from your account in app.abusix.com.
And select "BLOCK.”
Example
Once set up, you will see "Blocked" items in the Message Log, and within those, the messages that Abusix Mail Intelligence blocked.
Example
Symantec Email Gateway
To add Abusix Mail Intelligence
In the Symantec Email Gateway appliance, in the Control Center, go to Reputation -> Bad Senders, ensure that 'Enable Third-Party Bad Sender detection' is enabled, click 'Add', and enter:
<APIKEY>.combined.mail.abusix.zone.Replace <APIKEY> with “Your API key” from your account in app.abusix.com.
Please make sure the Action is set to 'Reject SMTP Connection' and then click 'Save.’
Plesk
To add Abusix Mail Intelligence
In the Plesk console, go to "Tools & Settings" and "Mail Server Settings" under the "Mail" heading.
Scroll to the bottom of the page and enable the option "Turn on spam protection based on DNS blackhole lists,” then set "DNS zones for DNSBL service" to:
<APIKEY>.combined.mail.abusix.zone
Replace <APIKEY> with “Your API key” from your account in app.abusix.com.
Then click 'OK.'
SpamAssassin can also be installed on Plesk, allowing Abusix Mail Intelligence to provide additional filtering.
This can be installed by going to "Tools & Settings,” "Plesk,” "Updates,” "Add/Remove Components", expanding "Mail Hosting" by clicking the + next to it, selecting "Install" under "SpamAssassin" and click "Continue."
Once SpamAssassin is installed, you can use the following instructions to configure it to use Abusix Mail Intelligence. You will need to use SSH and edit the necessary files by hand, as Plesk does not provide a way to do this via the console.
Instructions
Edit local.cf (usually found in /etc/mail/spamassassin) as follows.
ifplugin Mail::SpamAssassin::Plugin::DNSEval
header __RCVD_IN_AMI eval:check_rbl('ami', '<APIKEY>.combined.mail.abusix.zone.')
describe __RCVD_IN_AMI Received via a relay in Abusix Mail Intelligence
tflags __RCVD_IN_AMI net
header RCVD_IN_AMI_BLACK eval:check_rbl_sub('ami', '^127\.0\.0\.(?:[23]|200)$')
describe RCVD_IN_AMI_BLACK Received via a relay in Abusix Mail Intelligence Black
score RCVD_IN_AMI_BLACK 3.0
tflags RCVD_IN_AMI_BLACK net
header RCVD_IN_AMI_EXPLOIT eval:check_rbl_sub('ami', '127.0.0.4')
describe RCVD_IN_AMI_EXPLOIT Received via a relay in Abusix Mail Intelligence Exploit
score RCVD_IN_AMI_EXPLOIT 3.0
tflags RCVD_IN_AMI_EXPLOIT net
header RCVD_IN_AMI_DYN eval:check_rbl('ami-lastexternal', '<APIKEY>.combined.mail.abusix.zone.', '^127\.0\.0\.1[12]$')
describe RCVD_IN_AMI_DYN Received via a relay in Abusix Mail Intelligence Dynamic
score RCVD_IN_AMI_DYN 3.0
tflags RCVD_IN_AMI_DYN net
header RCVD_IN_AMI_WHITE eval:check_rbl('ami-firsttrusted', '<APIKEY>.combined.mail.abusix.zone.', '127.0.2.1')
describe RCVD_IN_AMI_WHITE Received via a relay in Abusix Mail Intelligence White
score RCVD_IN_AMI_WHITE -0.1
tflags RCVD_IN_AMI_WHITE nice net
endif
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
urirhsbl URIBL_AMI_DBLACK <APIKEY>.dblack.mail.abusix.zone. A
body URIBL_AMI_DBLACK eval:check_uridnsbl('URIBL_AMI_DBLACK')
describe URIBL_AMI_DBLACK Contains a spam URL listed in the Abusix Mail Intelligence domain blocklist
score URIBL_AMI_DBLACK 3.0
tflags URIBL_AMI_DBLACK net
urirhssub URIBL_AMI_WHITE <APIKEY>.white.mail.abusix.zone. A 127.0.2.1
body URIBL_AMI_WHITE eval:check_uridnsbl('URIBL_AMI_WHITE')
describe URIBL_AMI_WHITE Contains a domain listed in the Abusix Mail Intelligence domain whitelist
score URIBL_AMI_WHITE -0.1
tflags URIBL_AMI_WHITE nice net
endifReplace <APIKEY> in all places with “Your API key” from your account in app.abusix.com.
Then restart SpamAssassin.
Once you have made these changes, run "systemctl restart spamassassin" to restart it.
CPanel
To add Abusix Mail Intelligence
- Log into WHM.
- On the left, select "Exim Configuration Manager,” then select the "RBLs" tab.
- Select "Manage Custom RBLs.”
- Under "Add a new RBL," enter the following:
Rbl Name: abusix
Rbl Info URL: https://lookup.abusix.com
Dns List: <APIKEY>.combined.mail.abusix.zone
(Replace <APIKEY> with Your API key from your account in - Replace <APIKEY> in all places with “Your API key” from your account in app.abusix.com.
- Click "Add" - you'll be shown a notification page directing you to enable it in your Configuration Editor, then rebuild your Exim config.
- Click "Exim Configuration Editor" and select the "RBLs" tab.
- To the right of "Custom RBL: abusix", select "On"
- Click "Save" to rebuild the Exim Configuration.
Cisco Email Security Appliance
To add Abusix Mail Intelligence
- In your Cisco Email Security Appliance, go to "Mail Policies" -> "HAT Overview"
- Click on the BLACKLIST or BLOCKED_LIST sender group (this depends on which version of the software you are running)
- Click Edit settings and under the DNS lists section, add <APIKEY>.combined.mail.abusix.zone. Replace <APIKEY> with “Your API key” from your account in app.abusix.com.
Learn more about Abusix Mail Intelligence
Send us a message
Having trouble with your setup or a technical issue? Get in touch with our team of Abusix experts.
Click the chat button at the bottom and send us your questions. Alternatively, you can email us at support@abusix.com
also, follow our LinkedIn Channel for updates & subscribe to our YouTube Channel for the latest Abusix how-to-videos.