Skip to content

Integrations

Connect vspam.org to your infrastructure using the DNSBL, REST API, or threat feeds. Configuration snippets are provided for the most common mail servers and security tools.

Recommended: vspam-agent

Lightweight Go daemon with local caching, fail-open design, and automatic threat reporting. Supports Postfix natively and any MTA via HTTP check API (Exim, OpenSMTPD, Sendmail, etc.).

Download Agent

Firewall & Network Devices

Plain-text blocklists for Palo Alto, FortiGate, pfSense, Juniper SRX, iptables, MikroTik, and more.

Setup Guides

vspam-agent (Recommended)

The agent provides native Postfix policy delegation and an HTTP check API on 127.0.0.1:10046 for all other MTAs. Enable with http_enabled: true in agent.yml.

Postfix (Agent)main.cf
# vspam-agent speaks Postfix policy delegation natively
smtpd_recipient_restrictions =
  ...
  check_policy_service unix:/var/run/vspam/agent.sock
Exim (Agent)ACL config
# In acl_check_rcpt or acl_check_data — queries vspam-agent HTTP API
deny
  set acl_m_vspam = ${readsocket{inet:127.0.0.1:10046}    {GET /check?sender_domain=${domain:$sender_address}    &client_ip=$sender_host_address HTTP/1.0\r\n\r\n}{5s}{}{}}
  condition = ${if match{$acl_m_vspam}{"malicious.*true"}}
  message = 550 Sender blocked by vspam.org
OpenSMTPD (Agent)filter script
#!/bin/sh
# /usr/local/libexec/vspam-filter.sh
RESULT=$(curl -sf "http://127.0.0.1:10046/check?sender_domain=$1&client_ip=$2")
if echo "$RESULT" | grep -q '"malicious":true'; then
  echo "reject"
else
  echo "accept"
fi
Any MTA (Agent)curl
# Query the vspam-agent HTTP check API from any script or MTA
curl -s "http://127.0.0.1:10046/check?sender_domain=example.com&client_ip=1.2.3.4"
# → {"malicious":false,"action":"allow"}
# → {"malicious":true,"reason":"...","action":"reject"}

Mail Servers (DNSBL)

Postfixmain.cf
smtpd_recipient_restrictions =
  ...
  reject_rbl_client dnsbl.vspam.org
EximACL config
deny
  dnslists = dnsbl.vspam.org
  message = Rejected: listed on vspam.org DNSBL
rspamdlocal.d/rbl.conf
rbls {
  vspam {
    symbol = "RBL_VSPAM";
    rbl = "dnsbl.vspam.org";
    ipv6 = true;
  }
}
SpamAssassinlocal.cf
header   RCVD_IN_VSPAM eval:check_rbl('vspam', 'dnsbl.vspam.org.')
describe RCVD_IN_VSPAM Listed on vspam.org DNSBL
score    RCVD_IN_VSPAM 3.0
Sendmailsendmail.mc
dnl Add vspam.org DNSBL
FEATURE(`dnsbl', `dnsbl.vspam.org', `"550 Rejected: listed on vspam.org"')dnl
Harakaconfig/dnsbl.ini
; vspam.org DNSBL for Haraka (Node.js MTA)
zones=dnsbl.vspam.org

[dnsbl.vspam.org]
reject=true
msg=Rejected: listed on vspam.org DNSBL
Amavisamavisd.conf
# Add vspam.org to Amavis RBL checks
@rbl_maps = (
  '127.0.0.2' => 'Listed on vspam.org DNSBL',
);
$rbl_domain = 'dnsbl.vspam.org';

Security Tools

Fail2Ban/etc/fail2ban/action.d/vspam.conf

Auto-report banned IPs to vspam.org when Fail2Ban triggers an action.

# /etc/fail2ban/action.d/vspam.conf
[Definition]
actionban = curl -s -X POST https://api.vspam.org/api/v1/reports \
  -H "X-API-Key: <YOUR_KEY>" \
  -H "Content-Type: application/json" \
  -d '{"ioc_type":"ip","ioc_value":"<ip>","category":"spam","evidence":"Fail2Ban: <name> jail"}'
Firewall (iptables / nftables)

Download the CSV feed and apply IP blocks directly to your firewall ruleset.

# Download and apply blocklist
curl -s -H "X-API-Key: <KEY>" https://api.vspam.org/api/v1/feeds/csv \
  | tail -n +2 | cut -d',' -f2 | grep -E '^[0-9]' \
  | while read ip; do iptables -A INPUT -s "$ip" -j DROP; done

Threat Feeds

Pull confirmed IOCs in structured formats for bulk ingestion into OpenCTI, MISP, or Cortex XSOAR. All feed endpoints require an API key except TAXII.

STIX 2.1
GET /api/v1/feeds/stix
requires auth
MISP
GET /api/v1/feeds/misp
requires auth
CSV
GET /api/v1/feeds/csv
requires auth
JSON
GET /api/v1/feeds/json
requires auth
Plain Text
GET /api/v1/feeds/txt
requires auth
TAXII 2.1
GET /taxii2/
public, rate-limited

API Quick Start

Common curl examples — replace <KEY> with your API key from the account page.

# Check an IP
curl https://api.vspam.org/api/v1/rbl/check?ip=192.0.2.1

# Search reports
curl https://api.vspam.org/api/v1/public/reports?q=example.com

# Submit a report (authenticated)
curl -X POST https://api.vspam.org/api/v1/reports \
  -H "X-API-Key: <KEY>" \
  -d '{"ioc_type":"url","ioc_value":"https://phish.example.com","category":"phishing"}'

SDK Examples

Query the vspam.org API from your application. Replace <KEY> with your API key.

Pythonrequests
import requests

API = "https://api.vspam.org/api/v1"
KEY = "<KEY>"

# Check an IOC
r = requests.get(f"{API}/rbl/check",
    params={"ip": "192.0.2.1"})
print(r.json())

# Submit a report
requests.post(f"{API}/reports",
    headers={"X-API-Key": KEY},
    json={"ioc_type": "url",
          "ioc_value": "https://phish.example.com",
          "category": "phishing"})
Gonet/http
package main

import (
    "fmt"
    "io"
    "net/http"
)

func main() {
    resp, _ := http.Get(
        "https://api.vspam.org/api/v1/rbl/check?ip=192.0.2.1")
    defer resp.Body.Close()
    body, _ := io.ReadAll(resp.Body)
    fmt.Println(string(body))
}
Node.jsfetch
const API = "https://api.vspam.org/api/v1";
const KEY = "<KEY>";

// Check an IOC
const res = await fetch(
  `${API}/rbl/check?ip=192.0.2.1`);
console.log(await res.json());

// Submit a report
await fetch(`${API}/reports`, {
  method: "POST",
  headers: {
    "X-API-Key": KEY,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    ioc_type: "domain",
    ioc_value: "phish.example.com",
    category: "phishing",
  }),
});
PowerShellInvoke-RestMethod
$api = "https://api.vspam.org/api/v1"

# Check an IOC
Invoke-RestMethod "$api/rbl/check?ip=192.0.2.1"

# Submit a report
$headers = @{ "X-API-Key" = "<KEY>" }
$body = @{
    ioc_type  = "ip"
    ioc_value = "185.234.72.19"
    category  = "spam"
} | ConvertTo-Json

Invoke-RestMethod "$api/reports" `
    -Method Post -Headers $headers `
    -Body $body -ContentType "application/json"

Need help? Check the API documentation or FAQ. For SIEM and threat intel platform guides, see SIEM Integrations and Threat Intel Platforms.