1#
2# statistics.conf.sample
3# version 1.00,	1-1-08,	michael@bizsystems.com
4#
5my $conf = {
6#
7# Directory to store PID file
8#
9	PIDdir		=> '/var/run',
10
11# Source files for IP addresses.
12# Format:
13#	- blank lines are ignored
14#	- lines beginning with "#" or "[white space] #" are ignored
15#	- lines containg dot quad IP addresses are parsed for
16#	  the address. i.e ddd.ddd.ddd.ddd
17#
18# Spec may be a scalar filename or an array of scalars
19# i.e. '/some/file/name'  or ['file1','file2','etc...']
20#
21	FILES		=> ['./allips.txt','./n3allips.txt'],
22
23# A multi-formated array of IP address that will never be tarpitted.
24#
25# WARNING: if you are using a private network, then you should include the
26# address description for the net/subnets that you are using or you might
27# find your DMZ or internal mail servers blocked since many DNSBLS list the
28# private network addresses as BLACKLISTED
29#
30#       127./8, 10./8, 172.16/12, 192.168/16
31#
32#       class A         xxx.0.0.0/8		255.0.0.0
33#       class B         xxx.xxx.0.0/16		255.255.0.0
34#       class C         xxx.xxx.xxx.0/24	255.255.255.0
35#       128 subnet      xxx.xxx.xxx.xxx/25	255.255.255.128
36#        64 subnet      xxx.xxx.xxx.xxx/26	255.255.255.192
37#        32 subnet      xxx.xxx.xxx.xxx/27	255.255.255.224
38#        16 subnet      xxx.xxx.xxx.xxx/28	255.255.255.240
39#         8 subnet      xxx.xxx.xxx.xxx/29	255.255.255.248
40#         4 subnet      xxx.xxx.xxx.xxx/30	255.255.255.252
41#         2 subnet      xxx.xxx.xxx.xxx/31	255.255.255.254
42#       single address  xxx.xxx.xxx.xxx/32	255.255.255.255
43#
44  'IGNORE'      => [		# permanent whitelist
45#           # a single address
46#       '11.22.33.44',
47#           # a range of ip's, ONLY VALID WITHIN THE SAME CLASS 'C'
48#       '22.33.44.55 - 22.33.44.65',
49#           # a CIDR range
50#       '5.6.7.16/28',
51#           # a range specified with a netmask
52#       '7.8.9.128/255.255.255.240',
53#
54#	    # you may want these
55#	'10.0.0.0/8',
56#	'172.16.0.0/12',
57#	'192.168.0.0/16',
58
59            # this should ALWAYS be here
60        '127.0.0.0/8',  # ignore all test entries and localhost
61  ],
62
63# This configuration parameter is OPTIONAL as are its parameters.
64# This is an AGGRESSIVE spam fighting measure. If present a test
65# for GENERIC PTR records is performed to see if the returned PTR
66# record matches any of the match array regexp's
67#
68# NOTE: this test is performed AFTER all of the DNSBL checks so it
69# is invoked only if there are no other blocks in place.
70#
71# NOTE FURTHER: 	AGGRESSIVE -- AGGRESSIVE
72# generic PTR failures are added as permanent records to the zonefile
73# and are exported for zone transfers
74#
75# The parameters:
76#
77# ignore => [	an array of regular expressions to ignore
78#		before testing 'regexp', case insensitive
79#	],
80#
81# regexp => [	an array of regular expressions that are considered
82#		to mark the PTR record as "generic" BE CAREFUL!
83#		case insensitive
84#	],
85#
86# OPTIONAL
87
88  'GENERIC'	=> {
89	ignore	  => [
90		'dsl-only',
91	],
92	regexp	  => [	# test for these regular expression (case insensitive)
93		'\d+[a-zA-Z_\-\.]\d+[a-zA-Z_\-\.]\d+[a-zA-Z_\-\.]\d+|\d{12}',
94	# 180.Red-80-34-112.staticIP.rima-tde.net
95	# ip-90.net-89-3-110.rev.numericable.fr
96	# 216.subnet125-161-2.speedy.telkom.net.id
97	# 122.sub-75-199-30.myvzw.com
98		'\d+\.(?i:sub|subnet|net|Red)\-?\d+[a-zA-Z_\-\.]\d+[a-zA-Z_\-\.]\d+',
99	# athedsl-07371.home.otenet.gr
100		'athedsl-\d+',
101	# i59F4FA6C.versanet.de
102		'i5[93][0-9a-fA-F]+\.versa',
103	# 5aca3a11.bb.sky.com
104		'5ac[a-f0-9]+.+sky',
105	# bd049dda.virtua.com.br
106		'bd[a-f0-9]+.virtua\.com',
107	# 96.29.broadband7.iol.cz
108		'\d+\.\d+\.broadband',
109	# 10001260969.0000027323.acesso.oni.pt
110		'\d{11}\.\d{10}\.acesso',
111	# c951b999.virtua.com.br
112		'c[0-9a-f]{4,}\.virtua',
113	# u15271157.onlinehome-server.com
114	# s218047990.onlinehome.us
115		'(?:(u|s))\d+\.onlinehome',
116	# d193-24-154.home3.cgocable.net
117		'd\d+-\d+-\d+\.home\d+\.cgocable',
118	# CableLink167-178.telefonia.InterCable.net
119		'CableLink\d+-\d+\.tele',
120	# ner-as30564.alshamil.net.ae
121	# dxb-as76197.alshamil.net.ae
122	# auh-as43491.alshamil.net.ae
123		'(?:(auh|dxb|ner))-as\d+\.alshamil',
124	# p2175-ipbf516souka.saitama.ocn.ne.jp
125	# p2087-ipbfp701kobeminato.hyogo.ocn.ne.jp
126	# p4084-ipbfp502kyoto.kyoto.ocn.ne.jp
127		'p\d+-ipbf.+\.ne\.jp',
128#		'dynamic',
129	],
130# number of seconds to wait before declaring DNS response 'timed out'
131# default is 30 seconds
132# [OPTIONAL]
133
134	timeout	=> 15,
135  },
136
137# FOR A COMPREHENSIVE LIST OF ALL DNSBL ZONES, SEE:
138#	http://www.openrbl.org
139# click "zones"
140#
141# all dnsbl servers must have a record a config entry as follows:
142#
143# 'zone.name'	=> {
144#	accept	    => {	# a list of codes that are ok to add to tarpit from this DNSBL
145#	 	'127.0.0.2' => 'reason',
146#		'127.0.0.3' => 'reason',
147#	},
148#
149#  WARNING !!! DO NOT USE THIS OPTION WITH DNSBL HOSTS THAT REPORT TARPIT ACTIVITY
150#
151#	confirm     => 1,			# optional, confirmation of acceptance of non - 127.0.0.2 codes
152#
153#	response    => '127.0.0.3',		# optional, our default response code for records
154#						# added because of queries to this DNSBL server
155#						# this code will be ignored if it is < 127.0.0.3
156#						# and 127.0.0.3 will be used in its place
157#
158#  error message to use with this host.
159#  NOTE: if the DNSBL supplies a TXT record and it contains the string "http://something..." or
160#  "www.something..." then that will be use for the error string for the matching A record.
161#  Otherwise, the error string below will be appended to the whatever TXT is returned by the
162#  DNSBL. If no TXT is returned, then the "reason" code from the "accept" line for the matching
163#  127.0.0.X code will be use and the error code below will be appended.
164#
165#	timeout	    => 30,	# default seconds to wait for dnsbl query to timeout
166
167# WARNING!!     The default timeout in sendmail for DNS queries is "5 seconds"
168#		If this configuration is used with Net::DNSBL::MultiDaemon it is
169#		recommended that the timeouts here be set to 5 seconds and that the
170#		timeout parameter in the SENDMAIL m4 configuration build file for lookups be
171#		extended to at least 15 seconds -- particularly if you invoke reverse lookups
172#		with the in-addr.arpa parameter below.
173#
174#	define(`confTO_RESOLVER_RETRANS_FIRST', `15s')dnl
175#	  or
176#	define(`confTO_RESOLVER_RETRANS', `15s')dnl
177#
178#	see: http://www.sendmail.org/m4/tweaking_config.html
179#
180#	Similar precautions must be taken for other MTA's
181#
182
183# To check that ip addresses have some kind of reverse DNS entry, add a zone
184# for in-addr.arpa as shown below. You must have reverse DNS entries for
185# ip blocks 127, 10, 172, 192 or use the IGNORE blocks above to prevent
186# rejects for these address blocks as they DO NOT HAVE worldwide RDNS
187
188  'in-addr.arpa'	=> {    # check for lack of reverse DNS
189  # accept is not needed for reverse DNS checking
190	timeout     => 5,
191  },
192
193# working, sample file entries
194
195  'bogons.cymru.com'	=> {	# see http://www.cymru.com/Bogons/#dns
196	accept	=> {    # list of codes for which we tarpit
197		'127.0.0.2'  => 'bogon',
198	},
199	timeout		=> '30',
200  },
201
202  'dnsbl.sorbs.net'	=> {	# see http://www.dnsbl.sorbs.net/using.html
203	accept	=> {	# list of codes for which we tarpit
204		'127.0.0.2'  =>	'open http proxie',
205		'127.0.0.3'  =>	'open socks proxie',
206		'127.0.0.4'  =>	'open proxy server',
207		'127.0.0.5'  =>	'open smtp relay',
208#		'127.0.0.6'  =>	'spam supporting ISP',
209		'127.0.0.7'  =>	'open web - form mail servers',
210		'127.0.0.8'  =>	'blocked hosts',
211		'127.0.0.9'  =>	'zombie - hijacked netblock',
212		'127.0.0.10' =>	'dynamic address range',
213		'127.0.0.11' =>	'bad config -- MX or A records inaccurate',
214		'127.0.0.12' =>	'no mail ever sent from these domains',
215  	},
216	timeout		=> '15',
217  },
218
219  'dnsbl.njabl.org'	=> {	# see http://dnsbl.njabl.org/use.html
220	accept	=> {	# list of codes for which we tarpit
221		'127.0.0.2'  =>	'open relays',
222		'127.0.0.3'  =>	'dial-up/dynamic IP ranges',
223		'127.0.0.4'  =>	'spam sources',
224		'127.0.0.5'  =>	'multi-stage openrelay',
225		'127.0.0.8'  =>	'open web - form mail servers',
226		'127.0.0.9'  =>	'open proxy servers',
227	},
228	timeout		=> '15',
229  },
230
231  'cbl.abuseat.org'	=> {	# see http://cbl.abuseat.org
232	accept  => {
233		'127.0.0.2' => '',
234	},
235	timeout		=> '15',
236  },
237
238  'zen.spamhaus.org'	=> {	# see http://www.spamhaus.org
239	accept	=> {
240		'127.0.0.2' => '',
241	},
242	timeout		=> '15',
243  },
244
245  'dynablock.njabl.org'	=> {	# see http://dnsbl.njabl.org/use.html
246	accept => {
247		'127.0.0.3' => 'dynamic IP address not allowed',
248	},
249	timeout		=> '15',
250  },
251
252  'list.dsbl.org'       => {    # see http://dsbl.org
253	accept => {
254		'127.0.0.2' => '',
255	},
256	timeout		=> '15',
257  },
258
259# OPTIONAL import parameter, import these keys from this file
260#
261# NOTE:	import values will add to and overwrite keys that
262#	are already in this array
263#
264  IMPORT	=> {
265	FILE	=> '/usr/local/spamcannibal/config/sc_BlackList.conf',
266
267#	regular expression that describes the keys to import
268	KEYexp	=> 'GENERIC|IGNORE|[0-9a-zA-Z]+\.[0-9a-zA-Z]+',
269  },
270};
271