1# 2# statistics.conf.sample 3# version 1.00, 1-1-08, michael@bizsystems.com 4# 5my $conf = { 6# 7# Directory to store PID file 8# 9 PIDdir => '/var/run', 10 11# Source files for IP addresses. 12# Format: 13# - blank lines are ignored 14# - lines beginning with "#" or "[white space] #" are ignored 15# - lines containg dot quad IP addresses are parsed for 16# the address. i.e ddd.ddd.ddd.ddd 17# 18# Spec may be a scalar filename or an array of scalars 19# i.e. '/some/file/name' or ['file1','file2','etc...'] 20# 21 FILES => ['./allips.txt','./n3allips.txt'], 22 23# A multi-formated array of IP address that will never be tarpitted. 24# 25# WARNING: if you are using a private network, then you should include the 26# address description for the net/subnets that you are using or you might 27# find your DMZ or internal mail servers blocked since many DNSBLS list the 28# private network addresses as BLACKLISTED 29# 30# 127./8, 10./8, 172.16/12, 192.168/16 31# 32# class A xxx.0.0.0/8 255.0.0.0 33# class B xxx.xxx.0.0/16 255.255.0.0 34# class C xxx.xxx.xxx.0/24 255.255.255.0 35# 128 subnet xxx.xxx.xxx.xxx/25 255.255.255.128 36# 64 subnet xxx.xxx.xxx.xxx/26 255.255.255.192 37# 32 subnet xxx.xxx.xxx.xxx/27 255.255.255.224 38# 16 subnet xxx.xxx.xxx.xxx/28 255.255.255.240 39# 8 subnet xxx.xxx.xxx.xxx/29 255.255.255.248 40# 4 subnet xxx.xxx.xxx.xxx/30 255.255.255.252 41# 2 subnet xxx.xxx.xxx.xxx/31 255.255.255.254 42# single address xxx.xxx.xxx.xxx/32 255.255.255.255 43# 44 'IGNORE' => [ # permanent whitelist 45# # a single address 46# '11.22.33.44', 47# # a range of ip's, ONLY VALID WITHIN THE SAME CLASS 'C' 48# '22.33.44.55 - 22.33.44.65', 49# # a CIDR range 50# '5.6.7.16/28', 51# # a range specified with a netmask 52# '7.8.9.128/255.255.255.240', 53# 54# # you may want these 55# '10.0.0.0/8', 56# '172.16.0.0/12', 57# '192.168.0.0/16', 58 59 # this should ALWAYS be here 60 '127.0.0.0/8', # ignore all test entries and localhost 61 ], 62 63# This configuration parameter is OPTIONAL as are its parameters. 64# This is an AGGRESSIVE spam fighting measure. If present a test 65# for GENERIC PTR records is performed to see if the returned PTR 66# record matches any of the match array regexp's 67# 68# NOTE: this test is performed AFTER all of the DNSBL checks so it 69# is invoked only if there are no other blocks in place. 70# 71# NOTE FURTHER: AGGRESSIVE -- AGGRESSIVE 72# generic PTR failures are added as permanent records to the zonefile 73# and are exported for zone transfers 74# 75# The parameters: 76# 77# ignore => [ an array of regular expressions to ignore 78# before testing 'regexp', case insensitive 79# ], 80# 81# regexp => [ an array of regular expressions that are considered 82# to mark the PTR record as "generic" BE CAREFUL! 83# case insensitive 84# ], 85# 86# OPTIONAL 87 88 'GENERIC' => { 89 ignore => [ 90 'dsl-only', 91 ], 92 regexp => [ # test for these regular expression (case insensitive) 93 '\d+[a-zA-Z_\-\.]\d+[a-zA-Z_\-\.]\d+[a-zA-Z_\-\.]\d+|\d{12}', 94 # 180.Red-80-34-112.staticIP.rima-tde.net 95 # ip-90.net-89-3-110.rev.numericable.fr 96 # 216.subnet125-161-2.speedy.telkom.net.id 97 # 122.sub-75-199-30.myvzw.com 98 '\d+\.(?i:sub|subnet|net|Red)\-?\d+[a-zA-Z_\-\.]\d+[a-zA-Z_\-\.]\d+', 99 # athedsl-07371.home.otenet.gr 100 'athedsl-\d+', 101 # i59F4FA6C.versanet.de 102 'i5[93][0-9a-fA-F]+\.versa', 103 # 5aca3a11.bb.sky.com 104 '5ac[a-f0-9]+.+sky', 105 # bd049dda.virtua.com.br 106 'bd[a-f0-9]+.virtua\.com', 107 # 96.29.broadband7.iol.cz 108 '\d+\.\d+\.broadband', 109 # 10001260969.0000027323.acesso.oni.pt 110 '\d{11}\.\d{10}\.acesso', 111 # c951b999.virtua.com.br 112 'c[0-9a-f]{4,}\.virtua', 113 # u15271157.onlinehome-server.com 114 # s218047990.onlinehome.us 115 '(?:(u|s))\d+\.onlinehome', 116 # d193-24-154.home3.cgocable.net 117 'd\d+-\d+-\d+\.home\d+\.cgocable', 118 # CableLink167-178.telefonia.InterCable.net 119 'CableLink\d+-\d+\.tele', 120 # ner-as30564.alshamil.net.ae 121 # dxb-as76197.alshamil.net.ae 122 # auh-as43491.alshamil.net.ae 123 '(?:(auh|dxb|ner))-as\d+\.alshamil', 124 # p2175-ipbf516souka.saitama.ocn.ne.jp 125 # p2087-ipbfp701kobeminato.hyogo.ocn.ne.jp 126 # p4084-ipbfp502kyoto.kyoto.ocn.ne.jp 127 'p\d+-ipbf.+\.ne\.jp', 128# 'dynamic', 129 ], 130# number of seconds to wait before declaring DNS response 'timed out' 131# default is 30 seconds 132# [OPTIONAL] 133 134 timeout => 15, 135 }, 136 137# FOR A COMPREHENSIVE LIST OF ALL DNSBL ZONES, SEE: 138# http://www.openrbl.org 139# click "zones" 140# 141# all dnsbl servers must have a record a config entry as follows: 142# 143# 'zone.name' => { 144# accept => { # a list of codes that are ok to add to tarpit from this DNSBL 145# '127.0.0.2' => 'reason', 146# '127.0.0.3' => 'reason', 147# }, 148# 149# WARNING !!! DO NOT USE THIS OPTION WITH DNSBL HOSTS THAT REPORT TARPIT ACTIVITY 150# 151# confirm => 1, # optional, confirmation of acceptance of non - 127.0.0.2 codes 152# 153# response => '127.0.0.3', # optional, our default response code for records 154# # added because of queries to this DNSBL server 155# # this code will be ignored if it is < 127.0.0.3 156# # and 127.0.0.3 will be used in its place 157# 158# error message to use with this host. 159# NOTE: if the DNSBL supplies a TXT record and it contains the string "http://something..." or 160# "www.something..." then that will be use for the error string for the matching A record. 161# Otherwise, the error string below will be appended to the whatever TXT is returned by the 162# DNSBL. If no TXT is returned, then the "reason" code from the "accept" line for the matching 163# 127.0.0.X code will be use and the error code below will be appended. 164# 165# timeout => 30, # default seconds to wait for dnsbl query to timeout 166 167# WARNING!! The default timeout in sendmail for DNS queries is "5 seconds" 168# If this configuration is used with Net::DNSBL::MultiDaemon it is 169# recommended that the timeouts here be set to 5 seconds and that the 170# timeout parameter in the SENDMAIL m4 configuration build file for lookups be 171# extended to at least 15 seconds -- particularly if you invoke reverse lookups 172# with the in-addr.arpa parameter below. 173# 174# define(`confTO_RESOLVER_RETRANS_FIRST', `15s')dnl 175# or 176# define(`confTO_RESOLVER_RETRANS', `15s')dnl 177# 178# see: http://www.sendmail.org/m4/tweaking_config.html 179# 180# Similar precautions must be taken for other MTA's 181# 182 183# To check that ip addresses have some kind of reverse DNS entry, add a zone 184# for in-addr.arpa as shown below. You must have reverse DNS entries for 185# ip blocks 127, 10, 172, 192 or use the IGNORE blocks above to prevent 186# rejects for these address blocks as they DO NOT HAVE worldwide RDNS 187 188 'in-addr.arpa' => { # check for lack of reverse DNS 189 # accept is not needed for reverse DNS checking 190 timeout => 5, 191 }, 192 193# working, sample file entries 194 195 'bogons.cymru.com' => { # see http://www.cymru.com/Bogons/#dns 196 accept => { # list of codes for which we tarpit 197 '127.0.0.2' => 'bogon', 198 }, 199 timeout => '30', 200 }, 201 202 'dnsbl.sorbs.net' => { # see http://www.dnsbl.sorbs.net/using.html 203 accept => { # list of codes for which we tarpit 204 '127.0.0.2' => 'open http proxie', 205 '127.0.0.3' => 'open socks proxie', 206 '127.0.0.4' => 'open proxy server', 207 '127.0.0.5' => 'open smtp relay', 208# '127.0.0.6' => 'spam supporting ISP', 209 '127.0.0.7' => 'open web - form mail servers', 210 '127.0.0.8' => 'blocked hosts', 211 '127.0.0.9' => 'zombie - hijacked netblock', 212 '127.0.0.10' => 'dynamic address range', 213 '127.0.0.11' => 'bad config -- MX or A records inaccurate', 214 '127.0.0.12' => 'no mail ever sent from these domains', 215 }, 216 timeout => '15', 217 }, 218 219 'dnsbl.njabl.org' => { # see http://dnsbl.njabl.org/use.html 220 accept => { # list of codes for which we tarpit 221 '127.0.0.2' => 'open relays', 222 '127.0.0.3' => 'dial-up/dynamic IP ranges', 223 '127.0.0.4' => 'spam sources', 224 '127.0.0.5' => 'multi-stage openrelay', 225 '127.0.0.8' => 'open web - form mail servers', 226 '127.0.0.9' => 'open proxy servers', 227 }, 228 timeout => '15', 229 }, 230 231 'cbl.abuseat.org' => { # see http://cbl.abuseat.org 232 accept => { 233 '127.0.0.2' => '', 234 }, 235 timeout => '15', 236 }, 237 238 'zen.spamhaus.org' => { # see http://www.spamhaus.org 239 accept => { 240 '127.0.0.2' => '', 241 }, 242 timeout => '15', 243 }, 244 245 'dynablock.njabl.org' => { # see http://dnsbl.njabl.org/use.html 246 accept => { 247 '127.0.0.3' => 'dynamic IP address not allowed', 248 }, 249 timeout => '15', 250 }, 251 252 'list.dsbl.org' => { # see http://dsbl.org 253 accept => { 254 '127.0.0.2' => '', 255 }, 256 timeout => '15', 257 }, 258 259# OPTIONAL import parameter, import these keys from this file 260# 261# NOTE: import values will add to and overwrite keys that 262# are already in this array 263# 264 IMPORT => { 265 FILE => '/usr/local/spamcannibal/config/sc_BlackList.conf', 266 267# regular expression that describes the keys to import 268 KEYexp => 'GENERIC|IGNORE|[0-9a-zA-Z]+\.[0-9a-zA-Z]+', 269 }, 270}; 271