1# SB-BLOCKLISTS-BODY.RC
2#
3# SpamBouncer Blocklist Message Body Checks
4#
5# This series of recipes checks IPs and/or domains against
6# the configured blacklists.
7#
8# Last Updated: 3/20/2017
9
10LOCALTAG=no
11
12# Internal "All-In" Blocklist Checks
13#
14#  This recipe checks for pseudo-domains that bypass normal
15#  DNS and blocks that email.
16#
17
18:0
19* ! FIRSTBODYDOMAIN ?? ^example\.com$
20* FIRSTBODYDOMAIN ?? ^([0-9a-z������������������������������������]\
21                       [-0-9a-z������������������������������������]*\.)+\
22                       (bit|onion)$
23{
24 SBLOG="C3T-${TESTNAME} (Internal All-In: First Body Domain ${FIRSTBODYDOMAIN})"
25 INCLUDERC=${SBDIR}/functions/loglevel.rc
26
27 :0
28 * $ ${LOCALSCORE}^0
29 * 5^0
30 { LOCALSCORE=$= }
31}
32
33INCLUDERC=${SBDIR}/functions/test-threshold.rc
34
35:0
36* ! SBCONFIG ?? ^(Analyze|Debug)$
37* SPAMTAG ?? ^yes$
38{ LOCALTAG=yes }
39
40:0
41* ! SECONDBODYDOMAIN ?? ^example\.com$
42* $ ! SECONDBODYDOMAIN ?? ^${FIRSTBODYDOMAIN}$
43* SECONDBODYDOMAIN ?? ^([0-9a-z������������������������������������]\
44                        [-0-9a-z������������������������������������]*\.)+\
45                        (bit|onion)$
46{
47 SBLOG="C3T-${TESTNAME} (Internal All-In: Second Body Domain ${SECONDBODYDOMAIN})"
48 INCLUDERC=${SBDIR}/functions/loglevel.rc
49
50 :0
51 * $ ${LOCALSCORE}^0
52 * 5^0
53 { LOCALSCORE=$= }
54}
55
56INCLUDERC=${SBDIR}/functions/test-threshold.rc
57
58:0
59* ! SBCONFIG ?? ^(Analyze|Debug)$
60* SPAMTAG ?? ^yes$
61{ LOCALTAG=yes }
62
63:0
64* ! THIRDBODYDOMAIN ?? ^example\.com$
65* $ ! THIRDBODYDOMAIN ?? ^${FIRSTBODYDOMAIN}$
66* $ ! THIRDBODYDOMAIN ?? ^${SECONDBODYDOMAIN}$
67* THIRDBODYDOMAIN ?? ^([0-9a-z������������������������������������]\
68                       [-0-9a-z������������������������������������]*\.)+\
69                       (bit|onion)$
70{
71 SBLOG="C3T-${TESTNAME} (Internal All-In: Third Body Domain ${THIRDBODYDOMAIN})"
72 INCLUDERC=${SBDIR}/functions/loglevel.rc
73
74 :0
75 * $ ${LOCALSCORE}^0
76 * 5^0
77 { LOCALSCORE=$= }
78}
79
80INCLUDERC=${SBDIR}/functions/test-threshold.rc
81
82:0
83* ! SBCONFIG ?? ^(Analyze|Debug)$
84* SPAMTAG ?? ^yes$
85{ LOCALTAG=yes }
86
87:0
88* ! FOURTHBODYDOMAIN ?? ^example\.com$
89* $ ! FOURTHBODYDOMAIN ?? ^${FIRSTBODYDOMAIN}$
90* $ ! FOURTHBODYDOMAIN ?? ^${SECONDBODYDOMAIN}$
91* $ ! FOURTHBODYDOMAIN ?? ^${THIRDBODYDOMAIN}$
92* FOURTHBODYDOMAIN ?? ^([0-9a-z������������������������������������]\
93                        [-0-9a-z������������������������������������]*\.)+\
94                        (bit|onion)$
95{
96 SBLOG="C3T-${TESTNAME} (Internal All-In: Fourth Body Domain ${FOURTHBODYDOMAIN})"
97 INCLUDERC=${SBDIR}/functions/loglevel.rc
98
99 :0
100 * $ ${LOCALSCORE}^0
101 * 5^0
102 { LOCALSCORE=$= }
103}
104
105INCLUDERC=${SBDIR}/functions/test-threshold.rc
106
107:0
108* ! SBCONFIG ?? ^(Analyze|Debug)$
109* SPAMTAG ?? ^yes$
110{ LOCALTAG=yes }
111
112# Spamhaus DBL Blocklist
113#
114#  Checks the SpamHaus Domains Blocklist (DBL), which uses
115#  a different zone than the Spamhaus IP-based blocklists do.
116#  That means a separate recipe.
117
118LT2=no
119
120:0
121* DBLCHECK ?? ^yes$
122{ LT2=yes }
123
124:0
125* DBLREDIRCHECK ?? ^yes$
126{ LT2=yes }
127
128# Check First URI Domain.
129#
130:0
131* LOCALTAG ?? ^no$
132* LT2 ?? ^yes$
133* ! FIRSTBODYDOMAIN ?? ^example\.com$
134{
135 LT5=no
136 LOCALDESCRIPTION="Body Domain:"
137 LOCALCHECK=${FIRSTBODYDOMAIN}
138 LISTSERVER="dbl.spamhaus.org"
139
140 :0
141 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
142
143 :0
144 * DBLCHECK ?? ^yes$
145 {
146  LISTNAME="DBL"
147  LISTRESPONSE="127\.0\.1\.2"
148  LISTSCORE="5"
149  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
150 }
151
152 :0
153 * DBLREDIRCHECK ?? ^yes$
154 {
155  LISTNAME="DBL (Redirectors)"
156  LISTRESPONSE="127\.0\.1\.3"
157  LISTSCORE="3"
158  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
159 }
160
161 LISTSERVER='localhost'
162 LOCALDESCRIPTION='Null'
163}
164
165INCLUDERC=${SBDIR}/functions/test-threshold.rc
166
167:0
168* ! SBCONFIG ?? ^(Analyze|Debug)$
169* SPAMTAG ?? ^yes$
170{ LOCALTAG=yes }
171
172# Check Second URI Domain.
173#
174:0
175* LOCALTAG ?? ^no$
176* LT2 ?? ^yes$
177* ! SECONDBODYDOMAIN ?? ^example\.com$
178* $ ! SECONDBODYDOMAIN ?? ${FIRSTBODYDOMAIN}
179{
180 LT5=no
181 LOCALDESCRIPTION="Body Domain:"
182 LOCALCHECK=${SECONDBODYDOMAIN}
183 LISTSERVER="dbl.spamhaus.org"
184
185 :0
186 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
187
188 :0
189 * DBLCHECK ?? ^yes$
190 {
191  LISTNAME="DBL"
192  LISTRESPONSE="127\.0\.1\.2"
193  LISTSCORE="5"
194  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
195 }
196
197 :0
198 * DBLREDIRCHECK ?? ^yes$
199 {
200  LISTNAME="DBL (Redirectors)"
201  LISTRESPONSE="127\.0\.1\.3"
202  LISTSCORE="3"
203  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
204 }
205
206 LISTSERVER='localhost'
207 LOCALDESCRIPTION='Null'
208}
209
210INCLUDERC=${SBDIR}/functions/test-threshold.rc
211
212:0
213* ! SBCONFIG ?? ^(Analyze|Debug)$
214* SPAMTAG ?? ^yes$
215{ LOCALTAG=yes }
216
217# Check Third URI Domain.
218#
219:0
220* LOCALTAG ?? ^no$
221* LT2 ?? ^yes$
222* ! THIRDBODYDOMAIN ?? ^example\.com$
223* $ ! THIRDBODYDOMAIN ?? ${FIRSTBODYDOMAIN}
224* $ ! THIRDBODYDOMAIN ?? ${SECONDBODYDOMAIN}
225{
226 LT5=no
227 LOCALDESCRIPTION="Body Domain:"
228 LOCALCHECK=${THIRDBODYDOMAIN}
229 LISTSERVER="dbl.spamhaus.org"
230
231 :0
232 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
233
234 :0
235 * DBLCHECK ?? ^yes$
236 {
237  LISTNAME="DBL"
238  LISTRESPONSE="127\.0\.1\.2"
239  LISTSCORE="5"
240  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
241 }
242
243 :0
244 * DBLREDIRCHECK ?? ^yes$
245 {
246  LISTNAME="DBL (Redirectors)"
247  LISTRESPONSE="127\.0\.1\.3"
248  LISTSCORE="3"
249  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
250 }
251
252 LISTSERVER='localhost'
253 LOCALDESCRIPTION='Null'
254}
255
256INCLUDERC=${SBDIR}/functions/test-threshold.rc
257
258:0
259* ! SBCONFIG ?? ^(Analyze|Debug)$
260* SPAMTAG ?? ^yes$
261{ LOCALTAG=yes }
262
263# Check Fourth URI Domain.
264#
265:0
266* LOCALTAG ?? ^no$
267* LT2 ?? ^yes$
268* ! FOURTHBODYDOMAIN ?? ^example\.com$
269* $ ! FOURTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN}
270* $ ! FOURTHBODYDOMAIN ?? ${SECONDBODYDOMAIN}
271* $ ! FOURTHBODYDOMAIN ?? ${THIRDBODYDOMAIN}
272{
273 LT5=no
274 LOCALDESCRIPTION="Body Domain:"
275 LOCALCHECK=${FOURTHBODYDOMAIN}
276 LISTSERVER="dbl.spamhaus.org"
277
278 :0
279 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
280
281 :0
282 * DBLCHECK ?? ^yes$
283 {
284  LISTNAME="DBL"
285  LISTRESPONSE="127\.0\.1\.2"
286  LISTSCORE="5"
287  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
288 }
289
290 :0
291 * DBLREDIRCHECK ?? ^yes$
292 {
293  LISTNAME="DBL (Redirectors)"
294  LISTRESPONSE="127\.0\.1\.3"
295  LISTSCORE="3"
296  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
297 }
298
299 LISTSERVER='localhost'
300 LOCALDESCRIPTION='Null'
301}
302
303INCLUDERC=${SBDIR}/functions/test-threshold.rc
304
305:0
306* ! SBCONFIG ?? ^(Analyze|Debug)$
307* SPAMTAG ?? ^yes$
308{ LOCALTAG=yes }
309
310# Check Fifth URI Domain.
311#
312:0
313* LOCALTAG ?? ^no$
314* LT2 ?? ^yes$
315* ! FIFTHBODYDOMAIN ?? ^example\.com$
316* $ ! FIFTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN}
317* $ ! FIFTHBODYDOMAIN ?? ${SECONDBODYDOMAIN}
318* $ ! FIFTHBODYDOMAIN ?? ${THIRDBODYDOMAIN}
319* $ ! FIFTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN}
320{
321 LT5=no
322 LOCALDESCRIPTION="Body Domain:"
323 LOCALCHECK=${FIFTHBODYDOMAIN}
324 LISTSERVER="dbl.spamhaus.org"
325
326 :0
327 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
328
329 :0
330 * DBLCHECK ?? ^yes$
331 {
332  LISTNAME="DBL"
333  LISTRESPONSE="127\.0\.1\.2"
334  LISTSCORE="5"
335  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
336 }
337
338 :0
339 * DBLREDIRCHECK ?? ^yes$
340 {
341  LISTNAME="DBL (Redirectors)"
342  LISTRESPONSE="127\.0\.1\.3"
343  LISTSCORE="3"
344  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
345 }
346
347 LISTSERVER='localhost'
348 LOCALDESCRIPTION='Null'
349}
350
351INCLUDERC=${SBDIR}/functions/test-threshold.rc
352
353:0
354* ! SBCONFIG ?? ^(Analyze|Debug)$
355* SPAMTAG ?? ^yes$
356{ LOCALTAG=yes }
357
358# Check Sixth URI Domain.
359#
360:0
361* LOCALTAG ?? ^no$
362* LT2 ?? ^yes$
363* ! SIXTHBODYDOMAIN ?? ^example\.com$
364* $ ! SIXTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN}
365* $ ! SIXTHBODYDOMAIN ?? ${SECONDBODYDOMAIN}
366* $ ! SIXTHBODYDOMAIN ?? ${THIRDBODYDOMAIN}
367* $ ! SIXTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN}
368* $ ! SIXTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN}
369{
370 LT5=no
371 LOCALDESCRIPTION="Body Domain:"
372 LOCALCHECK=${SIXTHBODYDOMAIN}
373 LISTSERVER="dbl.spamhaus.org"
374
375 :0
376 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
377
378 :0
379 * DBLCHECK ?? ^yes$
380 {
381  LISTNAME="DBL"
382  LISTRESPONSE="127\.0\.1\.2"
383  LISTSCORE="5"
384  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
385 }
386
387 :0
388 * DBLREDIRCHECK ?? ^yes$
389 {
390  LISTNAME="DBL (Redirectors)"
391  LISTRESPONSE="127\.0\.1\.3"
392  LISTSCORE="3"
393  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
394 }
395
396 LISTSERVER='localhost'
397 LOCALDESCRIPTION='Null'
398}
399
400INCLUDERC=${SBDIR}/functions/test-threshold.rc
401
402:0
403* ! SBCONFIG ?? ^(Analyze|Debug)$
404* SPAMTAG ?? ^yes$
405{ LOCALTAG=yes }
406
407
408# SURBL (Spam URI Realtime Blocklist)
409#
410#  The SURBL is designed to be used to check the domains and IPs
411#  actually found in the message bodies of spam, not the IPs in
412#  headers or the rDNS IPs of the URL hosts in the message bodies.
413#  Using it therefore generates less "overhead" on your system
414#  than many of the other blocklists.  It's also extremely
415#  effective.
416
417LT2=no
418
419# Legit/Cracked
420:0
421* SURBLLEGITCHECK ?? ^yes$
422{ LT2=yes }
423
424# Malware
425:0
426* SURBLMWCHECK ?? ^yes$
427{ LT2=yes }
428
429# Phish
430:0
431* SURBLPHCHECK ?? ^yes$
432{ LT2=yes }
433
434# Spam
435:0
436* SURBLSPCHECK ?? ^yes$
437{ LT2=yes }
438
439# Check first message body domain, if one exists.
440:0
441* LOCALTAG ?? ^no$
442* LT2 ?? ^yes$
443* ! FIRSTBODYDOMAIN ?? ^example\.com$
444{
445 LT5=no
446 LOCALDESCRIPTION="Body Domain:"
447 LOCALCHECK=${FIRSTBODYDOMAIN}
448 LISTSERVER="multi.surbl.org"
449
450 :0
451 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
452
453 :0
454 * SURBLLEGITCHECK ?? ^yes$
455 {
456  LISTNAME="SURBL (Legit/Cracked)"
457  LISTRESPONSE="127\.0\.0\.(128|136|144|152|216)"
458  LISTSCORE="3"
459  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
460 }
461
462 :0
463 * SURBLMWCHECK ?? ^yes$
464 {
465  LISTNAME="SURBL (Malware)"
466  LISTRESPONSE="127\.0\.0\.(16|24|80|144|152|208|216)"
467  LISTSCORE="5"
468  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
469 }
470
471 :0
472 * SURBLPHCHECK ?? ^yes$
473 {
474  LISTNAME="SURBL (Phish)"
475  LISTRESPONSE="127\.0\.0\.(8|24|72|88|136|144|152|216)"
476  LISTSCORE="5"
477  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
478 }
479
480 :0
481 * SURBLSPCHECK ?? ^yes$
482 {
483  LISTNAME="SURBL (Spam)"
484  LISTRESPONSE="127\.0\.0\.(64|72|80|88|192|200|208|216)"
485  LISTSCORE="5"
486  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
487 }
488
489 LISTSERVER='localhost'
490 LOCALDESCRIPTION='Null'
491}
492
493INCLUDERC=${SBDIR}/functions/test-threshold.rc
494
495:0
496* ! SBCONFIG ?? ^(Analyze|Debug)$
497* SPAMTAG ?? ^yes$
498{ LOCALTAG=yes }
499
500# Check second message body domain, if one exists.
501:0
502* LOCALTAG ?? ^no$
503* LT2 ?? ^yes$
504* ! SECONDBODYDOMAIN ?? ^example\.com$
505* $ ! SECONDBODYDOMAIN ?? ^${FIRSTBODYDOMAIN}$
506{
507 LT5=no
508 LOCALDESCRIPTION="Body Domain:"
509 LOCALCHECK=${SECONDBODYDOMAIN}
510 LISTSERVER="multi.surbl.org"
511
512 :0
513 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
514
515 :0
516 * SURBLLEGITCHECK ?? ^yes$
517 {
518  LISTNAME="SURBL (Legit/Cracked)"
519  LISTRESPONSE="127\.0\.0\.(128|136|144|152|216)"
520  LISTSCORE="3"
521  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
522 }
523
524 :0
525 * SURBLMWCHECK ?? ^yes$
526 {
527  LISTNAME="SURBL (Malware)"
528  LISTRESPONSE="127\.0\.0\.(16|24|80|144|152|208|216)"
529  LISTSCORE="5"
530  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
531 }
532
533 :0
534 * SURBLPHCHECK ?? ^yes$
535 {
536  LISTNAME="SURBL (Phish)"
537  LISTRESPONSE="127\.0\.0\.(8|24|72|88|136|144|152|216)"
538  LISTSCORE="5"
539  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
540 }
541
542 :0
543 * SURBLSPCHECK ?? ^yes$
544 {
545  LISTNAME="SURBL (Spam)"
546  LISTRESPONSE="127\.0\.0\.(64|72|80|88|192|200|208|216)"
547  LISTSCORE="5"
548  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
549 }
550
551 LISTSERVER='localhost'
552 LOCALDESCRIPTION='Null'
553}
554
555INCLUDERC=${SBDIR}/functions/test-threshold.rc
556
557:0
558* ! SBCONFIG ?? ^(Analyze|Debug)$
559* SPAMTAG ?? ^yes$
560{ LOCALTAG=yes }
561
562# Check third message body domain, if one exists.
563:0
564* LOCALTAG ?? ^no$
565* LT2 ?? ^yes$
566* ! THIRDBODYDOMAIN ?? ^example\.com$
567* $ ! THIRDBODYDOMAIN ?? ^${FIRSTBODYDOMAIN}$
568* $ ! THIRDBODYDOMAIN ?? ^${SECONDBODYDOMAIN}$
569{
570 LT5=no
571 LOCALDESCRIPTION="Body Domain:"
572 LOCALCHECK=${THIRDBODYDOMAIN}
573 LISTSERVER="multi.surbl.org"
574
575 :0
576 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
577
578 :0
579 * SURBLLEGITCHECK ?? ^yes$
580 {
581  LISTNAME="SURBL (Legit/Cracked)"
582  LISTRESPONSE="127\.0\.0\.(128|136|144|152|216)"
583  LISTSCORE="3"
584  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
585 }
586
587 :0
588 * SURBLMWCHECK ?? ^yes$
589 {
590  LISTNAME="SURBL (Malware)"
591  LISTRESPONSE="127\.0\.0\.(16|24|80|144|152|208|216)"
592  LISTSCORE="5"
593  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
594 }
595
596 :0
597 * SURBLPHCHECK ?? ^yes$
598 {
599  LISTNAME="SURBL (Phish)"
600  LISTRESPONSE="127\.0\.0\.(8|24|72|88|136|144|152|216)"
601  LISTSCORE="5"
602  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
603 }
604
605 :0
606 * SURBLSPCHECK ?? ^yes$
607 {
608  LISTNAME="SURBL (Spam)"
609  LISTRESPONSE="127\.0\.0\.(64|72|80|88|192|200|208|216)"
610  LISTSCORE="5"
611  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
612 }
613
614 LISTSERVER='localhost'
615 LOCALDESCRIPTION='Null'
616}
617
618INCLUDERC=${SBDIR}/functions/test-threshold.rc
619
620:0
621* ! SBCONFIG ?? ^(Analyze|Debug)$
622* SPAMTAG ?? ^yes$
623{ LOCALTAG=yes }
624
625# Check fourth message body domain, if one exists.
626:0
627* LOCALTAG ?? ^no$
628* LT2 ?? ^yes$
629* ! FOURTHBODYDOMAIN ?? ^example\.com$
630* $ ! FOURTHBODYDOMAIN ?? ^${FIRSTBODYDOMAIN}$
631* $ ! FOURTHBODYDOMAIN ?? ^${SECONDBODYDOMAIN}$
632* $ ! FOURTHBODYDOMAIN ?? ^${THIRDBODYDOMAIN}$
633{
634 LT5=no
635 LOCALDESCRIPTION="Body Domain:"
636 LOCALCHECK=${FOURTHBODYDOMAIN}
637 LISTSERVER="multi.surbl.org"
638
639 :0
640 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
641
642 :0
643 * SURBLLEGITCHECK ?? ^yes$
644 {
645  LISTNAME="SURBL (Legit/Cracked)"
646  LISTRESPONSE="127\.0\.0\.(128|136|144|152|216)"
647  LISTSCORE="3"
648  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
649 }
650
651 :0
652 * SURBLMWCHECK ?? ^yes$
653 {
654  LISTNAME="SURBL (Malware)"
655  LISTRESPONSE="127\.0\.0\.(16|24|80|144|152|208|216)"
656  LISTSCORE="5"
657  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
658 }
659
660 :0
661 * SURBLPHCHECK ?? ^yes$
662 {
663  LISTNAME="SURBL (Phish)"
664  LISTRESPONSE="127\.0\.0\.(8|24|72|88|136|144|152|216)"
665  LISTSCORE="5"
666  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
667 }
668
669 :0
670 * SURBLSPCHECK ?? ^yes$
671 {
672  LISTNAME="SURBL (Spam)"
673  LISTRESPONSE="127\.0\.0\.(64|72|80|88|192|200|208|216)"
674  LISTSCORE="5"
675  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
676 }
677
678 LISTSERVER='localhost'
679 LOCALDESCRIPTION='Null'
680}
681
682INCLUDERC=${SBDIR}/functions/test-threshold.rc
683
684:0
685* ! SBCONFIG ?? ^(Analyze|Debug)$
686* SPAMTAG ?? ^yes$
687{ LOCALTAG=yes }
688
689# Check fifth message body domain, if one exists.
690:0
691* LOCALTAG ?? ^no$
692* LT2 ?? ^yes$
693* ! FIFTHBODYDOMAIN ?? ^example\.com$
694* $ ! FIFTHBODYDOMAIN ?? ^${FIRSTBODYDOMAIN}$
695* $ ! FIFTHBODYDOMAIN ?? ^${SECONDBODYDOMAIN}$
696* $ ! FIFTHBODYDOMAIN ?? ^${THIRDBODYDOMAIN}$
697* $ ! FIFTHBODYDOMAIN ?? ^${FOURTHBODYDOMAIN}$
698{
699 LT5=no
700 LOCALDESCRIPTION="Body Domain:"
701 LOCALCHECK=${FIFTHBODYDOMAIN}
702 LISTSERVER="multi.surbl.org"
703
704 :0
705 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
706
707 :0
708 * SURBLLEGITCHECK ?? ^yes$
709 {
710  LISTNAME="SURBL (Legit/Cracked)"
711  LISTRESPONSE="127\.0\.0\.(128|136|144|152|216)"
712  LISTSCORE="3"
713  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
714 }
715
716 :0
717 * SURBLMWCHECK ?? ^yes$
718 {
719  LISTNAME="SURBL (Malware)"
720  LISTRESPONSE="127\.0\.0\.(16|24|80|144|152|208|216)"
721  LISTSCORE="5"
722  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
723 }
724
725 :0
726 * SURBLPHCHECK ?? ^yes$
727 {
728  LISTNAME="SURBL (Phish)"
729  LISTRESPONSE="127\.0\.0\.(8|24|72|88|136|144|152|216)"
730  LISTSCORE="5"
731  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
732 }
733
734 :0
735 * SURBLSPCHECK ?? ^yes$
736 {
737  LISTNAME="SURBL (Spam)"
738  LISTRESPONSE="127\.0\.0\.(64|72|80|88|192|200|208|216)"
739  LISTSCORE="5"
740  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
741 }
742
743 LISTSERVER='localhost'
744 LOCALDESCRIPTION='Null'
745}
746
747INCLUDERC=${SBDIR}/functions/test-threshold.rc
748
749:0
750* ! SBCONFIG ?? ^(Analyze|Debug)$
751* SPAMTAG ?? ^yes$
752{ LOCALTAG=yes }
753
754# Check sixth message body domain, if one exists.
755:0
756* LOCALTAG ?? ^no$
757* LT2 ?? ^yes$
758* ! SIXTHBODYDOMAIN ?? ^example\.com$
759* $ ! SIXTHBODYDOMAIN ?? ^${FIRSTBODYDOMAIN}$
760* $ ! SIXTHBODYDOMAIN ?? ^${SECONDBODYDOMAIN}$
761* $ ! SIXTHBODYDOMAIN ?? ^${THIRDBODYDOMAIN}$
762* $ ! SIXTHBODYDOMAIN ?? ^${FOURTHBODYDOMAIN}$
763* $ ! SIXTHBODYDOMAIN ?? ^${FIFTHBODYDOMAIN}$
764{
765 LT5=no
766 LOCALDESCRIPTION="Body Domain:"
767 LOCALCHECK=${SIXTHBODYDOMAIN}
768 LISTSERVER="multi.surbl.org"
769
770 :0
771 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
772
773 :0
774 * SURBLLEGITCHECK ?? ^yes$
775 {
776  LISTNAME="SURBL (Legit/Cracked)"
777  LISTRESPONSE="127\.0\.0\.(128|136|144|152|216)"
778  LISTSCORE="3"
779  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
780 }
781
782 :0
783 * SURBLMWCHECK ?? ^yes$
784 {
785  LISTNAME="SURBL (Malware)"
786  LISTRESPONSE="127\.0\.0\.(16|24|80|144|152|208|216)"
787  LISTSCORE="5"
788  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
789 }
790
791 :0
792 * SURBLPHCHECK ?? ^yes$
793 {
794  LISTNAME="SURBL (Phish)"
795  LISTRESPONSE="127\.0\.0\.(8|24|72|88|136|144|152|216)"
796  LISTSCORE="5"
797  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
798 }
799
800 :0
801 * SURBLSPCHECK ?? ^yes$
802 {
803  LISTNAME="SURBL (Spam)"
804  LISTRESPONSE="127\.0\.0\.(64|72|80|88|192|200|208|216)"
805  LISTSCORE="5"
806  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
807 }
808
809 LISTSERVER='localhost'
810 LOCALDESCRIPTION='Null'
811}
812
813INCLUDERC=${SBDIR}/functions/test-threshold.rc
814
815:0
816* ! SBCONFIG ?? ^(Analyze|Debug)$
817* SPAMTAG ?? ^yes$
818{ LOCALTAG=yes }
819
820# URIBL Blocklists
821#
822#  Blocklists of URI domains and IPs. "Black" should
823#  have no false positives. (It sometimes does, but they're
824#  delisted quickly.)  "Grey" lists domains and IPs that send
825#  spam, but also send a significant amount of non-spam email.
826#  "Red" lists domains that share nameservers with one or more
827#  domains listed in "Black".
828
829LT2=no
830
831:0
832* URIBLCHECK ?? ^yes$
833{ LT2=yes }
834
835:0
836* URIBLGREYCHECK ?? ^yes$
837{ LT2=yes }
838
839:0
840* URIBLREDCHECK ?? ^yes$
841{ LT2=yes }
842
843# Check first message body domain, if one exists.
844#
845:0
846* LOCALTAG ?? ^no$
847* LT2 ?? ^yes$
848* ! FIRSTBODYDOMAIN ?? ^example\.com$
849{
850 LT5=no
851 LOCALDESCRIPTION="Body Domain:"
852 LOCALCHECK=${FIRSTBODYDOMAIN}
853 LISTSERVER="multi.uribl.com"
854
855 :0
856 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
857
858 :0
859 * URIBLCHECK ?? ^yes$
860 {
861  LISTNAME="URIBL (Black)"
862  LISTRESPONSE="127\.0\.0\.2"
863  LISTSCORE="4"
864  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
865 }
866
867 :0
868 * URIBLGREYCHECK ?? ^yes$
869 {
870  LISTNAME="URIBL (Grey)"
871  LISTRESPONSE="127\.0\.0\.4"
872  LISTSCORE="2"
873  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
874 }
875
876 :0
877 * URIBLREDCHECK ?? ^yes$
878 {
879  LISTNAME="URIBL (Red)"
880  LISTRESPONSE="127\.0\.0\.8"
881  LISTSCORE="3"
882  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
883 }
884
885 LISTSERVER='localhost'
886 LOCALDESCRIPTION='Null'
887}
888
889INCLUDERC=${SBDIR}/functions/test-threshold.rc
890
891:0
892* ! SBCONFIG ?? ^(Analyze|Debug)$
893* SPAMTAG ?? ^yes$
894{ LOCALTAG=yes }
895
896# Check second message body domain, if one exists.
897#
898:0
899* LOCALTAG ?? ^no$
900* LT2 ?? ^yes$
901* ! SECONDBODYDOMAIN ?? ^example\.com$
902* $ ! SECONDBODYDOMAIN ?? ${FIRSTBODYDOMAIN}
903{
904 LT5=no
905 LOCALDESCRIPTION="Body Domain:"
906 LOCALCHECK=${SECONDBODYDOMAIN}
907 LISTSERVER="multi.uribl.com"
908
909 :0
910 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
911
912 :0
913 * URIBLCHECK ?? ^yes$
914 {
915  LISTNAME="URIBL (Black)"
916  LISTRESPONSE="127\.0\.0\.2"
917  LISTSCORE="4"
918  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
919 }
920
921 :0
922 * URIBLGREYCHECK ?? ^yes$
923 {
924  LISTNAME="URIBL (Grey)"
925  LISTRESPONSE="127\.0\.0\.4"
926  LISTSCORE="2"
927  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
928 }
929
930 :0
931 * URIBLREDCHECK ?? ^yes$
932 {
933  LISTNAME="URIBL (Red)"
934  LISTRESPONSE="127\.0\.0\.8"
935  LISTSCORE="3"
936  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
937 }
938
939 LISTSERVER='localhost'
940 LOCALDESCRIPTION='Null'
941}
942
943INCLUDERC=${SBDIR}/functions/test-threshold.rc
944
945:0
946* ! SBCONFIG ?? ^(Analyze|Debug)$
947* SPAMTAG ?? ^yes$
948{ LOCALTAG=yes }
949
950# Check third message body domain, if one exists.
951#
952:0
953* LOCALTAG ?? ^no$
954* LT2 ?? ^yes$
955* ! THIRDBODYDOMAIN ?? ^example\.com$
956* $ ! THIRDBODYDOMAIN ?? ${FIRSTBODYDOMAIN}
957* $ ! THIRDBODYDOMAIN ?? ${SECONDBODYDOMAIN}
958{
959 LT5=no
960 LOCALDESCRIPTION="Body Domain:"
961 LOCALCHECK=${THIRDBODYDOMAIN}
962 LISTSERVER="multi.uribl.com"
963
964 :0
965 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
966
967 :0
968 * URIBLCHECK ?? ^yes$
969 {
970  LISTNAME="URIBL (Black)"
971  LISTRESPONSE="127\.0\.0\.2"
972  LISTSCORE="4"
973  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
974 }
975
976 :0
977 * URIBLGREYCHECK ?? ^yes$
978 {
979  LISTNAME="URIBL (Grey)"
980  LISTRESPONSE="127\.0\.0\.4"
981  LISTSCORE="2"
982  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
983 }
984
985 :0
986 * URIBLREDCHECK ?? ^yes$
987 {
988  LISTNAME="URIBL (Red)"
989  LISTRESPONSE="127\.0\.0\.8"
990  LISTSCORE="3"
991  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
992 }
993
994 LISTSERVER='localhost'
995 LOCALDESCRIPTION='Null'
996}
997
998INCLUDERC=${SBDIR}/functions/test-threshold.rc
999
1000:0
1001* ! SBCONFIG ?? ^(Analyze|Debug)$
1002* SPAMTAG ?? ^yes$
1003{ LOCALTAG=yes }
1004
1005# Check fourth message body domain, if one exists.
1006#
1007:0
1008* LOCALTAG ?? ^no$
1009* LT2 ?? ^yes$
1010* ! FOURTHBODYDOMAIN ?? ^example\.com$
1011* $ ! FOURTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN}
1012* $ ! FOURTHBODYDOMAIN ?? ${SECONDBODYDOMAIN}
1013* $ ! FOURTHBODYDOMAIN ?? ${THIRDBODYDOMAIN}
1014{
1015 LT5=no
1016 LOCALDESCRIPTION="Body Domain:"
1017 LOCALCHECK=${FOURTHBODYDOMAIN}
1018 LISTSERVER="multi.uribl.com"
1019
1020 :0
1021 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
1022
1023 :0
1024 * URIBLCHECK ?? ^yes$
1025 {
1026  LISTNAME="URIBL (Black)"
1027  LISTRESPONSE="127\.0\.0\.2"
1028  LISTSCORE="4"
1029  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
1030 }
1031
1032 :0
1033 * URIBLGREYCHECK ?? ^yes$
1034 {
1035  LISTNAME="URIBL (Grey)"
1036  LISTRESPONSE="127\.0\.0\.4"
1037  LISTSCORE="2"
1038  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
1039 }
1040
1041 :0
1042 * URIBLREDCHECK ?? ^yes$
1043 {
1044  LISTNAME="URIBL (Red)"
1045  LISTRESPONSE="127\.0\.0\.8"
1046  LISTSCORE="3"
1047  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
1048 }
1049
1050 LISTSERVER='localhost'
1051 LOCALDESCRIPTION='Null'
1052}
1053
1054INCLUDERC=${SBDIR}/functions/test-threshold.rc
1055
1056:0
1057* ! SBCONFIG ?? ^(Analyze|Debug)$
1058* SPAMTAG ?? ^yes$
1059{ LOCALTAG=yes }
1060
1061# Check fifth message body domain, if one exists.
1062#
1063:0
1064* LOCALTAG ?? ^no$
1065* LT2 ?? ^yes$
1066* ! FIFTHBODYDOMAIN ?? ^example\.com$
1067* $ ! FIFTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN}
1068* $ ! FIFTHBODYDOMAIN ?? ${SECONDBODYDOMAIN}
1069* $ ! FIFTHBODYDOMAIN ?? ${THIRDBODYDOMAIN}
1070* $ ! FIFTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN}
1071{
1072 LT5=no
1073 LOCALDESCRIPTION="Body Domain:"
1074 LOCALCHECK=${FIFTHBODYDOMAIN}
1075 LISTSERVER="multi.uribl.com"
1076
1077 :0
1078 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
1079
1080 :0
1081 * URIBLCHECK ?? ^yes$
1082 {
1083  LISTNAME="URIBL (Black)"
1084  LISTRESPONSE="127\.0\.0\.2"
1085  LISTSCORE="4"
1086  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
1087 }
1088
1089 :0
1090 * URIBLGREYCHECK ?? ^yes$
1091 {
1092  LISTNAME="URIBL (Grey)"
1093  LISTRESPONSE="127\.0\.0\.4"
1094  LISTSCORE="2"
1095  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
1096 }
1097
1098 :0
1099 * URIBLREDCHECK ?? ^yes$
1100 {
1101  LISTNAME="URIBL (Red)"
1102  LISTRESPONSE="127\.0\.0\.8"
1103  LISTSCORE="3"
1104  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
1105 }
1106
1107 LISTSERVER='localhost'
1108 LOCALDESCRIPTION='Null'
1109}
1110
1111INCLUDERC=${SBDIR}/functions/test-threshold.rc
1112
1113:0
1114* ! SBCONFIG ?? ^(Analyze|Debug)$
1115* SPAMTAG ?? ^yes$
1116{ LOCALTAG=yes }
1117
1118# Check sixth message body domain, if one exists.
1119#
1120:0
1121* LOCALTAG ?? ^no$
1122* LT2 ?? ^yes$
1123* ! SIXTHBODYDOMAIN ?? ^example\.com$
1124* $ ! SIXTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN}
1125* $ ! SIXTHBODYDOMAIN ?? ${SECONDBODYDOMAIN}
1126* $ ! SIXTHBODYDOMAIN ?? ${THIRDBODYDOMAIN}
1127* $ ! SIXTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN}
1128* $ ! SIXTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN}
1129{
1130 LT5=no
1131 LOCALDESCRIPTION="Body Domain:"
1132 LOCALCHECK=${SIXTHBODYDOMAIN}
1133 LISTSERVER="multi.uribl.com"
1134
1135 :0
1136 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
1137
1138 :0
1139 * URIBLCHECK ?? ^yes$
1140 {
1141  LISTNAME="URIBL (Black)"
1142  LISTRESPONSE="127\.0\.0\.2"
1143  LISTSCORE="4"
1144  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
1145 }
1146
1147 :0
1148 * URIBLGREYCHECK ?? ^yes$
1149 {
1150  LISTNAME="URIBL (Grey)"
1151  LISTRESPONSE="127\.0\.0\.4"
1152  LISTSCORE="2"
1153  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
1154 }
1155
1156 :0
1157 * URIBLREDCHECK ?? ^yes$
1158 {
1159  LISTNAME="URIBL (Red)"
1160  LISTRESPONSE="127\.0\.0\.8"
1161  LISTSCORE="3"
1162  INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc
1163 }
1164
1165 LISTSERVER='localhost'
1166 LOCALDESCRIPTION='Null'
1167}
1168
1169INCLUDERC=${SBDIR}/functions/test-threshold.rc
1170
1171:0
1172* ! SBCONFIG ?? ^(Analyze|Debug)$
1173* SPAMTAG ?? ^yes$
1174{ LOCALTAG=yes }
1175
1176# SpamHaus IP-based Blocklist Checks
1177#
1178#  This recipe checks all of the Spamhaus IP-based blocklists.
1179
1180LT2=no
1181
1182:0
1183* SBLCHECK ?? ^yes$
1184{ LT2=yes }
1185
1186:0
1187* CSSCHECK ?? ^yes$
1188{ LT2=yes }
1189
1190:0
1191* XBLCHECK ?? ^(CBL|ALL)$
1192{ LT2=yes }
1193
1194# Check first message body IP, if exists.
1195:0
1196* LOCALTAG ?? ^no$
1197* LT2 ?? ^(yes)$
1198* ! FIRSTBODYIP ?? ^000\.000\.000\.000$
1199{
1200 LT5=no
1201 LOCALDESCRIPTION="Body IP:"
1202 LOCALCHECK=${FIRSTBODYIP}
1203 LOCALREVCHECK=${FIRSTBODYREVIP}
1204 LISTSERVER="zen.spamhaus.org"
1205
1206 :0
1207 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` }
1208
1209 :0
1210 * SBLCHECK ?? ^(yes)$
1211 {
1212  LISTNAME="the SBL"
1213  LISTRESPONSE="127\.0\.0\.2"
1214  LISTSCORE="5"
1215  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1216 }
1217
1218 :0
1219 * CSSCHECK ?? ^(yes)$
1220 {
1221  LISTNAME="the CSS"
1222  LISTRESPONSE="127\.0\.0\.3"
1223  LISTSCORE="5"
1224  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1225 }
1226
1227 :0
1228 * XBLCHECK ?? ^(CBL|ALL)$
1229 {
1230  LISTNAME="the XBL (CBL)"
1231  LISTRESPONSE="127\.0\.0\.4"
1232  LISTSCORE="3"
1233  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1234 }
1235
1236 LISTSERVER='localhost'
1237 LOCALDESCRIPTION='Null'
1238}
1239
1240INCLUDERC=${SBDIR}/functions/test-threshold.rc
1241
1242:0
1243* ! SBCONFIG ?? ^(Analyze|Debug)$
1244* SPAMTAG ?? ^yes$
1245{ LOCALTAG=yes }
1246
1247# Check second message body IP, if exists.
1248:0
1249* LOCALTAG ?? ^no$
1250* LT2 ?? ^(yes)$
1251* ! SECONDBODYIP ?? ^000\.000\.000\.000$
1252* $ ! SECONDBODYIP ?? ${FIRSTBODYIP}
1253{
1254 LT5=no
1255 LOCALDESCRIPTION="Body IP:"
1256 LOCALCHECK=${SECONDBODYIP}
1257 LOCALREVCHECK=${SECONDBODYREVIP}
1258 LISTSERVER="zen.spamhaus.org"
1259
1260 :0
1261 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` }
1262
1263 :0
1264 * SBLCHECK ?? ^(yes)$
1265 {
1266  LISTNAME="the SBL"
1267  LISTRESPONSE="127\.0\.0\.2"
1268  LISTSCORE="5"
1269  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1270 }
1271
1272 :0
1273 * CSSCHECK ?? ^(yes)$
1274 {
1275  LISTNAME="the CSS"
1276  LISTRESPONSE="127\.0\.0\.3"
1277  LISTSCORE="5"
1278  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1279 }
1280
1281 :0
1282 * XBLCHECK ?? ^(CBL|ALL)$
1283 {
1284  LISTNAME="the XBL (CBL)"
1285  LISTRESPONSE="127\.0\.0\.4"
1286  LISTSCORE="3"
1287  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1288 }
1289
1290 LISTSERVER='localhost'
1291 LOCALDESCRIPTION='Null'
1292}
1293
1294INCLUDERC=${SBDIR}/functions/test-threshold.rc
1295
1296:0
1297* ! SBCONFIG ?? ^(Analyze|Debug)$
1298* SPAMTAG ?? ^yes$
1299{ LOCALTAG=yes }
1300
1301# Check third message body IP, if exists.
1302:0
1303* LOCALTAG ?? ^no$
1304* LT2 ?? ^(yes)$
1305* ! THIRDBODYIP ?? ^000\.000\.000\.000$
1306* $ ! THIRDBODYIP ?? ${FIRSTBODYIP}
1307* $ ! THIRDBODYIP ?? ${SECONDBODYIP}
1308{
1309 LT5=no
1310 LOCALDESCRIPTION="Body IP:"
1311 LOCALCHECK=${THIRDBODYIP}
1312 LOCALREVCHECK=${THIRDBODYREVIP}
1313 LISTSERVER="zen.spamhaus.org"
1314
1315 :0
1316 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` }
1317
1318 :0
1319 * SBLCHECK ?? ^(yes)$
1320 {
1321  LISTNAME="the SBL"
1322  LISTRESPONSE="127\.0\.0\.2"
1323  LISTSCORE="5"
1324  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1325 }
1326
1327 :0
1328 * CSSCHECK ?? ^(yes)$
1329 {
1330  LISTNAME="the CSS"
1331  LISTRESPONSE="127\.0\.0\.3"
1332  LISTSCORE="5"
1333  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1334 }
1335
1336 :0
1337 * XBLCHECK ?? ^(CBL|ALL)$
1338 {
1339  LISTNAME="the XBL (CBL)"
1340  LISTRESPONSE="127\.0\.0\.4"
1341  LISTSCORE="3"
1342  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1343 }
1344
1345 LISTSERVER='localhost'
1346 LOCALDESCRIPTION='Null'
1347}
1348
1349INCLUDERC=${SBDIR}/functions/test-threshold.rc
1350
1351:0
1352* ! SBCONFIG ?? ^(Analyze|Debug)$
1353* SPAMTAG ?? ^yes$
1354{ LOCALTAG=yes }
1355
1356# Check fourth message body IP, if exists.
1357#
1358:0
1359* LOCALTAG ?? ^no$
1360* LT2 ?? ^(yes)$
1361* ! FOURTHBODYIP ?? ^000\.000\.000\.000$
1362* $ ! FOURTHBODYIP ?? ${FIRSTBODYIP}
1363* $ ! FOURTHBODYIP ?? ${SECONDBODYIP}
1364* $ ! FOURTHBODYIP ?? ${THIRDBODYIP}
1365{
1366 LT5=no
1367 LOCALDESCRIPTION="Body IP:"
1368 LOCALCHECK=${FOURTHBODYIP}
1369 LOCALREVCHECK=${FOURTHBODYREVIP}
1370 LISTSERVER="zen.spamhaus.org"
1371
1372 :0
1373 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` }
1374
1375 :0
1376 * SBLCHECK ?? ^(yes)$
1377 {
1378  LISTNAME="the SBL"
1379  LISTRESPONSE="127\.0\.0\.2"
1380  LISTSCORE="5"
1381  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1382 }
1383
1384 :0
1385 * CSSCHECK ?? ^(yes)$
1386 {
1387  LISTNAME="the CSS"
1388  LISTRESPONSE="127\.0\.0\.3"
1389  LISTSCORE="5"
1390  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1391 }
1392
1393 :0
1394 * XBLCHECK ?? ^(CBL|ALL)$
1395 {
1396  LISTNAME="the XBL (CBL)"
1397  LISTRESPONSE="127\.0\.0\.4"
1398  LISTSCORE="3"
1399  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1400 }
1401
1402 LISTSERVER='localhost'
1403 LOCALDESCRIPTION='Null'
1404}
1405
1406INCLUDERC=${SBDIR}/functions/test-threshold.rc
1407
1408:0
1409* ! SBCONFIG ?? ^(Analyze|Debug)$
1410* SPAMTAG ?? ^yes$
1411{ LOCALTAG=yes }
1412
1413# Check fifth message body IP, if exists.
1414#
1415:0
1416* LOCALTAG ?? ^no$
1417* LT2 ?? ^(yes)$
1418* ! FIFTHBODYIP ?? ^000\.000\.000\.000$
1419* $ ! FIFTHBODYIP ?? ${FIRSTBODYIP}
1420* $ ! FIFTHBODYIP ?? ${SECONDBODYIP}
1421* $ ! FIFTHBODYIP ?? ${THIRDBODYIP}
1422* $ ! FIFTHBODYIP ?? ${FOURTHBODYIP}
1423{
1424 LT5=no
1425 LOCALDESCRIPTION="Body IP:"
1426 LOCALCHECK=${FIFTHBODYIP}
1427 LOCALREVCHECK=${FIFTHBODYREVIP}
1428 LISTSERVER="zen.spamhaus.org"
1429
1430 :0
1431 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` }
1432
1433 :0
1434 * SBLCHECK ?? ^(yes)$
1435 {
1436  LISTNAME="the SBL"
1437  LISTRESPONSE="127\.0\.0\.2"
1438  LISTSCORE="5"
1439  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1440 }
1441
1442 :0
1443 * CSSCHECK ?? ^(yes)$
1444 {
1445  LISTNAME="the CSS"
1446  LISTRESPONSE="127\.0\.0\.3"
1447  LISTSCORE="5"
1448  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1449 }
1450
1451 :0
1452 * XBLCHECK ?? ^(CBL|ALL)$
1453 {
1454  LISTNAME="the XBL (CBL)"
1455  LISTRESPONSE="127\.0\.0\.4"
1456  LISTSCORE="3"
1457  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1458 }
1459
1460 LISTSERVER='localhost'
1461 LOCALDESCRIPTION='Null'
1462}
1463
1464INCLUDERC=${SBDIR}/functions/test-threshold.rc
1465
1466:0
1467* ! SBCONFIG ?? ^(Analyze|Debug)$
1468* SPAMTAG ?? ^yes$
1469{ LOCALTAG=yes }
1470
1471# Check sixth message body IP, if exists.
1472#
1473:0
1474* LOCALTAG ?? ^no$
1475* LT2 ?? ^(yes)$
1476* ! SIXTHBODYIP ?? ^000\.000\.000\.000$
1477* $ ! SIXTHBODYIP ?? ${FIRSTBODYIP}
1478* $ ! SIXTHBODYIP ?? ${SECONDBODYIP}
1479* $ ! SIXTHBODYIP ?? ${THIRDBODYIP}
1480* $ ! SIXTHBODYIP ?? ${FOURTHBODYIP}
1481* $ ! SIXTHBODYIP ?? ${FIFTHBODYIP}
1482{
1483 LT5=no
1484 LOCALDESCRIPTION="Body IP:"
1485 LOCALCHECK=${SIXTHBODYIP}
1486 LOCALREVCHECK=${SIXTHBODYREVIP}
1487 LISTSERVER="zen.spamhaus.org"
1488
1489 :0
1490 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` }
1491
1492 :0
1493 * SBLCHECK ?? ^(yes)$
1494 {
1495  LISTNAME="the SBL"
1496  LISTRESPONSE="127\.0\.0\.2"
1497  LISTSCORE="5"
1498  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1499 }
1500
1501 :0
1502 * CSSCHECK ?? ^(yes)$
1503 {
1504  LISTNAME="the CSS"
1505  LISTRESPONSE="127\.0\.0\.3"
1506  LISTSCORE="5"
1507  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1508 }
1509
1510 :0
1511 * XBLCHECK ?? ^(CBL|ALL)$
1512 {
1513  LISTNAME="the XBL (CBL)"
1514  LISTRESPONSE="127\.0\.0\.4"
1515  LISTSCORE="3"
1516  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1517 }
1518
1519 LISTSERVER='localhost'
1520 LOCALDESCRIPTION='Null'
1521}
1522
1523INCLUDERC=${SBDIR}/functions/test-threshold.rc
1524
1525:0
1526* ! SBCONFIG ?? ^(Analyze|Debug)$
1527* SPAMTAG ?? ^yes$
1528{ LOCALTAG=yes }
1529
1530# MSBL EBL
1531#
1532# Checks message body email addresses agains
1533# the MSBL Email Blocklist.
1534:0
1535* LOCALTAG ?? ^no$
1536* EBLCHECK ?? ^(yes)$
1537* ! FIRSTBODYEHASH ?? ^NULL$
1538* $ ! FIRSTBODYEMAIL ?? ^${FROMEMAIL}$
1539* $ ! FIRSTBODYEMAIL ?? ^${REPLYTOEMAIL}$
1540{
1541 LT5=no
1542 LOCALDESCRIPTION="Body Email:"
1543 LOCALCHECK=${FIRSTBODYEHASH}
1544 LOCALCHK2="${FIRSTBODYEMAIL}"
1545 LISTSERVER="ebl.msbl.org"
1546
1547 :0
1548 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` }
1549
1550 :0
1551 * EBLCHECK ?? ^(yes)$
1552 {
1553  LISTNAME="the EBL"
1554  LISTRESPONSE="127\.0\.0\.2"
1555  LISTSCORE="5"
1556  INCLUDERC=${SBDIR}/functions/hashbl-sub.rc
1557 }
1558
1559 LISTSERVER='localhost'
1560 LOCALDESCRIPTION='Null'
1561}
1562
1563INCLUDERC=${SBDIR}/functions/test-threshold.rc
1564
1565:0
1566* ! SBCONFIG ?? ^(Analyze|Debug)$
1567* SPAMTAG ?? ^yes$
1568{ LOCALTAG=yes }
1569
1570# SORBS Checks
1571#
1572#  Checks message body IPs against appropriate SORBS lists.
1573
1574LT2=no
1575
1576:0
1577* SORBSPROXYCHECK ?? ^yes$
1578{ LT2=yes }
1579
1580:0
1581* SORBSSPAMCHECK ?? ^yes$
1582{ LT2=yes }
1583
1584:0
1585* SORBSZOMBIECHECK ?? ^yes$
1586{ LT2=yes }
1587
1588# Check first message body IP, if one exists.
1589#
1590:0
1591* LOCALTAG ?? ^no$
1592* LT2 ?? ^(yes)$
1593* ! FIRSTBODYIP ?? ^000\.000\.000\.000$
1594{
1595 LT5=no
1596 LOCALDESCRIPTION="Body IP:"
1597 LOCALCHECK=${FIRSTBODYIP}
1598 LOCALREVCHECK=${FIRSTBODYREVIP}
1599 LISTSERVER="dnsbl.sorbs.net"
1600
1601 :0
1602 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` }
1603
1604 :0
1605 * SORBSPROXYCHECK ?? ^(yes)$
1606 {
1607  LISTNAME="SORBS (open proxies)"
1608  LISTRESPONSE="127\.0\.0\.(2|3|4)"
1609  LISTSCORE="4"
1610  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1611 }
1612
1613 :0
1614 * SORBSSPAMCHECK ?? ^(yes)$
1615 {
1616  LISTNAME="SORBS (spam sources)"
1617  LISTRESPONSE="127\.0\.0\.6"
1618  LISTSCORE="3"
1619  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1620 }
1621
1622 :0
1623 * SORBSZOMBIECHECK ?? ^(yes)$
1624 {
1625  LISTNAME="SORBS (zombie netblocks)"
1626  LISTRESPONSE="127\.0\.0\.9"
1627  LISTSCORE="3"
1628  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1629 }
1630
1631 LISTSERVER='localhost'
1632 LOCALDESCRIPTION='Null'
1633}
1634
1635INCLUDERC=${SBDIR}/functions/test-threshold.rc
1636
1637:0
1638* ! SBCONFIG ?? ^(Analyze|Debug)$
1639* SPAMTAG ?? ^yes$
1640{ LOCALTAG=yes }
1641
1642# Check second message body IP, if one exists.
1643#
1644:0
1645* LOCALTAG ?? ^no$
1646* LT2 ?? ^(yes)$
1647* ! SECONDBODYIP ?? ^000\.000\.000\.000$
1648* $ ! SECONDBODYIP ?? ${FIRSTBODYIP}
1649{
1650 LT5=no
1651 LOCALDESCRIPTION="Body IP:"
1652 LOCALCHECK=${SECONDBODYIP}
1653 LOCALREVCHECK=${SECONDBODYREVIP}
1654 LISTSERVER="dnsbl.sorbs.net"
1655
1656 :0
1657 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` }
1658
1659 :0
1660 * SORBSPROXYCHECK ?? ^(yes)$
1661 {
1662  LISTNAME="SORBS (open proxies)"
1663  LISTRESPONSE="127\.0\.0\.(2|3|4)"
1664  LISTSCORE="4"
1665  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1666 }
1667
1668 :0
1669 * SORBSSPAMCHECK ?? ^(yes)$
1670 {
1671  LISTNAME="SORBS (spam sources)"
1672  LISTRESPONSE="127\.0\.0\.6"
1673  LISTSCORE="3"
1674  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1675 }
1676
1677 :0
1678 * SORBSZOMBIECHECK ?? ^(yes)$
1679 {
1680  LISTNAME="SORBS (zombie netblocks)"
1681  LISTRESPONSE="127\.0\.0\.9"
1682  LISTSCORE="3"
1683  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1684 }
1685
1686 LISTSERVER='localhost'
1687 LOCALDESCRIPTION='Null'
1688}
1689
1690INCLUDERC=${SBDIR}/functions/test-threshold.rc
1691
1692:0
1693* ! SBCONFIG ?? ^(Analyze|Debug)$
1694* SPAMTAG ?? ^yes$
1695{ LOCALTAG=yes }
1696
1697# Check third message body IP, if one exists.
1698#
1699:0
1700* LOCALTAG ?? ^no$
1701* LT2 ?? ^(yes)$
1702* ! THIRDBODYIP ?? ^000\.000\.000\.000$
1703* $ ! THIRDBODYIP ?? ${FIRSTBODYIP}
1704* $ ! THIRDBODYIP ?? ${SECONDBODYIP}
1705{
1706 LT5=no
1707 LOCALDESCRIPTION="Body IP:"
1708 LOCALCHECK=${THIRDBODYIP}
1709 LOCALREVCHECK=${THIRDBODYREVIP}
1710 LISTSERVER="dnsbl.sorbs.net"
1711
1712 :0
1713 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` }
1714
1715 :0
1716 * SORBSPROXYCHECK ?? ^(yes)$
1717 {
1718  LISTNAME="SORBS (open proxies)"
1719  LISTRESPONSE="127\.0\.0\.(2|3|4)"
1720  LISTSCORE="4"
1721  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1722 }
1723
1724 :0
1725 * SORBSSPAMCHECK ?? ^(yes)$
1726 {
1727  LISTNAME="SORBS (spam sources)"
1728  LISTRESPONSE="127\.0\.0\.6"
1729  LISTSCORE="3"
1730  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1731 }
1732
1733 :0
1734 * SORBSZOMBIECHECK ?? ^(yes)$
1735 {
1736  LISTNAME="SORBS (zombie netblocks)"
1737  LISTRESPONSE="127\.0\.0\.9"
1738  LISTSCORE="3"
1739  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1740 }
1741
1742 LISTSERVER='localhost'
1743 LOCALDESCRIPTION='Null'
1744}
1745
1746INCLUDERC=${SBDIR}/functions/test-threshold.rc
1747
1748:0
1749* ! SBCONFIG ?? ^(Analyze|Debug)$
1750* SPAMTAG ?? ^yes$
1751{ LOCALTAG=yes }
1752
1753# Check fourth message body IP, if one exists.
1754#
1755:0
1756* LOCALTAG ?? ^no$
1757* LT2 ?? ^(yes)$
1758* ! FOURTHBODYIP ?? ^000\.000\.000\.000$
1759* $ ! FOURTHBODYIP ?? ${FIRSTBODYIP}
1760* $ ! FOURTHBODYIP ?? ${SECONDBODYIP}
1761* $ ! FOURTHBODYIP ?? ${THIRDBODYIP}
1762{
1763 LT5=no
1764 LOCALDESCRIPTION="Body IP:"
1765 LOCALCHECK=${FOURTHBODYIP}
1766 LOCALREVCHECK=${FOURTHBODYREVIP}
1767 LISTSERVER="dnsbl.sorbs.net"
1768
1769 :0
1770 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` }
1771
1772 :0
1773 * SORBSPROXYCHECK ?? ^(yes)$
1774 {
1775  LISTNAME="SORBS (open proxies)"
1776  LISTRESPONSE="127\.0\.0\.(2|3|4)"
1777  LISTSCORE="4"
1778  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1779 }
1780
1781 :0
1782 * SORBSSPAMCHECK ?? ^(yes)$
1783 {
1784  LISTNAME="SORBS (spam sources)"
1785  LISTRESPONSE="127\.0\.0\.6"
1786  LISTSCORE="3"
1787  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1788 }
1789
1790 :0
1791 * SORBSZOMBIECHECK ?? ^(yes)$
1792 {
1793  LISTNAME="SORBS (zombie netblocks)"
1794  LISTRESPONSE="127\.0\.0\.9"
1795  LISTSCORE="3"
1796  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1797 }
1798
1799 LISTSERVER='localhost'
1800 LOCALDESCRIPTION='Null'
1801}
1802
1803INCLUDERC=${SBDIR}/functions/test-threshold.rc
1804
1805:0
1806* ! SBCONFIG ?? ^(Analyze|Debug)$
1807* SPAMTAG ?? ^yes$
1808{ LOCALTAG=yes }
1809
1810# Check fifth message body IP, if one exists.
1811#
1812:0
1813* LOCALTAG ?? ^no$
1814* LT2 ?? ^(yes)$
1815* ! FIFTHBODYIP ?? ^000\.000\.000\.000$
1816* $ ! FIFTHBODYIP ?? ${FIRSTBODYIP}
1817* $ ! FIFTHBODYIP ?? ${SECONDBODYIP}
1818* $ ! FIFTHBODYIP ?? ${THIRDBODYIP}
1819* $ ! FIFTHBODYIP ?? ${FOURTHBODYIP}
1820{
1821 LT5=no
1822 LOCALDESCRIPTION="Body IP:"
1823 LOCALCHECK=${FIFTHBODYIP}
1824 LOCALREVCHECK=${FIFTHBODYREVIP}
1825 LISTSERVER="dnsbl.sorbs.net"
1826
1827 :0
1828 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` }
1829
1830 :0
1831 * SORBSPROXYCHECK ?? ^(yes)$
1832 {
1833  LISTNAME="SORBS (open proxies)"
1834  LISTRESPONSE="127\.0\.0\.(2|3|4)"
1835  LISTSCORE="4"
1836  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1837 }
1838
1839 :0
1840 * SORBSSPAMCHECK ?? ^(yes)$
1841 {
1842  LISTNAME="SORBS (spam sources)"
1843  LISTRESPONSE="127\.0\.0\.6"
1844  LISTSCORE="3"
1845  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1846 }
1847
1848 :0
1849 * SORBSZOMBIECHECK ?? ^(yes)$
1850 {
1851  LISTNAME="SORBS (zombie netblocks)"
1852  LISTRESPONSE="127\.0\.0\.9"
1853  LISTSCORE="3"
1854  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1855 }
1856
1857 LISTSERVER='localhost'
1858 LOCALDESCRIPTION='Null'
1859}
1860
1861INCLUDERC=${SBDIR}/functions/test-threshold.rc
1862
1863:0
1864* ! SBCONFIG ?? ^(Analyze|Debug)$
1865* SPAMTAG ?? ^yes$
1866{ LOCALTAG=yes }
1867
1868# Check sixth message body IP, if one exists.
1869#
1870:0
1871* LOCALTAG ?? ^no$
1872* LT2 ?? ^(yes)$
1873* ! SIXTHBODYIP ?? ^000\.000\.000\.000$
1874* $ ! SIXTHBODYIP ?? ${FIRSTBODYIP}
1875* $ ! SIXTHBODYIP ?? ${SECONDBODYIP}
1876* $ ! SIXTHBODYIP ?? ${THIRDBODYIP}
1877* $ ! SIXTHBODYIP ?? ${FOURTHBODYIP}
1878* $ ! SIXTHBODYIP ?? ${FIFTHBODYIP}
1879{
1880 LT5=no
1881 LOCALDESCRIPTION="Body IP:"
1882 LOCALCHECK=${SIXTHBODYIP}
1883 LOCALREVCHECK=${SIXTHBODYREVIP}
1884 LISTSERVER="dnsbl.sorbs.net"
1885
1886 :0
1887 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` }
1888
1889 :0
1890 * SORBSPROXYCHECK ?? ^(yes)$
1891 {
1892  LISTNAME="SORBS (open proxies)"
1893  LISTRESPONSE="127\.0\.0\.(2|3|4)"
1894  LISTSCORE="4"
1895  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1896 }
1897
1898 :0
1899 * SORBSSPAMCHECK ?? ^(yes)$
1900 {
1901  LISTNAME="SORBS (spam sources)"
1902  LISTRESPONSE="127\.0\.0\.6"
1903  LISTSCORE="3"
1904  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1905 }
1906
1907 :0
1908 * SORBSZOMBIECHECK ?? ^(yes)$
1909 {
1910  LISTNAME="SORBS (zombie netblocks)"
1911  LISTRESPONSE="127\.0\.0\.9"
1912  LISTSCORE="3"
1913  INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc
1914 }
1915
1916 LISTSERVER='localhost'
1917 LOCALDESCRIPTION='Null'
1918}
1919
1920INCLUDERC=${SBDIR}/functions/test-threshold.rc
1921
1922:0
1923* ! SBCONFIG ?? ^(Analyze|Debug)$
1924* SPAMTAG ?? ^yes$
1925{ LOCALTAG=yes }
1926