1# SB-BLOCKLISTS-BODY.RC 2# 3# SpamBouncer Blocklist Message Body Checks 4# 5# This series of recipes checks IPs and/or domains against 6# the configured blacklists. 7# 8# Last Updated: 3/20/2017 9 10LOCALTAG=no 11 12# Internal "All-In" Blocklist Checks 13# 14# This recipe checks for pseudo-domains that bypass normal 15# DNS and blocks that email. 16# 17 18:0 19* ! FIRSTBODYDOMAIN ?? ^example\.com$ 20* FIRSTBODYDOMAIN ?? ^([0-9a-z������������������������������������]\ 21 [-0-9a-z������������������������������������]*\.)+\ 22 (bit|onion)$ 23{ 24 SBLOG="C3T-${TESTNAME} (Internal All-In: First Body Domain ${FIRSTBODYDOMAIN})" 25 INCLUDERC=${SBDIR}/functions/loglevel.rc 26 27 :0 28 * $ ${LOCALSCORE}^0 29 * 5^0 30 { LOCALSCORE=$= } 31} 32 33INCLUDERC=${SBDIR}/functions/test-threshold.rc 34 35:0 36* ! SBCONFIG ?? ^(Analyze|Debug)$ 37* SPAMTAG ?? ^yes$ 38{ LOCALTAG=yes } 39 40:0 41* ! SECONDBODYDOMAIN ?? ^example\.com$ 42* $ ! SECONDBODYDOMAIN ?? ^${FIRSTBODYDOMAIN}$ 43* SECONDBODYDOMAIN ?? ^([0-9a-z������������������������������������]\ 44 [-0-9a-z������������������������������������]*\.)+\ 45 (bit|onion)$ 46{ 47 SBLOG="C3T-${TESTNAME} (Internal All-In: Second Body Domain ${SECONDBODYDOMAIN})" 48 INCLUDERC=${SBDIR}/functions/loglevel.rc 49 50 :0 51 * $ ${LOCALSCORE}^0 52 * 5^0 53 { LOCALSCORE=$= } 54} 55 56INCLUDERC=${SBDIR}/functions/test-threshold.rc 57 58:0 59* ! SBCONFIG ?? ^(Analyze|Debug)$ 60* SPAMTAG ?? ^yes$ 61{ LOCALTAG=yes } 62 63:0 64* ! THIRDBODYDOMAIN ?? ^example\.com$ 65* $ ! THIRDBODYDOMAIN ?? ^${FIRSTBODYDOMAIN}$ 66* $ ! THIRDBODYDOMAIN ?? ^${SECONDBODYDOMAIN}$ 67* THIRDBODYDOMAIN ?? ^([0-9a-z������������������������������������]\ 68 [-0-9a-z������������������������������������]*\.)+\ 69 (bit|onion)$ 70{ 71 SBLOG="C3T-${TESTNAME} (Internal All-In: Third Body Domain ${THIRDBODYDOMAIN})" 72 INCLUDERC=${SBDIR}/functions/loglevel.rc 73 74 :0 75 * $ ${LOCALSCORE}^0 76 * 5^0 77 { LOCALSCORE=$= } 78} 79 80INCLUDERC=${SBDIR}/functions/test-threshold.rc 81 82:0 83* ! SBCONFIG ?? ^(Analyze|Debug)$ 84* SPAMTAG ?? ^yes$ 85{ LOCALTAG=yes } 86 87:0 88* ! FOURTHBODYDOMAIN ?? ^example\.com$ 89* $ ! FOURTHBODYDOMAIN ?? ^${FIRSTBODYDOMAIN}$ 90* $ ! FOURTHBODYDOMAIN ?? ^${SECONDBODYDOMAIN}$ 91* $ ! FOURTHBODYDOMAIN ?? ^${THIRDBODYDOMAIN}$ 92* FOURTHBODYDOMAIN ?? ^([0-9a-z������������������������������������]\ 93 [-0-9a-z������������������������������������]*\.)+\ 94 (bit|onion)$ 95{ 96 SBLOG="C3T-${TESTNAME} (Internal All-In: Fourth Body Domain ${FOURTHBODYDOMAIN})" 97 INCLUDERC=${SBDIR}/functions/loglevel.rc 98 99 :0 100 * $ ${LOCALSCORE}^0 101 * 5^0 102 { LOCALSCORE=$= } 103} 104 105INCLUDERC=${SBDIR}/functions/test-threshold.rc 106 107:0 108* ! SBCONFIG ?? ^(Analyze|Debug)$ 109* SPAMTAG ?? ^yes$ 110{ LOCALTAG=yes } 111 112# Spamhaus DBL Blocklist 113# 114# Checks the SpamHaus Domains Blocklist (DBL), which uses 115# a different zone than the Spamhaus IP-based blocklists do. 116# That means a separate recipe. 117 118LT2=no 119 120:0 121* DBLCHECK ?? ^yes$ 122{ LT2=yes } 123 124:0 125* DBLREDIRCHECK ?? ^yes$ 126{ LT2=yes } 127 128# Check First URI Domain. 129# 130:0 131* LOCALTAG ?? ^no$ 132* LT2 ?? ^yes$ 133* ! FIRSTBODYDOMAIN ?? ^example\.com$ 134{ 135 LT5=no 136 LOCALDESCRIPTION="Body Domain:" 137 LOCALCHECK=${FIRSTBODYDOMAIN} 138 LISTSERVER="dbl.spamhaus.org" 139 140 :0 141 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 142 143 :0 144 * DBLCHECK ?? ^yes$ 145 { 146 LISTNAME="DBL" 147 LISTRESPONSE="127\.0\.1\.2" 148 LISTSCORE="5" 149 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 150 } 151 152 :0 153 * DBLREDIRCHECK ?? ^yes$ 154 { 155 LISTNAME="DBL (Redirectors)" 156 LISTRESPONSE="127\.0\.1\.3" 157 LISTSCORE="3" 158 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 159 } 160 161 LISTSERVER='localhost' 162 LOCALDESCRIPTION='Null' 163} 164 165INCLUDERC=${SBDIR}/functions/test-threshold.rc 166 167:0 168* ! SBCONFIG ?? ^(Analyze|Debug)$ 169* SPAMTAG ?? ^yes$ 170{ LOCALTAG=yes } 171 172# Check Second URI Domain. 173# 174:0 175* LOCALTAG ?? ^no$ 176* LT2 ?? ^yes$ 177* ! SECONDBODYDOMAIN ?? ^example\.com$ 178* $ ! SECONDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 179{ 180 LT5=no 181 LOCALDESCRIPTION="Body Domain:" 182 LOCALCHECK=${SECONDBODYDOMAIN} 183 LISTSERVER="dbl.spamhaus.org" 184 185 :0 186 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 187 188 :0 189 * DBLCHECK ?? ^yes$ 190 { 191 LISTNAME="DBL" 192 LISTRESPONSE="127\.0\.1\.2" 193 LISTSCORE="5" 194 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 195 } 196 197 :0 198 * DBLREDIRCHECK ?? ^yes$ 199 { 200 LISTNAME="DBL (Redirectors)" 201 LISTRESPONSE="127\.0\.1\.3" 202 LISTSCORE="3" 203 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 204 } 205 206 LISTSERVER='localhost' 207 LOCALDESCRIPTION='Null' 208} 209 210INCLUDERC=${SBDIR}/functions/test-threshold.rc 211 212:0 213* ! SBCONFIG ?? ^(Analyze|Debug)$ 214* SPAMTAG ?? ^yes$ 215{ LOCALTAG=yes } 216 217# Check Third URI Domain. 218# 219:0 220* LOCALTAG ?? ^no$ 221* LT2 ?? ^yes$ 222* ! THIRDBODYDOMAIN ?? ^example\.com$ 223* $ ! THIRDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 224* $ ! THIRDBODYDOMAIN ?? ${SECONDBODYDOMAIN} 225{ 226 LT5=no 227 LOCALDESCRIPTION="Body Domain:" 228 LOCALCHECK=${THIRDBODYDOMAIN} 229 LISTSERVER="dbl.spamhaus.org" 230 231 :0 232 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 233 234 :0 235 * DBLCHECK ?? ^yes$ 236 { 237 LISTNAME="DBL" 238 LISTRESPONSE="127\.0\.1\.2" 239 LISTSCORE="5" 240 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 241 } 242 243 :0 244 * DBLREDIRCHECK ?? ^yes$ 245 { 246 LISTNAME="DBL (Redirectors)" 247 LISTRESPONSE="127\.0\.1\.3" 248 LISTSCORE="3" 249 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 250 } 251 252 LISTSERVER='localhost' 253 LOCALDESCRIPTION='Null' 254} 255 256INCLUDERC=${SBDIR}/functions/test-threshold.rc 257 258:0 259* ! SBCONFIG ?? ^(Analyze|Debug)$ 260* SPAMTAG ?? ^yes$ 261{ LOCALTAG=yes } 262 263# Check Fourth URI Domain. 264# 265:0 266* LOCALTAG ?? ^no$ 267* LT2 ?? ^yes$ 268* ! FOURTHBODYDOMAIN ?? ^example\.com$ 269* $ ! FOURTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 270* $ ! FOURTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 271* $ ! FOURTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 272{ 273 LT5=no 274 LOCALDESCRIPTION="Body Domain:" 275 LOCALCHECK=${FOURTHBODYDOMAIN} 276 LISTSERVER="dbl.spamhaus.org" 277 278 :0 279 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 280 281 :0 282 * DBLCHECK ?? ^yes$ 283 { 284 LISTNAME="DBL" 285 LISTRESPONSE="127\.0\.1\.2" 286 LISTSCORE="5" 287 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 288 } 289 290 :0 291 * DBLREDIRCHECK ?? ^yes$ 292 { 293 LISTNAME="DBL (Redirectors)" 294 LISTRESPONSE="127\.0\.1\.3" 295 LISTSCORE="3" 296 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 297 } 298 299 LISTSERVER='localhost' 300 LOCALDESCRIPTION='Null' 301} 302 303INCLUDERC=${SBDIR}/functions/test-threshold.rc 304 305:0 306* ! SBCONFIG ?? ^(Analyze|Debug)$ 307* SPAMTAG ?? ^yes$ 308{ LOCALTAG=yes } 309 310# Check Fifth URI Domain. 311# 312:0 313* LOCALTAG ?? ^no$ 314* LT2 ?? ^yes$ 315* ! FIFTHBODYDOMAIN ?? ^example\.com$ 316* $ ! FIFTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 317* $ ! FIFTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 318* $ ! FIFTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 319* $ ! FIFTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} 320{ 321 LT5=no 322 LOCALDESCRIPTION="Body Domain:" 323 LOCALCHECK=${FIFTHBODYDOMAIN} 324 LISTSERVER="dbl.spamhaus.org" 325 326 :0 327 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 328 329 :0 330 * DBLCHECK ?? ^yes$ 331 { 332 LISTNAME="DBL" 333 LISTRESPONSE="127\.0\.1\.2" 334 LISTSCORE="5" 335 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 336 } 337 338 :0 339 * DBLREDIRCHECK ?? ^yes$ 340 { 341 LISTNAME="DBL (Redirectors)" 342 LISTRESPONSE="127\.0\.1\.3" 343 LISTSCORE="3" 344 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 345 } 346 347 LISTSERVER='localhost' 348 LOCALDESCRIPTION='Null' 349} 350 351INCLUDERC=${SBDIR}/functions/test-threshold.rc 352 353:0 354* ! SBCONFIG ?? ^(Analyze|Debug)$ 355* SPAMTAG ?? ^yes$ 356{ LOCALTAG=yes } 357 358# Check Sixth URI Domain. 359# 360:0 361* LOCALTAG ?? ^no$ 362* LT2 ?? ^yes$ 363* ! SIXTHBODYDOMAIN ?? ^example\.com$ 364* $ ! SIXTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 365* $ ! SIXTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 366* $ ! SIXTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 367* $ ! SIXTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} 368* $ ! SIXTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN} 369{ 370 LT5=no 371 LOCALDESCRIPTION="Body Domain:" 372 LOCALCHECK=${SIXTHBODYDOMAIN} 373 LISTSERVER="dbl.spamhaus.org" 374 375 :0 376 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 377 378 :0 379 * DBLCHECK ?? ^yes$ 380 { 381 LISTNAME="DBL" 382 LISTRESPONSE="127\.0\.1\.2" 383 LISTSCORE="5" 384 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 385 } 386 387 :0 388 * DBLREDIRCHECK ?? ^yes$ 389 { 390 LISTNAME="DBL (Redirectors)" 391 LISTRESPONSE="127\.0\.1\.3" 392 LISTSCORE="3" 393 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 394 } 395 396 LISTSERVER='localhost' 397 LOCALDESCRIPTION='Null' 398} 399 400INCLUDERC=${SBDIR}/functions/test-threshold.rc 401 402:0 403* ! SBCONFIG ?? ^(Analyze|Debug)$ 404* SPAMTAG ?? ^yes$ 405{ LOCALTAG=yes } 406 407 408# SURBL (Spam URI Realtime Blocklist) 409# 410# The SURBL is designed to be used to check the domains and IPs 411# actually found in the message bodies of spam, not the IPs in 412# headers or the rDNS IPs of the URL hosts in the message bodies. 413# Using it therefore generates less "overhead" on your system 414# than many of the other blocklists. It's also extremely 415# effective. 416 417LT2=no 418 419# Legit/Cracked 420:0 421* SURBLLEGITCHECK ?? ^yes$ 422{ LT2=yes } 423 424# Malware 425:0 426* SURBLMWCHECK ?? ^yes$ 427{ LT2=yes } 428 429# Phish 430:0 431* SURBLPHCHECK ?? ^yes$ 432{ LT2=yes } 433 434# Spam 435:0 436* SURBLSPCHECK ?? ^yes$ 437{ LT2=yes } 438 439# Check first message body domain, if one exists. 440:0 441* LOCALTAG ?? ^no$ 442* LT2 ?? ^yes$ 443* ! FIRSTBODYDOMAIN ?? ^example\.com$ 444{ 445 LT5=no 446 LOCALDESCRIPTION="Body Domain:" 447 LOCALCHECK=${FIRSTBODYDOMAIN} 448 LISTSERVER="multi.surbl.org" 449 450 :0 451 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 452 453 :0 454 * SURBLLEGITCHECK ?? ^yes$ 455 { 456 LISTNAME="SURBL (Legit/Cracked)" 457 LISTRESPONSE="127\.0\.0\.(128|136|144|152|216)" 458 LISTSCORE="3" 459 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 460 } 461 462 :0 463 * SURBLMWCHECK ?? ^yes$ 464 { 465 LISTNAME="SURBL (Malware)" 466 LISTRESPONSE="127\.0\.0\.(16|24|80|144|152|208|216)" 467 LISTSCORE="5" 468 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 469 } 470 471 :0 472 * SURBLPHCHECK ?? ^yes$ 473 { 474 LISTNAME="SURBL (Phish)" 475 LISTRESPONSE="127\.0\.0\.(8|24|72|88|136|144|152|216)" 476 LISTSCORE="5" 477 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 478 } 479 480 :0 481 * SURBLSPCHECK ?? ^yes$ 482 { 483 LISTNAME="SURBL (Spam)" 484 LISTRESPONSE="127\.0\.0\.(64|72|80|88|192|200|208|216)" 485 LISTSCORE="5" 486 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 487 } 488 489 LISTSERVER='localhost' 490 LOCALDESCRIPTION='Null' 491} 492 493INCLUDERC=${SBDIR}/functions/test-threshold.rc 494 495:0 496* ! SBCONFIG ?? ^(Analyze|Debug)$ 497* SPAMTAG ?? ^yes$ 498{ LOCALTAG=yes } 499 500# Check second message body domain, if one exists. 501:0 502* LOCALTAG ?? ^no$ 503* LT2 ?? ^yes$ 504* ! SECONDBODYDOMAIN ?? ^example\.com$ 505* $ ! SECONDBODYDOMAIN ?? ^${FIRSTBODYDOMAIN}$ 506{ 507 LT5=no 508 LOCALDESCRIPTION="Body Domain:" 509 LOCALCHECK=${SECONDBODYDOMAIN} 510 LISTSERVER="multi.surbl.org" 511 512 :0 513 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 514 515 :0 516 * SURBLLEGITCHECK ?? ^yes$ 517 { 518 LISTNAME="SURBL (Legit/Cracked)" 519 LISTRESPONSE="127\.0\.0\.(128|136|144|152|216)" 520 LISTSCORE="3" 521 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 522 } 523 524 :0 525 * SURBLMWCHECK ?? ^yes$ 526 { 527 LISTNAME="SURBL (Malware)" 528 LISTRESPONSE="127\.0\.0\.(16|24|80|144|152|208|216)" 529 LISTSCORE="5" 530 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 531 } 532 533 :0 534 * SURBLPHCHECK ?? ^yes$ 535 { 536 LISTNAME="SURBL (Phish)" 537 LISTRESPONSE="127\.0\.0\.(8|24|72|88|136|144|152|216)" 538 LISTSCORE="5" 539 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 540 } 541 542 :0 543 * SURBLSPCHECK ?? ^yes$ 544 { 545 LISTNAME="SURBL (Spam)" 546 LISTRESPONSE="127\.0\.0\.(64|72|80|88|192|200|208|216)" 547 LISTSCORE="5" 548 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 549 } 550 551 LISTSERVER='localhost' 552 LOCALDESCRIPTION='Null' 553} 554 555INCLUDERC=${SBDIR}/functions/test-threshold.rc 556 557:0 558* ! SBCONFIG ?? ^(Analyze|Debug)$ 559* SPAMTAG ?? ^yes$ 560{ LOCALTAG=yes } 561 562# Check third message body domain, if one exists. 563:0 564* LOCALTAG ?? ^no$ 565* LT2 ?? ^yes$ 566* ! THIRDBODYDOMAIN ?? ^example\.com$ 567* $ ! THIRDBODYDOMAIN ?? ^${FIRSTBODYDOMAIN}$ 568* $ ! THIRDBODYDOMAIN ?? ^${SECONDBODYDOMAIN}$ 569{ 570 LT5=no 571 LOCALDESCRIPTION="Body Domain:" 572 LOCALCHECK=${THIRDBODYDOMAIN} 573 LISTSERVER="multi.surbl.org" 574 575 :0 576 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 577 578 :0 579 * SURBLLEGITCHECK ?? ^yes$ 580 { 581 LISTNAME="SURBL (Legit/Cracked)" 582 LISTRESPONSE="127\.0\.0\.(128|136|144|152|216)" 583 LISTSCORE="3" 584 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 585 } 586 587 :0 588 * SURBLMWCHECK ?? ^yes$ 589 { 590 LISTNAME="SURBL (Malware)" 591 LISTRESPONSE="127\.0\.0\.(16|24|80|144|152|208|216)" 592 LISTSCORE="5" 593 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 594 } 595 596 :0 597 * SURBLPHCHECK ?? ^yes$ 598 { 599 LISTNAME="SURBL (Phish)" 600 LISTRESPONSE="127\.0\.0\.(8|24|72|88|136|144|152|216)" 601 LISTSCORE="5" 602 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 603 } 604 605 :0 606 * SURBLSPCHECK ?? ^yes$ 607 { 608 LISTNAME="SURBL (Spam)" 609 LISTRESPONSE="127\.0\.0\.(64|72|80|88|192|200|208|216)" 610 LISTSCORE="5" 611 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 612 } 613 614 LISTSERVER='localhost' 615 LOCALDESCRIPTION='Null' 616} 617 618INCLUDERC=${SBDIR}/functions/test-threshold.rc 619 620:0 621* ! SBCONFIG ?? ^(Analyze|Debug)$ 622* SPAMTAG ?? ^yes$ 623{ LOCALTAG=yes } 624 625# Check fourth message body domain, if one exists. 626:0 627* LOCALTAG ?? ^no$ 628* LT2 ?? ^yes$ 629* ! FOURTHBODYDOMAIN ?? ^example\.com$ 630* $ ! FOURTHBODYDOMAIN ?? ^${FIRSTBODYDOMAIN}$ 631* $ ! FOURTHBODYDOMAIN ?? ^${SECONDBODYDOMAIN}$ 632* $ ! FOURTHBODYDOMAIN ?? ^${THIRDBODYDOMAIN}$ 633{ 634 LT5=no 635 LOCALDESCRIPTION="Body Domain:" 636 LOCALCHECK=${FOURTHBODYDOMAIN} 637 LISTSERVER="multi.surbl.org" 638 639 :0 640 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 641 642 :0 643 * SURBLLEGITCHECK ?? ^yes$ 644 { 645 LISTNAME="SURBL (Legit/Cracked)" 646 LISTRESPONSE="127\.0\.0\.(128|136|144|152|216)" 647 LISTSCORE="3" 648 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 649 } 650 651 :0 652 * SURBLMWCHECK ?? ^yes$ 653 { 654 LISTNAME="SURBL (Malware)" 655 LISTRESPONSE="127\.0\.0\.(16|24|80|144|152|208|216)" 656 LISTSCORE="5" 657 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 658 } 659 660 :0 661 * SURBLPHCHECK ?? ^yes$ 662 { 663 LISTNAME="SURBL (Phish)" 664 LISTRESPONSE="127\.0\.0\.(8|24|72|88|136|144|152|216)" 665 LISTSCORE="5" 666 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 667 } 668 669 :0 670 * SURBLSPCHECK ?? ^yes$ 671 { 672 LISTNAME="SURBL (Spam)" 673 LISTRESPONSE="127\.0\.0\.(64|72|80|88|192|200|208|216)" 674 LISTSCORE="5" 675 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 676 } 677 678 LISTSERVER='localhost' 679 LOCALDESCRIPTION='Null' 680} 681 682INCLUDERC=${SBDIR}/functions/test-threshold.rc 683 684:0 685* ! SBCONFIG ?? ^(Analyze|Debug)$ 686* SPAMTAG ?? ^yes$ 687{ LOCALTAG=yes } 688 689# Check fifth message body domain, if one exists. 690:0 691* LOCALTAG ?? ^no$ 692* LT2 ?? ^yes$ 693* ! FIFTHBODYDOMAIN ?? ^example\.com$ 694* $ ! FIFTHBODYDOMAIN ?? ^${FIRSTBODYDOMAIN}$ 695* $ ! FIFTHBODYDOMAIN ?? ^${SECONDBODYDOMAIN}$ 696* $ ! FIFTHBODYDOMAIN ?? ^${THIRDBODYDOMAIN}$ 697* $ ! FIFTHBODYDOMAIN ?? ^${FOURTHBODYDOMAIN}$ 698{ 699 LT5=no 700 LOCALDESCRIPTION="Body Domain:" 701 LOCALCHECK=${FIFTHBODYDOMAIN} 702 LISTSERVER="multi.surbl.org" 703 704 :0 705 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 706 707 :0 708 * SURBLLEGITCHECK ?? ^yes$ 709 { 710 LISTNAME="SURBL (Legit/Cracked)" 711 LISTRESPONSE="127\.0\.0\.(128|136|144|152|216)" 712 LISTSCORE="3" 713 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 714 } 715 716 :0 717 * SURBLMWCHECK ?? ^yes$ 718 { 719 LISTNAME="SURBL (Malware)" 720 LISTRESPONSE="127\.0\.0\.(16|24|80|144|152|208|216)" 721 LISTSCORE="5" 722 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 723 } 724 725 :0 726 * SURBLPHCHECK ?? ^yes$ 727 { 728 LISTNAME="SURBL (Phish)" 729 LISTRESPONSE="127\.0\.0\.(8|24|72|88|136|144|152|216)" 730 LISTSCORE="5" 731 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 732 } 733 734 :0 735 * SURBLSPCHECK ?? ^yes$ 736 { 737 LISTNAME="SURBL (Spam)" 738 LISTRESPONSE="127\.0\.0\.(64|72|80|88|192|200|208|216)" 739 LISTSCORE="5" 740 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 741 } 742 743 LISTSERVER='localhost' 744 LOCALDESCRIPTION='Null' 745} 746 747INCLUDERC=${SBDIR}/functions/test-threshold.rc 748 749:0 750* ! SBCONFIG ?? ^(Analyze|Debug)$ 751* SPAMTAG ?? ^yes$ 752{ LOCALTAG=yes } 753 754# Check sixth message body domain, if one exists. 755:0 756* LOCALTAG ?? ^no$ 757* LT2 ?? ^yes$ 758* ! SIXTHBODYDOMAIN ?? ^example\.com$ 759* $ ! SIXTHBODYDOMAIN ?? ^${FIRSTBODYDOMAIN}$ 760* $ ! SIXTHBODYDOMAIN ?? ^${SECONDBODYDOMAIN}$ 761* $ ! SIXTHBODYDOMAIN ?? ^${THIRDBODYDOMAIN}$ 762* $ ! SIXTHBODYDOMAIN ?? ^${FOURTHBODYDOMAIN}$ 763* $ ! SIXTHBODYDOMAIN ?? ^${FIFTHBODYDOMAIN}$ 764{ 765 LT5=no 766 LOCALDESCRIPTION="Body Domain:" 767 LOCALCHECK=${SIXTHBODYDOMAIN} 768 LISTSERVER="multi.surbl.org" 769 770 :0 771 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 772 773 :0 774 * SURBLLEGITCHECK ?? ^yes$ 775 { 776 LISTNAME="SURBL (Legit/Cracked)" 777 LISTRESPONSE="127\.0\.0\.(128|136|144|152|216)" 778 LISTSCORE="3" 779 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 780 } 781 782 :0 783 * SURBLMWCHECK ?? ^yes$ 784 { 785 LISTNAME="SURBL (Malware)" 786 LISTRESPONSE="127\.0\.0\.(16|24|80|144|152|208|216)" 787 LISTSCORE="5" 788 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 789 } 790 791 :0 792 * SURBLPHCHECK ?? ^yes$ 793 { 794 LISTNAME="SURBL (Phish)" 795 LISTRESPONSE="127\.0\.0\.(8|24|72|88|136|144|152|216)" 796 LISTSCORE="5" 797 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 798 } 799 800 :0 801 * SURBLSPCHECK ?? ^yes$ 802 { 803 LISTNAME="SURBL (Spam)" 804 LISTRESPONSE="127\.0\.0\.(64|72|80|88|192|200|208|216)" 805 LISTSCORE="5" 806 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 807 } 808 809 LISTSERVER='localhost' 810 LOCALDESCRIPTION='Null' 811} 812 813INCLUDERC=${SBDIR}/functions/test-threshold.rc 814 815:0 816* ! SBCONFIG ?? ^(Analyze|Debug)$ 817* SPAMTAG ?? ^yes$ 818{ LOCALTAG=yes } 819 820# URIBL Blocklists 821# 822# Blocklists of URI domains and IPs. "Black" should 823# have no false positives. (It sometimes does, but they're 824# delisted quickly.) "Grey" lists domains and IPs that send 825# spam, but also send a significant amount of non-spam email. 826# "Red" lists domains that share nameservers with one or more 827# domains listed in "Black". 828 829LT2=no 830 831:0 832* URIBLCHECK ?? ^yes$ 833{ LT2=yes } 834 835:0 836* URIBLGREYCHECK ?? ^yes$ 837{ LT2=yes } 838 839:0 840* URIBLREDCHECK ?? ^yes$ 841{ LT2=yes } 842 843# Check first message body domain, if one exists. 844# 845:0 846* LOCALTAG ?? ^no$ 847* LT2 ?? ^yes$ 848* ! FIRSTBODYDOMAIN ?? ^example\.com$ 849{ 850 LT5=no 851 LOCALDESCRIPTION="Body Domain:" 852 LOCALCHECK=${FIRSTBODYDOMAIN} 853 LISTSERVER="multi.uribl.com" 854 855 :0 856 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 857 858 :0 859 * URIBLCHECK ?? ^yes$ 860 { 861 LISTNAME="URIBL (Black)" 862 LISTRESPONSE="127\.0\.0\.2" 863 LISTSCORE="4" 864 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 865 } 866 867 :0 868 * URIBLGREYCHECK ?? ^yes$ 869 { 870 LISTNAME="URIBL (Grey)" 871 LISTRESPONSE="127\.0\.0\.4" 872 LISTSCORE="2" 873 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 874 } 875 876 :0 877 * URIBLREDCHECK ?? ^yes$ 878 { 879 LISTNAME="URIBL (Red)" 880 LISTRESPONSE="127\.0\.0\.8" 881 LISTSCORE="3" 882 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 883 } 884 885 LISTSERVER='localhost' 886 LOCALDESCRIPTION='Null' 887} 888 889INCLUDERC=${SBDIR}/functions/test-threshold.rc 890 891:0 892* ! SBCONFIG ?? ^(Analyze|Debug)$ 893* SPAMTAG ?? ^yes$ 894{ LOCALTAG=yes } 895 896# Check second message body domain, if one exists. 897# 898:0 899* LOCALTAG ?? ^no$ 900* LT2 ?? ^yes$ 901* ! SECONDBODYDOMAIN ?? ^example\.com$ 902* $ ! SECONDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 903{ 904 LT5=no 905 LOCALDESCRIPTION="Body Domain:" 906 LOCALCHECK=${SECONDBODYDOMAIN} 907 LISTSERVER="multi.uribl.com" 908 909 :0 910 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 911 912 :0 913 * URIBLCHECK ?? ^yes$ 914 { 915 LISTNAME="URIBL (Black)" 916 LISTRESPONSE="127\.0\.0\.2" 917 LISTSCORE="4" 918 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 919 } 920 921 :0 922 * URIBLGREYCHECK ?? ^yes$ 923 { 924 LISTNAME="URIBL (Grey)" 925 LISTRESPONSE="127\.0\.0\.4" 926 LISTSCORE="2" 927 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 928 } 929 930 :0 931 * URIBLREDCHECK ?? ^yes$ 932 { 933 LISTNAME="URIBL (Red)" 934 LISTRESPONSE="127\.0\.0\.8" 935 LISTSCORE="3" 936 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 937 } 938 939 LISTSERVER='localhost' 940 LOCALDESCRIPTION='Null' 941} 942 943INCLUDERC=${SBDIR}/functions/test-threshold.rc 944 945:0 946* ! SBCONFIG ?? ^(Analyze|Debug)$ 947* SPAMTAG ?? ^yes$ 948{ LOCALTAG=yes } 949 950# Check third message body domain, if one exists. 951# 952:0 953* LOCALTAG ?? ^no$ 954* LT2 ?? ^yes$ 955* ! THIRDBODYDOMAIN ?? ^example\.com$ 956* $ ! THIRDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 957* $ ! THIRDBODYDOMAIN ?? ${SECONDBODYDOMAIN} 958{ 959 LT5=no 960 LOCALDESCRIPTION="Body Domain:" 961 LOCALCHECK=${THIRDBODYDOMAIN} 962 LISTSERVER="multi.uribl.com" 963 964 :0 965 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 966 967 :0 968 * URIBLCHECK ?? ^yes$ 969 { 970 LISTNAME="URIBL (Black)" 971 LISTRESPONSE="127\.0\.0\.2" 972 LISTSCORE="4" 973 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 974 } 975 976 :0 977 * URIBLGREYCHECK ?? ^yes$ 978 { 979 LISTNAME="URIBL (Grey)" 980 LISTRESPONSE="127\.0\.0\.4" 981 LISTSCORE="2" 982 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 983 } 984 985 :0 986 * URIBLREDCHECK ?? ^yes$ 987 { 988 LISTNAME="URIBL (Red)" 989 LISTRESPONSE="127\.0\.0\.8" 990 LISTSCORE="3" 991 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 992 } 993 994 LISTSERVER='localhost' 995 LOCALDESCRIPTION='Null' 996} 997 998INCLUDERC=${SBDIR}/functions/test-threshold.rc 999 1000:0 1001* ! SBCONFIG ?? ^(Analyze|Debug)$ 1002* SPAMTAG ?? ^yes$ 1003{ LOCALTAG=yes } 1004 1005# Check fourth message body domain, if one exists. 1006# 1007:0 1008* LOCALTAG ?? ^no$ 1009* LT2 ?? ^yes$ 1010* ! FOURTHBODYDOMAIN ?? ^example\.com$ 1011* $ ! FOURTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 1012* $ ! FOURTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 1013* $ ! FOURTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 1014{ 1015 LT5=no 1016 LOCALDESCRIPTION="Body Domain:" 1017 LOCALCHECK=${FOURTHBODYDOMAIN} 1018 LISTSERVER="multi.uribl.com" 1019 1020 :0 1021 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 1022 1023 :0 1024 * URIBLCHECK ?? ^yes$ 1025 { 1026 LISTNAME="URIBL (Black)" 1027 LISTRESPONSE="127\.0\.0\.2" 1028 LISTSCORE="4" 1029 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 1030 } 1031 1032 :0 1033 * URIBLGREYCHECK ?? ^yes$ 1034 { 1035 LISTNAME="URIBL (Grey)" 1036 LISTRESPONSE="127\.0\.0\.4" 1037 LISTSCORE="2" 1038 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 1039 } 1040 1041 :0 1042 * URIBLREDCHECK ?? ^yes$ 1043 { 1044 LISTNAME="URIBL (Red)" 1045 LISTRESPONSE="127\.0\.0\.8" 1046 LISTSCORE="3" 1047 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 1048 } 1049 1050 LISTSERVER='localhost' 1051 LOCALDESCRIPTION='Null' 1052} 1053 1054INCLUDERC=${SBDIR}/functions/test-threshold.rc 1055 1056:0 1057* ! SBCONFIG ?? ^(Analyze|Debug)$ 1058* SPAMTAG ?? ^yes$ 1059{ LOCALTAG=yes } 1060 1061# Check fifth message body domain, if one exists. 1062# 1063:0 1064* LOCALTAG ?? ^no$ 1065* LT2 ?? ^yes$ 1066* ! FIFTHBODYDOMAIN ?? ^example\.com$ 1067* $ ! FIFTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 1068* $ ! FIFTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 1069* $ ! FIFTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 1070* $ ! FIFTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} 1071{ 1072 LT5=no 1073 LOCALDESCRIPTION="Body Domain:" 1074 LOCALCHECK=${FIFTHBODYDOMAIN} 1075 LISTSERVER="multi.uribl.com" 1076 1077 :0 1078 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 1079 1080 :0 1081 * URIBLCHECK ?? ^yes$ 1082 { 1083 LISTNAME="URIBL (Black)" 1084 LISTRESPONSE="127\.0\.0\.2" 1085 LISTSCORE="4" 1086 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 1087 } 1088 1089 :0 1090 * URIBLGREYCHECK ?? ^yes$ 1091 { 1092 LISTNAME="URIBL (Grey)" 1093 LISTRESPONSE="127\.0\.0\.4" 1094 LISTSCORE="2" 1095 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 1096 } 1097 1098 :0 1099 * URIBLREDCHECK ?? ^yes$ 1100 { 1101 LISTNAME="URIBL (Red)" 1102 LISTRESPONSE="127\.0\.0\.8" 1103 LISTSCORE="3" 1104 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 1105 } 1106 1107 LISTSERVER='localhost' 1108 LOCALDESCRIPTION='Null' 1109} 1110 1111INCLUDERC=${SBDIR}/functions/test-threshold.rc 1112 1113:0 1114* ! SBCONFIG ?? ^(Analyze|Debug)$ 1115* SPAMTAG ?? ^yes$ 1116{ LOCALTAG=yes } 1117 1118# Check sixth message body domain, if one exists. 1119# 1120:0 1121* LOCALTAG ?? ^no$ 1122* LT2 ?? ^yes$ 1123* ! SIXTHBODYDOMAIN ?? ^example\.com$ 1124* $ ! SIXTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 1125* $ ! SIXTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 1126* $ ! SIXTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 1127* $ ! SIXTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} 1128* $ ! SIXTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN} 1129{ 1130 LT5=no 1131 LOCALDESCRIPTION="Body Domain:" 1132 LOCALCHECK=${SIXTHBODYDOMAIN} 1133 LISTSERVER="multi.uribl.com" 1134 1135 :0 1136 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 1137 1138 :0 1139 * URIBLCHECK ?? ^yes$ 1140 { 1141 LISTNAME="URIBL (Black)" 1142 LISTRESPONSE="127\.0\.0\.2" 1143 LISTSCORE="4" 1144 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 1145 } 1146 1147 :0 1148 * URIBLGREYCHECK ?? ^yes$ 1149 { 1150 LISTNAME="URIBL (Grey)" 1151 LISTRESPONSE="127\.0\.0\.4" 1152 LISTSCORE="2" 1153 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 1154 } 1155 1156 :0 1157 * URIBLREDCHECK ?? ^yes$ 1158 { 1159 LISTNAME="URIBL (Red)" 1160 LISTRESPONSE="127\.0\.0\.8" 1161 LISTSCORE="3" 1162 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 1163 } 1164 1165 LISTSERVER='localhost' 1166 LOCALDESCRIPTION='Null' 1167} 1168 1169INCLUDERC=${SBDIR}/functions/test-threshold.rc 1170 1171:0 1172* ! SBCONFIG ?? ^(Analyze|Debug)$ 1173* SPAMTAG ?? ^yes$ 1174{ LOCALTAG=yes } 1175 1176# SpamHaus IP-based Blocklist Checks 1177# 1178# This recipe checks all of the Spamhaus IP-based blocklists. 1179 1180LT2=no 1181 1182:0 1183* SBLCHECK ?? ^yes$ 1184{ LT2=yes } 1185 1186:0 1187* CSSCHECK ?? ^yes$ 1188{ LT2=yes } 1189 1190:0 1191* XBLCHECK ?? ^(CBL|ALL)$ 1192{ LT2=yes } 1193 1194# Check first message body IP, if exists. 1195:0 1196* LOCALTAG ?? ^no$ 1197* LT2 ?? ^(yes)$ 1198* ! FIRSTBODYIP ?? ^000\.000\.000\.000$ 1199{ 1200 LT5=no 1201 LOCALDESCRIPTION="Body IP:" 1202 LOCALCHECK=${FIRSTBODYIP} 1203 LOCALREVCHECK=${FIRSTBODYREVIP} 1204 LISTSERVER="zen.spamhaus.org" 1205 1206 :0 1207 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 1208 1209 :0 1210 * SBLCHECK ?? ^(yes)$ 1211 { 1212 LISTNAME="the SBL" 1213 LISTRESPONSE="127\.0\.0\.2" 1214 LISTSCORE="5" 1215 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1216 } 1217 1218 :0 1219 * CSSCHECK ?? ^(yes)$ 1220 { 1221 LISTNAME="the CSS" 1222 LISTRESPONSE="127\.0\.0\.3" 1223 LISTSCORE="5" 1224 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1225 } 1226 1227 :0 1228 * XBLCHECK ?? ^(CBL|ALL)$ 1229 { 1230 LISTNAME="the XBL (CBL)" 1231 LISTRESPONSE="127\.0\.0\.4" 1232 LISTSCORE="3" 1233 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1234 } 1235 1236 LISTSERVER='localhost' 1237 LOCALDESCRIPTION='Null' 1238} 1239 1240INCLUDERC=${SBDIR}/functions/test-threshold.rc 1241 1242:0 1243* ! SBCONFIG ?? ^(Analyze|Debug)$ 1244* SPAMTAG ?? ^yes$ 1245{ LOCALTAG=yes } 1246 1247# Check second message body IP, if exists. 1248:0 1249* LOCALTAG ?? ^no$ 1250* LT2 ?? ^(yes)$ 1251* ! SECONDBODYIP ?? ^000\.000\.000\.000$ 1252* $ ! SECONDBODYIP ?? ${FIRSTBODYIP} 1253{ 1254 LT5=no 1255 LOCALDESCRIPTION="Body IP:" 1256 LOCALCHECK=${SECONDBODYIP} 1257 LOCALREVCHECK=${SECONDBODYREVIP} 1258 LISTSERVER="zen.spamhaus.org" 1259 1260 :0 1261 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 1262 1263 :0 1264 * SBLCHECK ?? ^(yes)$ 1265 { 1266 LISTNAME="the SBL" 1267 LISTRESPONSE="127\.0\.0\.2" 1268 LISTSCORE="5" 1269 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1270 } 1271 1272 :0 1273 * CSSCHECK ?? ^(yes)$ 1274 { 1275 LISTNAME="the CSS" 1276 LISTRESPONSE="127\.0\.0\.3" 1277 LISTSCORE="5" 1278 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1279 } 1280 1281 :0 1282 * XBLCHECK ?? ^(CBL|ALL)$ 1283 { 1284 LISTNAME="the XBL (CBL)" 1285 LISTRESPONSE="127\.0\.0\.4" 1286 LISTSCORE="3" 1287 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1288 } 1289 1290 LISTSERVER='localhost' 1291 LOCALDESCRIPTION='Null' 1292} 1293 1294INCLUDERC=${SBDIR}/functions/test-threshold.rc 1295 1296:0 1297* ! SBCONFIG ?? ^(Analyze|Debug)$ 1298* SPAMTAG ?? ^yes$ 1299{ LOCALTAG=yes } 1300 1301# Check third message body IP, if exists. 1302:0 1303* LOCALTAG ?? ^no$ 1304* LT2 ?? ^(yes)$ 1305* ! THIRDBODYIP ?? ^000\.000\.000\.000$ 1306* $ ! THIRDBODYIP ?? ${FIRSTBODYIP} 1307* $ ! THIRDBODYIP ?? ${SECONDBODYIP} 1308{ 1309 LT5=no 1310 LOCALDESCRIPTION="Body IP:" 1311 LOCALCHECK=${THIRDBODYIP} 1312 LOCALREVCHECK=${THIRDBODYREVIP} 1313 LISTSERVER="zen.spamhaus.org" 1314 1315 :0 1316 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 1317 1318 :0 1319 * SBLCHECK ?? ^(yes)$ 1320 { 1321 LISTNAME="the SBL" 1322 LISTRESPONSE="127\.0\.0\.2" 1323 LISTSCORE="5" 1324 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1325 } 1326 1327 :0 1328 * CSSCHECK ?? ^(yes)$ 1329 { 1330 LISTNAME="the CSS" 1331 LISTRESPONSE="127\.0\.0\.3" 1332 LISTSCORE="5" 1333 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1334 } 1335 1336 :0 1337 * XBLCHECK ?? ^(CBL|ALL)$ 1338 { 1339 LISTNAME="the XBL (CBL)" 1340 LISTRESPONSE="127\.0\.0\.4" 1341 LISTSCORE="3" 1342 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1343 } 1344 1345 LISTSERVER='localhost' 1346 LOCALDESCRIPTION='Null' 1347} 1348 1349INCLUDERC=${SBDIR}/functions/test-threshold.rc 1350 1351:0 1352* ! SBCONFIG ?? ^(Analyze|Debug)$ 1353* SPAMTAG ?? ^yes$ 1354{ LOCALTAG=yes } 1355 1356# Check fourth message body IP, if exists. 1357# 1358:0 1359* LOCALTAG ?? ^no$ 1360* LT2 ?? ^(yes)$ 1361* ! FOURTHBODYIP ?? ^000\.000\.000\.000$ 1362* $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} 1363* $ ! FOURTHBODYIP ?? ${SECONDBODYIP} 1364* $ ! FOURTHBODYIP ?? ${THIRDBODYIP} 1365{ 1366 LT5=no 1367 LOCALDESCRIPTION="Body IP:" 1368 LOCALCHECK=${FOURTHBODYIP} 1369 LOCALREVCHECK=${FOURTHBODYREVIP} 1370 LISTSERVER="zen.spamhaus.org" 1371 1372 :0 1373 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 1374 1375 :0 1376 * SBLCHECK ?? ^(yes)$ 1377 { 1378 LISTNAME="the SBL" 1379 LISTRESPONSE="127\.0\.0\.2" 1380 LISTSCORE="5" 1381 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1382 } 1383 1384 :0 1385 * CSSCHECK ?? ^(yes)$ 1386 { 1387 LISTNAME="the CSS" 1388 LISTRESPONSE="127\.0\.0\.3" 1389 LISTSCORE="5" 1390 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1391 } 1392 1393 :0 1394 * XBLCHECK ?? ^(CBL|ALL)$ 1395 { 1396 LISTNAME="the XBL (CBL)" 1397 LISTRESPONSE="127\.0\.0\.4" 1398 LISTSCORE="3" 1399 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1400 } 1401 1402 LISTSERVER='localhost' 1403 LOCALDESCRIPTION='Null' 1404} 1405 1406INCLUDERC=${SBDIR}/functions/test-threshold.rc 1407 1408:0 1409* ! SBCONFIG ?? ^(Analyze|Debug)$ 1410* SPAMTAG ?? ^yes$ 1411{ LOCALTAG=yes } 1412 1413# Check fifth message body IP, if exists. 1414# 1415:0 1416* LOCALTAG ?? ^no$ 1417* LT2 ?? ^(yes)$ 1418* ! FIFTHBODYIP ?? ^000\.000\.000\.000$ 1419* $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} 1420* $ ! FIFTHBODYIP ?? ${SECONDBODYIP} 1421* $ ! FIFTHBODYIP ?? ${THIRDBODYIP} 1422* $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} 1423{ 1424 LT5=no 1425 LOCALDESCRIPTION="Body IP:" 1426 LOCALCHECK=${FIFTHBODYIP} 1427 LOCALREVCHECK=${FIFTHBODYREVIP} 1428 LISTSERVER="zen.spamhaus.org" 1429 1430 :0 1431 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 1432 1433 :0 1434 * SBLCHECK ?? ^(yes)$ 1435 { 1436 LISTNAME="the SBL" 1437 LISTRESPONSE="127\.0\.0\.2" 1438 LISTSCORE="5" 1439 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1440 } 1441 1442 :0 1443 * CSSCHECK ?? ^(yes)$ 1444 { 1445 LISTNAME="the CSS" 1446 LISTRESPONSE="127\.0\.0\.3" 1447 LISTSCORE="5" 1448 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1449 } 1450 1451 :0 1452 * XBLCHECK ?? ^(CBL|ALL)$ 1453 { 1454 LISTNAME="the XBL (CBL)" 1455 LISTRESPONSE="127\.0\.0\.4" 1456 LISTSCORE="3" 1457 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1458 } 1459 1460 LISTSERVER='localhost' 1461 LOCALDESCRIPTION='Null' 1462} 1463 1464INCLUDERC=${SBDIR}/functions/test-threshold.rc 1465 1466:0 1467* ! SBCONFIG ?? ^(Analyze|Debug)$ 1468* SPAMTAG ?? ^yes$ 1469{ LOCALTAG=yes } 1470 1471# Check sixth message body IP, if exists. 1472# 1473:0 1474* LOCALTAG ?? ^no$ 1475* LT2 ?? ^(yes)$ 1476* ! SIXTHBODYIP ?? ^000\.000\.000\.000$ 1477* $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} 1478* $ ! SIXTHBODYIP ?? ${SECONDBODYIP} 1479* $ ! SIXTHBODYIP ?? ${THIRDBODYIP} 1480* $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} 1481* $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} 1482{ 1483 LT5=no 1484 LOCALDESCRIPTION="Body IP:" 1485 LOCALCHECK=${SIXTHBODYIP} 1486 LOCALREVCHECK=${SIXTHBODYREVIP} 1487 LISTSERVER="zen.spamhaus.org" 1488 1489 :0 1490 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 1491 1492 :0 1493 * SBLCHECK ?? ^(yes)$ 1494 { 1495 LISTNAME="the SBL" 1496 LISTRESPONSE="127\.0\.0\.2" 1497 LISTSCORE="5" 1498 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1499 } 1500 1501 :0 1502 * CSSCHECK ?? ^(yes)$ 1503 { 1504 LISTNAME="the CSS" 1505 LISTRESPONSE="127\.0\.0\.3" 1506 LISTSCORE="5" 1507 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1508 } 1509 1510 :0 1511 * XBLCHECK ?? ^(CBL|ALL)$ 1512 { 1513 LISTNAME="the XBL (CBL)" 1514 LISTRESPONSE="127\.0\.0\.4" 1515 LISTSCORE="3" 1516 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1517 } 1518 1519 LISTSERVER='localhost' 1520 LOCALDESCRIPTION='Null' 1521} 1522 1523INCLUDERC=${SBDIR}/functions/test-threshold.rc 1524 1525:0 1526* ! SBCONFIG ?? ^(Analyze|Debug)$ 1527* SPAMTAG ?? ^yes$ 1528{ LOCALTAG=yes } 1529 1530# MSBL EBL 1531# 1532# Checks message body email addresses agains 1533# the MSBL Email Blocklist. 1534:0 1535* LOCALTAG ?? ^no$ 1536* EBLCHECK ?? ^(yes)$ 1537* ! FIRSTBODYEHASH ?? ^NULL$ 1538* $ ! FIRSTBODYEMAIL ?? ^${FROMEMAIL}$ 1539* $ ! FIRSTBODYEMAIL ?? ^${REPLYTOEMAIL}$ 1540{ 1541 LT5=no 1542 LOCALDESCRIPTION="Body Email:" 1543 LOCALCHECK=${FIRSTBODYEHASH} 1544 LOCALCHK2="${FIRSTBODYEMAIL}" 1545 LISTSERVER="ebl.msbl.org" 1546 1547 :0 1548 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 1549 1550 :0 1551 * EBLCHECK ?? ^(yes)$ 1552 { 1553 LISTNAME="the EBL" 1554 LISTRESPONSE="127\.0\.0\.2" 1555 LISTSCORE="5" 1556 INCLUDERC=${SBDIR}/functions/hashbl-sub.rc 1557 } 1558 1559 LISTSERVER='localhost' 1560 LOCALDESCRIPTION='Null' 1561} 1562 1563INCLUDERC=${SBDIR}/functions/test-threshold.rc 1564 1565:0 1566* ! SBCONFIG ?? ^(Analyze|Debug)$ 1567* SPAMTAG ?? ^yes$ 1568{ LOCALTAG=yes } 1569 1570# SORBS Checks 1571# 1572# Checks message body IPs against appropriate SORBS lists. 1573 1574LT2=no 1575 1576:0 1577* SORBSPROXYCHECK ?? ^yes$ 1578{ LT2=yes } 1579 1580:0 1581* SORBSSPAMCHECK ?? ^yes$ 1582{ LT2=yes } 1583 1584:0 1585* SORBSZOMBIECHECK ?? ^yes$ 1586{ LT2=yes } 1587 1588# Check first message body IP, if one exists. 1589# 1590:0 1591* LOCALTAG ?? ^no$ 1592* LT2 ?? ^(yes)$ 1593* ! FIRSTBODYIP ?? ^000\.000\.000\.000$ 1594{ 1595 LT5=no 1596 LOCALDESCRIPTION="Body IP:" 1597 LOCALCHECK=${FIRSTBODYIP} 1598 LOCALREVCHECK=${FIRSTBODYREVIP} 1599 LISTSERVER="dnsbl.sorbs.net" 1600 1601 :0 1602 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 1603 1604 :0 1605 * SORBSPROXYCHECK ?? ^(yes)$ 1606 { 1607 LISTNAME="SORBS (open proxies)" 1608 LISTRESPONSE="127\.0\.0\.(2|3|4)" 1609 LISTSCORE="4" 1610 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1611 } 1612 1613 :0 1614 * SORBSSPAMCHECK ?? ^(yes)$ 1615 { 1616 LISTNAME="SORBS (spam sources)" 1617 LISTRESPONSE="127\.0\.0\.6" 1618 LISTSCORE="3" 1619 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1620 } 1621 1622 :0 1623 * SORBSZOMBIECHECK ?? ^(yes)$ 1624 { 1625 LISTNAME="SORBS (zombie netblocks)" 1626 LISTRESPONSE="127\.0\.0\.9" 1627 LISTSCORE="3" 1628 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1629 } 1630 1631 LISTSERVER='localhost' 1632 LOCALDESCRIPTION='Null' 1633} 1634 1635INCLUDERC=${SBDIR}/functions/test-threshold.rc 1636 1637:0 1638* ! SBCONFIG ?? ^(Analyze|Debug)$ 1639* SPAMTAG ?? ^yes$ 1640{ LOCALTAG=yes } 1641 1642# Check second message body IP, if one exists. 1643# 1644:0 1645* LOCALTAG ?? ^no$ 1646* LT2 ?? ^(yes)$ 1647* ! SECONDBODYIP ?? ^000\.000\.000\.000$ 1648* $ ! SECONDBODYIP ?? ${FIRSTBODYIP} 1649{ 1650 LT5=no 1651 LOCALDESCRIPTION="Body IP:" 1652 LOCALCHECK=${SECONDBODYIP} 1653 LOCALREVCHECK=${SECONDBODYREVIP} 1654 LISTSERVER="dnsbl.sorbs.net" 1655 1656 :0 1657 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 1658 1659 :0 1660 * SORBSPROXYCHECK ?? ^(yes)$ 1661 { 1662 LISTNAME="SORBS (open proxies)" 1663 LISTRESPONSE="127\.0\.0\.(2|3|4)" 1664 LISTSCORE="4" 1665 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1666 } 1667 1668 :0 1669 * SORBSSPAMCHECK ?? ^(yes)$ 1670 { 1671 LISTNAME="SORBS (spam sources)" 1672 LISTRESPONSE="127\.0\.0\.6" 1673 LISTSCORE="3" 1674 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1675 } 1676 1677 :0 1678 * SORBSZOMBIECHECK ?? ^(yes)$ 1679 { 1680 LISTNAME="SORBS (zombie netblocks)" 1681 LISTRESPONSE="127\.0\.0\.9" 1682 LISTSCORE="3" 1683 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1684 } 1685 1686 LISTSERVER='localhost' 1687 LOCALDESCRIPTION='Null' 1688} 1689 1690INCLUDERC=${SBDIR}/functions/test-threshold.rc 1691 1692:0 1693* ! SBCONFIG ?? ^(Analyze|Debug)$ 1694* SPAMTAG ?? ^yes$ 1695{ LOCALTAG=yes } 1696 1697# Check third message body IP, if one exists. 1698# 1699:0 1700* LOCALTAG ?? ^no$ 1701* LT2 ?? ^(yes)$ 1702* ! THIRDBODYIP ?? ^000\.000\.000\.000$ 1703* $ ! THIRDBODYIP ?? ${FIRSTBODYIP} 1704* $ ! THIRDBODYIP ?? ${SECONDBODYIP} 1705{ 1706 LT5=no 1707 LOCALDESCRIPTION="Body IP:" 1708 LOCALCHECK=${THIRDBODYIP} 1709 LOCALREVCHECK=${THIRDBODYREVIP} 1710 LISTSERVER="dnsbl.sorbs.net" 1711 1712 :0 1713 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 1714 1715 :0 1716 * SORBSPROXYCHECK ?? ^(yes)$ 1717 { 1718 LISTNAME="SORBS (open proxies)" 1719 LISTRESPONSE="127\.0\.0\.(2|3|4)" 1720 LISTSCORE="4" 1721 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1722 } 1723 1724 :0 1725 * SORBSSPAMCHECK ?? ^(yes)$ 1726 { 1727 LISTNAME="SORBS (spam sources)" 1728 LISTRESPONSE="127\.0\.0\.6" 1729 LISTSCORE="3" 1730 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1731 } 1732 1733 :0 1734 * SORBSZOMBIECHECK ?? ^(yes)$ 1735 { 1736 LISTNAME="SORBS (zombie netblocks)" 1737 LISTRESPONSE="127\.0\.0\.9" 1738 LISTSCORE="3" 1739 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1740 } 1741 1742 LISTSERVER='localhost' 1743 LOCALDESCRIPTION='Null' 1744} 1745 1746INCLUDERC=${SBDIR}/functions/test-threshold.rc 1747 1748:0 1749* ! SBCONFIG ?? ^(Analyze|Debug)$ 1750* SPAMTAG ?? ^yes$ 1751{ LOCALTAG=yes } 1752 1753# Check fourth message body IP, if one exists. 1754# 1755:0 1756* LOCALTAG ?? ^no$ 1757* LT2 ?? ^(yes)$ 1758* ! FOURTHBODYIP ?? ^000\.000\.000\.000$ 1759* $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} 1760* $ ! FOURTHBODYIP ?? ${SECONDBODYIP} 1761* $ ! FOURTHBODYIP ?? ${THIRDBODYIP} 1762{ 1763 LT5=no 1764 LOCALDESCRIPTION="Body IP:" 1765 LOCALCHECK=${FOURTHBODYIP} 1766 LOCALREVCHECK=${FOURTHBODYREVIP} 1767 LISTSERVER="dnsbl.sorbs.net" 1768 1769 :0 1770 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 1771 1772 :0 1773 * SORBSPROXYCHECK ?? ^(yes)$ 1774 { 1775 LISTNAME="SORBS (open proxies)" 1776 LISTRESPONSE="127\.0\.0\.(2|3|4)" 1777 LISTSCORE="4" 1778 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1779 } 1780 1781 :0 1782 * SORBSSPAMCHECK ?? ^(yes)$ 1783 { 1784 LISTNAME="SORBS (spam sources)" 1785 LISTRESPONSE="127\.0\.0\.6" 1786 LISTSCORE="3" 1787 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1788 } 1789 1790 :0 1791 * SORBSZOMBIECHECK ?? ^(yes)$ 1792 { 1793 LISTNAME="SORBS (zombie netblocks)" 1794 LISTRESPONSE="127\.0\.0\.9" 1795 LISTSCORE="3" 1796 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1797 } 1798 1799 LISTSERVER='localhost' 1800 LOCALDESCRIPTION='Null' 1801} 1802 1803INCLUDERC=${SBDIR}/functions/test-threshold.rc 1804 1805:0 1806* ! SBCONFIG ?? ^(Analyze|Debug)$ 1807* SPAMTAG ?? ^yes$ 1808{ LOCALTAG=yes } 1809 1810# Check fifth message body IP, if one exists. 1811# 1812:0 1813* LOCALTAG ?? ^no$ 1814* LT2 ?? ^(yes)$ 1815* ! FIFTHBODYIP ?? ^000\.000\.000\.000$ 1816* $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} 1817* $ ! FIFTHBODYIP ?? ${SECONDBODYIP} 1818* $ ! FIFTHBODYIP ?? ${THIRDBODYIP} 1819* $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} 1820{ 1821 LT5=no 1822 LOCALDESCRIPTION="Body IP:" 1823 LOCALCHECK=${FIFTHBODYIP} 1824 LOCALREVCHECK=${FIFTHBODYREVIP} 1825 LISTSERVER="dnsbl.sorbs.net" 1826 1827 :0 1828 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 1829 1830 :0 1831 * SORBSPROXYCHECK ?? ^(yes)$ 1832 { 1833 LISTNAME="SORBS (open proxies)" 1834 LISTRESPONSE="127\.0\.0\.(2|3|4)" 1835 LISTSCORE="4" 1836 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1837 } 1838 1839 :0 1840 * SORBSSPAMCHECK ?? ^(yes)$ 1841 { 1842 LISTNAME="SORBS (spam sources)" 1843 LISTRESPONSE="127\.0\.0\.6" 1844 LISTSCORE="3" 1845 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1846 } 1847 1848 :0 1849 * SORBSZOMBIECHECK ?? ^(yes)$ 1850 { 1851 LISTNAME="SORBS (zombie netblocks)" 1852 LISTRESPONSE="127\.0\.0\.9" 1853 LISTSCORE="3" 1854 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1855 } 1856 1857 LISTSERVER='localhost' 1858 LOCALDESCRIPTION='Null' 1859} 1860 1861INCLUDERC=${SBDIR}/functions/test-threshold.rc 1862 1863:0 1864* ! SBCONFIG ?? ^(Analyze|Debug)$ 1865* SPAMTAG ?? ^yes$ 1866{ LOCALTAG=yes } 1867 1868# Check sixth message body IP, if one exists. 1869# 1870:0 1871* LOCALTAG ?? ^no$ 1872* LT2 ?? ^(yes)$ 1873* ! SIXTHBODYIP ?? ^000\.000\.000\.000$ 1874* $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} 1875* $ ! SIXTHBODYIP ?? ${SECONDBODYIP} 1876* $ ! SIXTHBODYIP ?? ${THIRDBODYIP} 1877* $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} 1878* $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} 1879{ 1880 LT5=no 1881 LOCALDESCRIPTION="Body IP:" 1882 LOCALCHECK=${SIXTHBODYIP} 1883 LOCALREVCHECK=${SIXTHBODYREVIP} 1884 LISTSERVER="dnsbl.sorbs.net" 1885 1886 :0 1887 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 1888 1889 :0 1890 * SORBSPROXYCHECK ?? ^(yes)$ 1891 { 1892 LISTNAME="SORBS (open proxies)" 1893 LISTRESPONSE="127\.0\.0\.(2|3|4)" 1894 LISTSCORE="4" 1895 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1896 } 1897 1898 :0 1899 * SORBSSPAMCHECK ?? ^(yes)$ 1900 { 1901 LISTNAME="SORBS (spam sources)" 1902 LISTRESPONSE="127\.0\.0\.6" 1903 LISTSCORE="3" 1904 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1905 } 1906 1907 :0 1908 * SORBSZOMBIECHECK ?? ^(yes)$ 1909 { 1910 LISTNAME="SORBS (zombie netblocks)" 1911 LISTRESPONSE="127\.0\.0\.9" 1912 LISTSCORE="3" 1913 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1914 } 1915 1916 LISTSERVER='localhost' 1917 LOCALDESCRIPTION='Null' 1918} 1919 1920INCLUDERC=${SBDIR}/functions/test-threshold.rc 1921 1922:0 1923* ! SBCONFIG ?? ^(Analyze|Debug)$ 1924* SPAMTAG ?? ^yes$ 1925{ LOCALTAG=yes } 1926