1# SB-BLOCKLISTS-CONNECTING.RC 2# 3# SpamBouncer Blocklist Connecting IP Checks 4# 5# This series of recipes checks the IPs that connect to your mail server 6# against various blocklists. 7# 8# Last Updated: 10/14/2016 9 10LOCALTAG=no 11 12# SpamHaus IP-based Blocklist Checks 13# 14# This recipe checks all of the Spamhaus IP-based blocklists. 15 16LT2=no 17 18:0 19* SBLCHECK ?? ^yes$ 20{ LT2=yes } 21 22:0 23* CSSCHECK ?? ^yes$ 24{ LT2=yes } 25 26:0 27* PBLCHECK ?? ^(ISP|SPAMHAUS|ALL)$ 28{ LT2=yes } 29 30:0 31* XBLCHECK ?? ^(CBL|ALL)$ 32{ LT2=yes } 33 34# Check Connecting (first external) IP. 35# 36:0 37* LOCALTAG ?? ^no$ 38* LT2 ?? ^(yes)$ 39* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 40{ 41 LT5=no 42 LOCALDESCRIPTION="Connecting IP:" 43 LOCALCHECK=${FIRSTEXIP} 44 LOCALREVCHECK=${FIRSTEXREVIP} 45 LISTSERVER="zen.spamhaus.org" 46 47 :0 48 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 49 50 :0 51 * SBLCHECK ?? ^(yes)$ 52 { 53 LISTNAME="the SBL" 54 LISTRESPONSE="127\.0\.0\.2" 55 LISTSCORE="5" 56 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 57 } 58 59 :0 60 * CSSCHECK ?? ^(yes)$ 61 { 62 LISTNAME="the CSS" 63 LISTRESPONSE="127\.0\.0\.3" 64 LISTSCORE="5" 65 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 66 } 67 68 :0 69 * PBLCHECK ?? ^(ISP|ALL)$ 70 { 71 LISTNAME="the PBL (ISP)" 72 LISTRESPONSE="127\.0\.0\.10" 73 LISTSCORE="5" 74 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 75 } 76 77 :0 78 * PBLCHECK ?? ^(SPAMHAUS|ALL)$ 79 { 80 LISTNAME="the PBL (SpamHaus)" 81 LISTRESPONSE="127\.0\.0\.11" 82 LISTSCORE="5" 83 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 84 } 85 86 :0 87 * XBLCHECK ?? ^(CBL|ALL)$ 88 { 89 LISTNAME="the XBL (CBL)" 90 LISTRESPONSE="127\.0\.0\.4" 91 LISTSCORE="5" 92 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 93 } 94 95 LISTSERVER='localhost' 96 LOCALDESCRIPTION='Null' 97} 98 99INCLUDERC=${SBDIR}/functions/test-threshold.rc 100 101:0 102* ! SBCONFIG ?? ^(Analyze|Debug)$ 103* SPAMTAG ?? ^yes$ 104{ LOCALTAG=yes } 105 106 107# CBL check 108# 109# Checks cbl.abuseat.org, which is updated somewhat more 110# frequently than zen.spamhaus.org, and contains some extra 111# data. If a bot is spewing and Zen is down, this is a lifesaver. 112 113# Check Connecting (First External) IP 114:0 115* LOCALTAG ?? ^no$ 116* CBLCHECK ?? ^(yes)$ 117* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 118{ 119 LT5=no 120 LOCALDESCRIPTION="Connecting IP:" 121 LOCALCHECK=${FIRSTEXIP} 122 LOCALREVCHECK=${FIRSTEXREVIP} 123 LISTSERVER="cbl.abuseat.org" 124 125 :0 126 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 127 128 :0 129 * CBLCHECK ?? ^(yes)$ 130 { 131 LISTNAME="the CBL" 132 LISTRESPONSE="127\.0\.0\.2" 133 LISTSCORE="5" 134 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 135 } 136 137 LISTSERVER='localhost' 138 LOCALDESCRIPTION='Null' 139} 140 141INCLUDERC=${SBDIR}/functions/test-threshold.rc 142 143:0 144* ! SBCONFIG ?? ^(Analyze|Debug)$ 145* SPAMTAG ?? ^yes$ 146{ LOCALTAG=yes } 147 148 149# Spamcop BL check 150# 151# Checks bl.spamcop.net, which lists IPs that have sent spam to 152# Spamcop users. This was at one time a very aggressive list 153# with a high false positive count, but the FP count has dropped 154# dramatically in the last few years. I have therefore increased 155# the score for Spamcop and included it in the default list of 156# SpamBouncer blocklists. 157 158# Check Connecting (First External) IP 159:0 160* LOCALTAG ?? ^no$ 161* SPAMCOPCHECK ?? ^(yes)$ 162* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 163{ 164 LT5=no 165 LOCALDESCRIPTION="Connecting IP:" 166 LOCALCHECK=${FIRSTEXIP} 167 LOCALREVCHECK=${FIRSTEXREVIP} 168 LISTSERVER="bl.spamcop.net" 169 170 :0 171 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 172 173 :0 174 * SPAMCOPCHECK ?? ^(yes)$ 175 { 176 LISTNAME="SpamCop" 177 LISTRESPONSE="127\.0\.0\.2" 178 LISTSCORE="5" 179 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 180 } 181 182 LISTSERVER='localhost' 183 LOCALDESCRIPTION='Null' 184} 185 186INCLUDERC=${SBDIR}/functions/test-threshold.rc 187 188:0 189* ! SBCONFIG ?? ^(Analyze|Debug)$ 190* SPAMTAG ?? ^yes$ 191{ LOCALTAG=yes } 192 193 194# PSBL Check 195# 196# http://psbl.surriel.com 197# 198# Checks Rick van Rijn's Passive Spam Blocklist. This is a low-FP 199# easy-removal list of spam senders that often catches spam from IPs 200# that are not in the SpamHaus or SpamCop blocklists yet. This 201# blocklist is suitable only for checking connecting IPs, not deep 202# header parsing. 203# 204:0 205* LOCALTAG ?? ^no$ 206* PSBLCHECK ?? ^(yes)$ 207* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 208{ 209 LT5=no 210 LOCALDESCRIPTION="Connecting IP:" 211 LOCALCHECK=${FIRSTEXIP} 212 LOCALREVCHECK=${FIRSTEXREVIP} 213 LISTSERVER="psbl.surriel.com" 214 215 :0 216 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 217 218 :0 219 * PSBLCHECK ?? ^(yes)$ 220 { 221 LISTNAME="the PSBL" 222 LISTRESPONSE="127\.0\.0\.2" 223 LISTSCORE="5" 224 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 225 } 226 227 LISTSERVER='localhost' 228 LOCALDESCRIPTION='Null' 229} 230 231INCLUDERC=${SBDIR}/functions/test-threshold.rc 232 233:0 234* ! SBCONFIG ?? ^(Analyze|Debug)$ 235* SPAMTAG ?? ^yes$ 236{ LOCALTAG=yes } 237 238 239# ReturnPath Senderscore Reputation List 240# 241# http://www.senderscore.com 242# 243# Checks the ReturnPath SenderScore for the sending IP. 244 245:0 246* LOCALTAG ?? ^no$ 247* RPSSCHECK ?? ^(LOW|ALL)$ 248* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 249{ 250 LT5=no 251 LOCALDESCRIPTION="Connecting IP:" 252 LOCALCHECK=${FIRSTEXIP} 253 LOCALREVCHECK=${FIRSTEXREVIP} 254 LISTSERVER="score.senderscore.com" 255 256 :0 257 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 258 259 :0 260 * RPSSCHECK ?? ^(LOW|ALL)$ 261 { 262 LISTNAME="Senderscore" 263 LISTLEVEL="Worst" 264 LISTRESPONSE="127\.0\.0\.([0-9]|1[0-9])" 265 LISTSCORE="5" 266 INCLUDERC=${SBDIR}/functions/rpss-sub.rc 267 268 LISTNAME="Senderscore" 269 LISTLEVEL="Bad" 270 LISTRESPONSE="127\.0\.0\.([2-3][0-9])" 271 LISTSCORE="4" 272 INCLUDERC=${SBDIR}/functions/rpss-sub.rc 273 274 LISTNAME="Senderscore" 275 LISTLEVEL="Low" 276 LISTRESPONSE="127\.0\.0\.([4-5][0-9])" 277 LISTSCORE="3" 278 INCLUDERC=${SBDIR}/functions/rpss-sub.rc 279 } 280 281 :0 282 * RPSSCHECK ?? ^ALL$ 283 { 284 LISTNAME="Senderscore" 285 LISTLEVEL="OK" 286 LISTRESPONSE="127\.0\.0\.([6-7][0-9])" 287 LISTSCORE="-3" 288 INCLUDERC=${SBDIR}/functions/rpss-sub.rc 289 290 LISTNAME="Senderscore" 291 LISTLEVEL="Good" 292 LISTRESPONSE="127\.0\.0\.(8[0-9])" 293 LISTSCORE="-4" 294 INCLUDERC=${SBDIR}/functions/rpss-sub.rc 295 296 LISTNAME="Senderscore" 297 LISTLEVEL="Best" 298 LISTRESPONSE="127\.0\.0\.(9[0-9]|100)" 299 LISTSCORE="-5" 300 INCLUDERC=${SBDIR}/functions/rpss-sub.rc 301 } 302 303 LISTSERVER='localhost' 304 LOCALDESCRIPTION='Null' 305} 306 307INCLUDERC=${SBDIR}/functions/test-threshold.rc 308 309:0 310* ! SBCONFIG ?? ^(Analyze|Debug)$ 311* SPAMTAG ?? ^yes$ 312{ LOCALTAG=yes } 313 314 315# MailSpike Reputation List 316# http://mailspike.net/ 317# 318# Reputation blocklist/whitelist combination. Blacklist is very accurate, 319# and has a good catch rate and low FPs. 320# 321:0 322* LOCALTAG ?? ^no$ 323* MSPIKEREPCHECK ?? (ALL|DEFAULT|BLACK|L5|L4|L3|L2) 324* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 325{ 326 LT5=no 327 LOCALDESCRIPTION="Connecting IP:" 328 LOCALCHECK=${FIRSTEXIP} 329 LOCALREVCHECK=${FIRSTEXREVIP} 330 LISTSERVER="rep.mailspike.net" 331 332 :0 333 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 334 335 :0 336 * MSPIKEREPCHECK ?? (ALL|DEFAULT|BLACK|L5) 337 { 338 LISTNAME="MailSpike Reputation (L5|Worst)" 339 LISTRESPONSE="127\.0\.0\.10" 340 LISTSCORE="5" 341 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 342 } 343 344 :0 345 * LT5 ?? ^no$ 346 * MSPIKEREPCHECK ?? (ALL|DEFAULT|BLACK|L4) 347 { 348 LISTNAME="MailSpike Reputation (L4|Very Bad)" 349 LISTRESPONSE="127\.0\.0\.11" 350 LISTSCORE="4" 351 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 352 } 353 354 :0 355 * LT5 ?? ^no$ 356 * MSPIKEREPCHECK ?? (ALL|DEFAULT|BLACK|L3) 357 { 358 LISTNAME="MailSpike Reputation (L3|Bad)" 359 LISTRESPONSE="127\.0\.0\.12" 360 LISTSCORE="3" 361 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 362 } 363 364 :0 365 * LT5 ?? ^no$ 366 * MSPIKEREPCHECK ?? (ALL|BLACK|L2) 367 { 368 LISTNAME="MailSpike Reputation (L2|Suspicious)" 369 LISTRESPONSE="127\.0\.0\.13" 370 LISTSCORE="2" 371 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 372 } 373 374 LISTSERVER='localhost' 375 LOCALDESCRIPTION='Null' 376} 377 378:0 379* ! SBCONFIG ?? ^(Analyze|Debug)$ 380* SPAMTAG ?? ^yes$ 381{ LOCALTAG=yes } 382 383 384# SORBS Checks 385# 386# The Spam and Open Relay Blocking System (SORBS) has a DNSBL with 387# several useful lists. They're all aggressive, and should be used 388# with caution. 389 390LT2=no 391 392:0 393* SORBSCGICHECK ?? ^yes$ 394{ LT2=yes } 395 396:0 397* SORBSDYNCHECK ?? ^yes$ 398{ LT2=yes } 399 400:0 401* SORBSPROXYCHECK ?? ^yes$ 402{ LT2=yes } 403 404:0 405* SORBSPROXY2CHECK ?? ^yes$ 406{ LT2=yes } 407 408:0 409* SORBSRELAYCHECK ?? ^yes$ 410{ LT2=yes } 411 412:0 413* SORBSSOCKSCHECK ?? ^yes$ 414{ LT2=yes } 415 416:0 417* SORBSSPAMCHECK ?? ^yes$ 418{ LT2=yes } 419 420:0 421* SORBSZOMBIECHECK ?? ^yes$ 422{ LT2=yes } 423 424# Check first external IP. 425# 426:0 427* LOCALTAG ?? ^no$ 428* LT2 ?? ^(yes)$ 429* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 430{ 431 LT5=no 432 LOCALDESCRIPTION="Connecting IP:" 433 LOCALCHECK=${FIRSTEXIP} 434 LOCALREVCHECK=${FIRSTEXREVIP} 435 LISTSERVER="dnsbl.sorbs.net" 436 437 :0 438 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 439 440 :0 441 * SORBSPROXYCHECK ?? ^(yes)$ 442 { 443 LISTNAME="SORBS (open proxies)" 444 LISTRESPONSE="127\.0\.0\.(2|3|4)" 445 LISTSCORE="4" 446 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 447 } 448 449 :0 450 * SORBSRELAYCHECK ?? ^(yes)$ 451 { 452 LISTNAME="SORBS (open relays)" 453 LISTRESPONSE="127\.0\.0\.5" 454 LISTSCORE="4" 455 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 456 } 457 458 :0 459 * SORBSSPAMCHECK ?? ^(yes)$ 460 { 461 LISTNAME="SORBS (spam sources)" 462 LISTRESPONSE="127\.0\.0\.6" 463 LISTSCORE="3" 464 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 465 } 466 467 :0 468 * SORBSCGICHECK ?? ^(yes)$ 469 { 470 LISTNAME="SORBS (insecure web forms)" 471 LISTRESPONSE="127\.0\.0\.7" 472 LISTSCORE="3" 473 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 474 } 475 476 :0 477 * SORBSZOMBIECHECK ?? ^(yes)$ 478 { 479 LISTNAME="SORBS (zombie netblocks)" 480 LISTRESPONSE="127\.0\.0\.9" 481 LISTSCORE="3" 482 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 483 } 484 485 :0 486 * SORBSDYNCHECK ?? ^(yes)$ 487 { 488 LISTNAME="SORBS (dynamic IPs)" 489 LISTRESPONSE="127\.0\.0\.10" 490 LISTSCORE="5" 491 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 492 } 493 494 LISTSERVER='localhost' 495 LOCALDESCRIPTION='Null' 496} 497 498INCLUDERC=${SBDIR}/functions/test-threshold.rc 499 500:0 501* ! SBCONFIG ?? ^(Analyze|Debug)$ 502* SPAMTAG ?? ^yes$ 503{ LOCALTAG=yes } 504 505 506# EmailBasura 507# 508# http://www.emailbasura.org/ 509# 510# Blocklist of spam maintained by people in Latin America. Useful for 511# Latin American users, or if you receive significant quantities of 512# spam in Spanish or Portuguese that other blocklists and filters do not 513# catch. 514 515:0 516* EBASURACHECK ?? ^(yes)$ 517* LOCALTAG ?? ^no$ 518* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 519{ 520 LT5=no 521 LOCALDESCRIPTION="Connecting IP:" 522 LOCALCHECK=${FIRSTEXIP} 523 LOCALREVCHECK=${FIRSTEXREVIP} 524 LISTSERVER="bl.emailbasura.org" 525 526 :0 527 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 528 529 :0 530 * EBASURACHECK ?? ^(yes)$ 531 { 532 LISTNAME="EmailBasura" 533 LISTRESPONSE="127\.0\.0\.2" 534 LISTSCORE="5" 535 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 536 } 537 538 LISTSERVER='localhost' 539 LOCALDESCRIPTION='Null' 540} 541 542INCLUDERC=${SBDIR}/functions/test-threshold.rc 543 544:0 545* ! SBCONFIG ?? ^(Analyze|Debug)$ 546* SPAMTAG ?? ^yes$ 547{ LOCALTAG=yes } 548 549 550# Fabel.DK (mostly Asian and South American IPs) 551# http://www.spamsources.fabel.dk/ 552# 553# Bblocklist run much like the PSBL, blocking 554# connecting IPs only, with easy self-removal. Focuses 555# on IPs in Asia and South America. 556# 557:0 558* FABELDKCHECK ?? ^(yes)$ 559* LOCALTAG ?? ^no$ 560* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 561{ 562 LT5=no 563 LOCALDESCRIPTION="Connecting IP:" 564 LOCALCHECK=${FIRSTEXIP} 565 LOCALREVCHECK=${FIRSTEXREVIP} 566 LISTSERVER="spamsources.fabel.dk" 567 568 :0 569 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 570 571 :0 572 * FABELDKCHECK ?? ^(yes)$ 573 { 574 LISTNAME="Fabel.dk" 575 LISTRESPONSE="127\.0\.0\.2" 576 LISTSCORE="5" 577 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 578 } 579 580 LISTSERVER='localhost' 581 LOCALDESCRIPTION='Null' 582} 583 584INCLUDERC=${SBDIR}/functions/test-threshold.rc 585 586:0 587* ! SBCONFIG ?? ^(Analyze|Debug)$ 588* SPAMTAG ?? ^yes$ 589{ LOCALTAG=yes } 590 591# ScientificSpam 592# http://www.scientificspam.net/ 593# 594# Blocklist of spammers who spam people in academia 595# and research. 596 597:0 598* SCISPAMCHECK ?? ^(yes)$ 599* LOCALTAG ?? ^no$ 600* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 601{ 602 LT5=no 603 LOCALDESCRIPTION="Connecting IP:" 604 LOCALCHECK=${FIRSTEXIP} 605 LOCALREVCHECK=${FIRSTEXREVIP} 606 LISTSERVER="bl.scientificspam.net" 607 608 :0 609 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 610 611 :0 612 * SCISPAMCHECK ?? ^(yes)$ 613 { 614 LISTNAME="ScientificSpam" 615 LISTRESPONSE="127\.0\.0\.2" 616 LISTSCORE="5" 617 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 618 } 619 620 LISTSERVER='localhost' 621 LOCALDESCRIPTION='Null' 622} 623 624INCLUDERC=${SBDIR}/functions/test-threshold.rc 625 626:0 627* ! SBCONFIG ?? ^(Analyze|Debug)$ 628* SPAMTAG ?? ^yes$ 629{ LOCALTAG=yes } 630 631# Suomispam 632# http://www.suomispam.net/ 633# 634# Blocklist of spammers who spam users in Finland 635# and sourrounding Baltic and Scandinavian countries. 636 637:0 638* SUOMISCHECK ?? ^(yes)$ 639* LOCALTAG ?? ^no$ 640* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 641{ 642 LT5=no 643 LOCALDESCRIPTION="Connecting IP:" 644 LOCALCHECK=${FIRSTEXIP} 645 LOCALREVCHECK=${FIRSTEXREVIP} 646 LISTSERVER="bl.suomispam.net" 647 648 :0 649 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 650 651 :0 652 * SUOMISCHECK ?? ^(yes)$ 653 { 654 LISTNAME="SuomiSpam" 655 LISTRESPONSE="127\.0\.0\.2" 656 LISTSCORE="5" 657 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 658 } 659 660 LISTSERVER='localhost' 661 LOCALDESCRIPTION='Null' 662} 663 664INCLUDERC=${SBDIR}/functions/test-threshold.rc 665 666:0 667* ! SBCONFIG ?? ^(Analyze|Debug)$ 668* SPAMTAG ?? ^yes$ 669{ LOCALTAG=yes } 670 671 672# Spamhaus DBL Blocklist 673# 674# Checks the SpamHaus Domains Blocklist (DBL), which uses 675# a different zone than the Spamhaus IP-based blocklists do. 676# That means a separate recipe. 677 678LT2=no 679 680:0 681* DBLCHECK ?? ^yes$ 682{ LT2=yes } 683 684# Check First External Received Domain. 685# 686:0 687* LOCALTAG ?? ^no$ 688* LT2 ?? ^yes$ 689* ! FIRSTEXDOMAIN ?? ^example\.com$ 690{ 691 LT5=no 692 LOCALDESCRIPTION="Connecting Domain:" 693 LOCALCHECK=${FIRSTEXDOMAIN} 694 LISTSERVER="dbl.spamhaus.org" 695 696 :0 697 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 698 699 :0 700 * DBLCHECK ?? ^yes$ 701 { 702 LISTNAME="DBL" 703 LISTRESPONSE="127\.0\.1\.2" 704 LISTSCORE="5" 705 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 706 } 707 708 LISTSERVER='localhost' 709 LOCALDESCRIPTION='Null' 710} 711 712INCLUDERC=${SBDIR}/functions/test-threshold.rc 713 714:0 715* ! SBCONFIG ?? ^(Analyze|Debug)$ 716* SPAMTAG ?? ^yes$ 717{ LOCALTAG=yes } 718 719