1# SB-BLOCKLISTS-HEADERS.RC 2# 3# SpamBouncer Blocklist Header Checks 4# 5# This series of recipes checks the other header IPs and domains from 6# the mail headers of an email message against the configured blacklists. 7# 8# Last Updated: 3/20/2017 9 10LOCALTAG=no 11 12# Internal "All-In" Blocklist Checks 13# 14# This recipe checks for pseudo-domains that bypass normal 15# DNS and blocks that email. 16# 17 18:0 19* FIRSTHELO ?? ^([0-9a-z������������������������������������]\ 20 [-0-9a-z������������������������������������]*\.)+\ 21 (bit|onion)$ 22{ 23 SBLOG="C3T-${TESTNAME} (Internal All-In: HELO ${FIRSTHELO})" 24 INCLUDERC=${SBDIR}/functions/loglevel.rc 25 26 :0 27 * $ ${LOCALSCORE}^0 28 * 5^0 29 { LOCALSCORE=$= } 30} 31 32INCLUDERC=${SBDIR}/functions/test-threshold.rc 33 34:0 35* ! SBCONFIG ?? ^(Analyze|Debug)$ 36* SPAMTAG ?? ^yes$ 37{ LOCALTAG=yes } 38 39:0 40* FROMDOMAIN ?? ^([0-9a-z������������������������������������]\ 41 [-0-9a-z������������������������������������]*\.)+\ 42 (bit|onion)$ 43{ 44 SBLOG="C3T-${TESTNAME} (Internal All-In: From Domain ${FROMDOMAIN})" 45 INCLUDERC=${SBDIR}/functions/loglevel.rc 46 47 :0 48 * $ ${LOCALSCORE}^0 49 * 5^0 50 { LOCALSCORE=$= } 51} 52 53INCLUDERC=${SBDIR}/functions/test-threshold.rc 54 55:0 56* ! SBCONFIG ?? ^(Analyze|Debug)$ 57* SPAMTAG ?? ^yes$ 58{ LOCALTAG=yes } 59 60:0 61* REPLYTODOMAIN ?? ^([0-9a-z������������������������������������]\ 62 [-0-9a-z������������������������������������]*\.)+\ 63 (bit|onion)$ 64{ 65 SBLOG="C3T-${TESTNAME} (Internal All-In: Reply-to Domain ${FROMDOMAIN})" 66 INCLUDERC=${SBDIR}/functions/loglevel.rc 67 68 :0 69 * $ ${LOCALSCORE}^0 70 * 5^0 71 { LOCALSCORE=$= } 72} 73 74INCLUDERC=${SBDIR}/functions/test-threshold.rc 75 76:0 77* ! SBCONFIG ?? ^(Analyze|Debug)$ 78* SPAMTAG ?? ^yes$ 79{ LOCALTAG=yes } 80 81# SpamHaus IP-based Blocklist Checks 82# 83# This recipe checks all of the Spamhaus IP-based blocklists. 84# 85 86LT2=no 87 88:0 89* SBLCHECK ?? ^yes$ 90{ LT2=yes } 91 92:0 93* CSSCHECK ?? ^yes$ 94{ LT2=yes } 95 96:0 97* XBLCHECK ?? ^(CBL|ALL)$ 98{ LT2=yes } 99 100# Check second external IP. 101# 102:0 103* LOCALTAG ?? ^no$ 104* LT2 ?? ^(yes)$ 105* ! SECONDEXIP ?? ^000\.000\.000\.000$ 106* $ ! SECONDEXIP ?? ${FIRSTEXIP} 107{ 108 LT5=no 109 LOCALDESCRIPTION="Received IP:" 110 LOCALCHECK=${SECONDEXIP} 111 LOCALREVCHECK=${SECONDEXREVIP} 112 LISTSERVER="zen.spamhaus.org" 113 114 :0 115 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 116 117 :0 118 * SBLCHECK ?? ^(yes)$ 119 { 120 LISTNAME="the SBL" 121 LISTRESPONSE="127\.0\.0\.2" 122 LISTSCORE="5" 123 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 124 } 125 126 :0 127 * CSSCHECK ?? ^(yes)$ 128 { 129 LISTNAME="the CSS" 130 LISTRESPONSE="127\.0\.0\.3" 131 LISTSCORE="5" 132 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 133 } 134 135 :0 136 * XBLCHECK ?? ^(CBL|ALL)$ 137 { 138 LISTNAME="the XBL (CBL)" 139 LISTRESPONSE="127\.0\.0\.4" 140 LISTSCORE="3" 141 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 142 } 143 144 LISTSERVER='localhost' 145 LOCALDESCRIPTION='Null' 146} 147 148INCLUDERC=${SBDIR}/functions/test-threshold.rc 149 150:0 151* ! SBCONFIG ?? ^(Analyze|Debug)$ 152* SPAMTAG ?? ^yes$ 153{ LOCALTAG=yes } 154 155# Check third external IP. 156# 157:0 158* LOCALTAG ?? ^no$ 159* LT2 ?? ^(yes)$ 160* ! THIRDEXIP ?? ^000\.000\.000\.000$ 161* $ ! THIRDEXIP ?? ${FIRSTEXIP} 162* $ ! THIRDEXIP ?? ${SECONDEXIP} 163{ 164 LT5=no 165 LOCALDESCRIPTION="Received IP:" 166 LOCALCHECK=${THIRDEXIP} 167 LOCALREVCHECK=${THIRDEXREVIP} 168 LISTSERVER="zen.spamhaus.org" 169 170 :0 171 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 172 173 :0 174 * SBLCHECK ?? ^(yes)$ 175 { 176 LISTNAME="the SBL" 177 LISTRESPONSE="127\.0\.0\.2" 178 LISTSCORE="5" 179 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 180 } 181 182 :0 183 * CSSCHECK ?? ^(yes)$ 184 { 185 LISTNAME="the CSS" 186 LISTRESPONSE="127\.0\.0\.3" 187 LISTSCORE="5" 188 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 189 } 190 191 :0 192 * XBLCHECK ?? ^(CBL|ALL)$ 193 { 194 LISTNAME="the XBL (CBL)" 195 LISTRESPONSE="127\.0\.0\.4" 196 LISTSCORE="3" 197 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 198 } 199 200 LISTSERVER='localhost' 201 LOCALDESCRIPTION='Null' 202} 203 204INCLUDERC=${SBDIR}/functions/test-threshold.rc 205 206:0 207* ! SBCONFIG ?? ^(Analyze|Debug)$ 208* SPAMTAG ?? ^yes$ 209{ LOCALTAG=yes } 210 211# Check fourth external IP. 212# 213:0 214* LOCALTAG ?? ^no$ 215* LT2 ?? ^(yes)$ 216* ! FOURTHEXIP ?? ^000\.000\.000\.000$ 217* $ ! FOURTHEXIP ?? ${FIRSTEXIP} 218* $ ! FOURTHEXIP ?? ${SECONDEXIP} 219* $ ! FOURTHEXIP ?? ${THIRDEXIP} 220{ 221 LT5=no 222 LOCALDESCRIPTION="Received IP:" 223 LOCALCHECK=${FOURTHEXIP} 224 LOCALREVCHECK=${FOURTHEXREVIP} 225 LISTSERVER="zen.spamhaus.org" 226 227 :0 228 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 229 230 :0 231 * SBLCHECK ?? ^(yes)$ 232 { 233 LISTNAME="the SBL" 234 LISTRESPONSE="127\.0\.0\.2" 235 LISTSCORE="5" 236 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 237 } 238 239 :0 240 * CSSCHECK ?? ^(yes)$ 241 { 242 LISTNAME="the CSS" 243 LISTRESPONSE="127\.0\.0\.3" 244 LISTSCORE="5" 245 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 246 } 247 248 :0 249 * XBLCHECK ?? ^(CBL|ALL)$ 250 { 251 LISTNAME="the XBL (CBL)" 252 LISTRESPONSE="127\.0\.0\.4" 253 LISTSCORE="3" 254 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 255 } 256 257 LISTSERVER='localhost' 258 LOCALDESCRIPTION='Null' 259} 260 261INCLUDERC=${SBDIR}/functions/test-threshold.rc 262 263:0 264* ! SBCONFIG ?? ^(Analyze|Debug)$ 265* SPAMTAG ?? ^yes$ 266{ LOCALTAG=yes } 267 268# Check X-Original-IP, if exists. 269# 270:0 271* LOCALTAG ?? ^no$ 272* LT2 ?? ^(yes)$ 273* ! XORIGINALIP ?? ^000\.000\.000\.000$ 274* $ ! XORIGINALIP ?? ${FIRSTEXIP} 275* $ ! XORIGINALIP ?? ${SECONDEXIP} 276* $ ! XORIGINALIP ?? ${THIRDEXIP} 277* $ ! XORIGINALIP ?? ${FOURTHEXIP} 278{ 279 LT5=no 280 LOCALDESCRIPTION="X-Original-IP:" 281 LOCALCHECK=${XORIGINALIP} 282 LOCALREVCHECK=${XORIGINALREVIP} 283 LISTSERVER="zen.spamhaus.org" 284 285 :0 286 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 287 288 :0 289 * SBLCHECK ?? ^(yes)$ 290 { 291 LISTNAME="the SBL" 292 LISTRESPONSE="127\.0\.0\.2" 293 LISTSCORE="5" 294 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 295 } 296 297 :0 298 * CSSCHECK ?? ^(yes)$ 299 { 300 LISTNAME="the CSS" 301 LISTRESPONSE="127\.0\.0\.3" 302 LISTSCORE="5" 303 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 304 } 305 306 :0 307 * XBLCHECK ?? ^(CBL|ALL)$ 308 { 309 LISTNAME="the XBL (CBL)" 310 LISTRESPONSE="127\.0\.0\.4" 311 LISTSCORE="3" 312 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 313 } 314 315 LISTSERVER='localhost' 316 LOCALDESCRIPTION='Null' 317} 318 319INCLUDERC=${SBDIR}/functions/test-threshold.rc 320 321:0 322* ! SBCONFIG ?? ^(Analyze|Debug)$ 323* SPAMTAG ?? ^yes$ 324{ LOCALTAG=yes } 325 326# Spamhaus DBL Blocklist 327# 328# Checks the SpamHaus Domains Blocklist (DBL), which uses 329# a different zone than the Spamhaus IP-based blocklists do. 330# That means a separate recipe. 331 332LT2=no 333 334:0 335* DBLCHECK ?? ^yes$ 336{ LT2=yes } 337 338# Check Second External Received Domain. 339# 340:0 341* LOCALTAG ?? ^no$ 342* LT2 ?? ^yes$ 343* ! SECONDEXDOMAIN ?? ^example\.com$ 344* $ ! SECONDEXDOMAIN ?? ${FIRSTEXDOMAIN} 345{ 346 LT5=no 347 LOCALDESCRIPTION="Received Domain:" 348 LOCALCHECK=${SECONDEXDOMAIN} 349 LISTSERVER="dbl.spamhaus.org" 350 351 :0 352 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 353 354 :0 355 * DBLCHECK ?? ^yes$ 356 { 357 LISTNAME="DBL" 358 LISTRESPONSE="127\.0\.1\.2" 359 LISTSCORE="5" 360 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 361 } 362 363 LISTSERVER='localhost' 364 LOCALDESCRIPTION='Null' 365} 366 367INCLUDERC=${SBDIR}/functions/test-threshold.rc 368 369:0 370* ! SBCONFIG ?? ^(Analyze|Debug)$ 371* SPAMTAG ?? ^yes$ 372{ LOCALTAG=yes } 373 374# Check Third External Received Domain. 375# 376:0 377* LOCALTAG ?? ^no$ 378* LT2 ?? ^yes$ 379* ! THIRDEXDOMAIN ?? ^example\.com$ 380* $ ! THIRDEXDOMAIN ?? ${FIRSTEXDOMAIN} 381* $ ! THIRDEXDOMAIN ?? ${SECONDEXDOMAIN} 382{ 383 LT5=no 384 LOCALDESCRIPTION="Received Domain:" 385 LOCALCHECK=${THIRDEXDOMAIN} 386 LISTSERVER="dbl.spamhaus.org" 387 388 :0 389 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 390 391 :0 392 * DBLCHECK ?? ^yes$ 393 { 394 LISTNAME="DBL" 395 LISTRESPONSE="127\.0\.1\.2" 396 LISTSCORE="5" 397 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 398 } 399 400 LISTSERVER='localhost' 401 LOCALDESCRIPTION='Null' 402} 403 404INCLUDERC=${SBDIR}/functions/test-threshold.rc 405 406:0 407* ! SBCONFIG ?? ^(Analyze|Debug)$ 408* SPAMTAG ?? ^yes$ 409{ LOCALTAG=yes } 410 411# Check Fourth External Received Domain. 412# 413:0 414* LOCALTAG ?? ^no$ 415* LT2 ?? ^yes$ 416* ! FOURTHEXDOMAIN ?? ^example\.com$ 417* $ ! FOURTHEXDOMAIN ?? ${FIRSTEXDOMAIN} 418* $ ! FOURTHEXDOMAIN ?? ${SECONDEXDOMAIN} 419* $ ! FOURTHEXDOMAIN ?? ${THIRDEXDOMAIN} 420{ 421 LT5=no 422 LOCALDESCRIPTION="Received Domain:" 423 LOCALCHECK=${FOURTHEXDOMAIN} 424 LISTSERVER="dbl.spamhaus.org" 425 426 :0 427 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 428 429 :0 430 * DBLCHECK ?? ^yes$ 431 { 432 LISTNAME="DBL" 433 LISTRESPONSE="127\.0\.1\.2" 434 LISTSCORE="5" 435 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 436 } 437 438 LISTSERVER='localhost' 439 LOCALDESCRIPTION='Null' 440} 441 442INCLUDERC=${SBDIR}/functions/test-threshold.rc 443 444:0 445* ! SBCONFIG ?? ^(Analyze|Debug)$ 446* SPAMTAG ?? ^yes$ 447{ LOCALTAG=yes } 448 449# Check HELO Domain. 450# 451:0 452* LOCALTAG ?? ^no$ 453* LT2 ?? ^yes$ 454* ! FIRSTEXHELODOMAIN ?? ^example\.com$ 455* $ ! FIRSTEXHELODOMAIN ?? ${FIRSTEXDOMAIN} 456* $ ! FIRSTEXHELODOMAIN ?? ${SECONDEXDOMAIN} 457* $ ! FIRSTEXHELODOMAIN ?? ${THIRDEXDOMAIN} 458* $ ! FIRSTEXHELODOMAIN ?? ${FOURTHEXDOMAIN} 459{ 460 LT5=no 461 LOCALDESCRIPTION="HELO Domain:" 462 LOCALCHECK=${FIRSTEXHELODOMAIN} 463 LISTSERVER="dbl.spamhaus.org" 464 465 :0 466 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 467 468 :0 469 * DBLCHECK ?? ^yes$ 470 { 471 LISTNAME="DBL" 472 LISTRESPONSE="127\.0\.1\.2" 473 LISTSCORE="5" 474 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 475 } 476 477 LISTSERVER='localhost' 478 LOCALDESCRIPTION='Null' 479} 480 481INCLUDERC=${SBDIR}/functions/test-threshold.rc 482 483:0 484* ! SBCONFIG ?? ^(Analyze|Debug)$ 485* SPAMTAG ?? ^yes$ 486{ LOCALTAG=yes } 487 488# Check From Domain. 489# 490:0 491* LOCALTAG ?? ^no$ 492* LT2 ?? ^yes$ 493* ! FROMDOMAIN ?? ^example\.com$ 494* $ ! FROMDOMAIN ?? ${FIRSTEXDOMAIN} 495* $ ! FROMDOMAIN ?? ${SECONDEXDOMAIN} 496* $ ! FROMDOMAIN ?? ${THIRDEXDOMAIN} 497* $ ! FROMDOMAIN ?? ${FOURTHEXDOMAIN} 498* $ ! FROMDOMAIN ?? ${FIRSTEXHELODOMAIN} 499{ 500 LT5=no 501 LOCALDESCRIPTION="From Domain:" 502 LOCALCHECK=${FROMDOMAIN} 503 LISTSERVER="dbl.spamhaus.org" 504 505 :0 506 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 507 508 :0 509 * DBLCHECK ?? ^yes$ 510 { 511 LISTNAME="DBL" 512 LISTRESPONSE="127\.0\.1\.2" 513 LISTSCORE="5" 514 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 515 } 516 517 LISTSERVER='localhost' 518 LOCALDESCRIPTION='Null' 519} 520 521INCLUDERC=${SBDIR}/functions/test-threshold.rc 522 523:0 524* ! SBCONFIG ?? ^(Analyze|Debug)$ 525* SPAMTAG ?? ^yes$ 526{ LOCALTAG=yes } 527 528# Check Reply-To Domain. 529# 530:0 531* LOCALTAG ?? ^no$ 532* LT2 ?? ^yes$ 533* ! REPLYTODOMAIN ?? ^example\.com$ 534* $ ! REPLYTODOMAIN ?? ${FIRSTEXDOMAIN} 535* $ ! REPLYTODOMAIN ?? ${SECONDEXDOMAIN} 536* $ ! REPLYTODOMAIN ?? ${THIRDEXDOMAIN} 537* $ ! REPLYTODOMAIN ?? ${FOURTHEXDOMAIN} 538* $ ! REPLYTODOMAIN ?? ${FIRSTEXHELODOMAIN} 539* $ ! REPLYTODOMAIN ?? ${FROMDOMAIN} 540{ 541 LT5=no 542 LOCALDESCRIPTION="Reply-To Domain:" 543 LOCALCHECK=${REPLYTODOMAIN} 544 LISTSERVER="dbl.spamhaus.org" 545 546 :0 547 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 548 549 :0 550 * DBLCHECK ?? ^yes$ 551 { 552 LISTNAME="DBL" 553 LISTRESPONSE="127\.0\.1\.2" 554 LISTSCORE="5" 555 INCLUDERC=${SBDIR}/functions/rhsbl-sub.rc 556 } 557 558 LISTSERVER='localhost' 559 LOCALDESCRIPTION='Null' 560} 561 562INCLUDERC=${SBDIR}/functions/test-threshold.rc 563 564:0 565* ! SBCONFIG ?? ^(Analyze|Debug)$ 566* SPAMTAG ?? ^yes$ 567{ LOCALTAG=yes } 568 569# Check Errors-To Domain. 570# 571:0 572* LOCALTAG ?? ^no$ 573* LT2 ?? ^yes$ 574* ! ERRORDOMAIN ?? ^example\.com$ 575* $ ! ERRORDOMAIN ?? ${FIRSTEXDOMAIN} 576* $ ! ERRORDOMAIN ?? ${SECONDEXDOMAIN} 577* $ ! ERRORDOMAIN ?? ${THIRDEXDOMAIN} 578* $ ! ERRORDOMAIN ?? ${FOURTHEXDOMAIN} 579* $ ! ERRORDOMAIN ?? ${FIRSTEXHELODOMAIN} 580* $ ! ERRORDOMAIN ?? ${FROMDOMAIN} 581* $ ! ERRORDOMAIN ?? ${REPLYTODOMAIN} 582{ 583 LT5=no 584 LOCALDESCRIPTION="Errors-To Domain:" 585 LOCALCHECK=${ERRORDOMAIN} 586 LISTSERVER="dbl.spamhaus.org" 587 588 :0 589 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 590 591 :0 592 * DBLCHECK ?? ^yes$ 593 { 594 LISTNAME="DBL" 595 LISTRESPONSE="127\.0\.1\.2" 596 LISTSCORE="5" 597 INCLUDERC=${SBDIR}/functions/hashbl-sub.rc 598 } 599 600 LISTSERVER='localhost' 601 LOCALDESCRIPTION='Null' 602} 603 604INCLUDERC=${SBDIR}/functions/test-threshold.rc 605 606:0 607* ! SBCONFIG ?? ^(Analyze|Debug)$ 608* SPAMTAG ?? ^yes$ 609{ LOCALTAG=yes } 610 611# MSBL EBL 612# 613# Checks From and Reply-to email addresses agains 614# the MSBL Email Blocklist. 615 616# Check Reply-to Email Address 617:0 618* LOCALTAG ?? ^no$ 619* EBLCHECK ?? ^yes$ 620* ! REPLYTOHASH ?? ^NULL$ 621{ 622 LT5=no 623 LOCALDESCRIPTION="Reply-to Email:" 624 LOCALCHECK="${REPLYTOHASH}" 625 LOCALCHK2="${REPLYTOEMAIL}" 626 LISTSERVER="ebl.msbl.org" 627 628 :0 629 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 630 631 :0 632 * EBLCHECK ?? ^(yes)$ 633 { 634 LISTNAME="the EBL" 635 LISTRESPONSE="127\.0\.0\.2" 636 LISTSCORE="5" 637 INCLUDERC=${SBDIR}/functions/hashbl-sub.rc 638 } 639 640 LISTSERVER='localhost' 641 LOCALDESCRIPTION='Null' 642} 643 644INCLUDERC=${SBDIR}/functions/test-threshold.rc 645 646:0 647* ! SBCONFIG ?? ^(Analyze|Debug)$ 648* SPAMTAG ?? ^yes$ 649{ LOCALTAG=yes } 650 651# Check From Email Address 652:0 653* LOCALTAG ?? ^no$ 654* EBLCHECK ?? ^yes$ 655* ! FROMHASH ?? ^NULL$ 656* $ ! FROMEMAIL ?? ^${REPLYTOEMAIL}$ 657{ 658 LT5=no 659 LOCALDESCRIPTION="From Email:" 660 LOCALCHECK=${FROMHASH} 661 LOCALCHK2="${FROMEMAIL}" 662 LISTSERVER="ebl.msbl.org" 663 664 :0 665 { LISTCHECK=`${SBHOST} ${LOCALCHECK}.${LISTSERVER} 2> /dev/null` } 666 667 :0 668 * EBLCHECK ?? ^(yes)$ 669 { 670 LISTNAME="the EBL" 671 LISTRESPONSE="127\.0\.0\.2" 672 LISTSCORE="5" 673 INCLUDERC=${SBDIR}/functions/hashbl-sub.rc 674 } 675 676 LISTSERVER='localhost' 677 LOCALDESCRIPTION='Null' 678} 679 680INCLUDERC=${SBDIR}/functions/test-threshold.rc 681 682:0 683* ! SBCONFIG ?? ^(Analyze|Debug)$ 684* SPAMTAG ?? ^yes$ 685{ LOCALTAG=yes } 686 687# SORBS Checks 688# 689# The Spam and Open Relay Blocking System (SORBS) has a DNSBL with 690# several useful lists. They're all aggressive, and should be used 691# with caution. 692 693LT2=no 694 695:0 696* SORBSCGICHECK ?? ^yes$ 697{ LT2=yes } 698 699:0 700* SORBSPROXYCHECK ?? ^yes$ 701{ LT2=yes } 702 703:0 704* SORBSRELAYCHECK ?? ^yes$ 705{ LT2=yes } 706 707:0 708* SORBSSPAMCHECK ?? ^yes$ 709{ LT2=yes } 710 711:0 712* SORBSZOMBIECHECK ?? ^yes$ 713{ LT2=yes } 714 715# Check second Received IP. 716# 717:0 718* LOCALTAG ?? ^no$ 719* LT2 ?? ^(yes)$ 720* ! SECONDEXIP ?? ^000\.000\.000\.000$ 721* $ ! SECONDEXIP ?? ${FIRSTEXIP} 722{ 723 LT5=no 724 LOCALDESCRIPTION="Received IP:" 725 LOCALCHECK=${SECONDEXIP} 726 LOCALREVCHECK=${SECONDEXREVIP} 727 LISTSERVER="dnsbl.sorbs.net" 728 729 :0 730 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 731 732 :0 733 * SORBSPROXYCHECK ?? ^(yes)$ 734 { 735 LISTNAME="SORBS (open proxies)" 736 LISTRESPONSE="127\.0\.0\.(2|3|4)" 737 LISTSCORE="4" 738 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 739 } 740 741 :0 742 * SORBSRELAYCHECK ?? ^(yes)$ 743 { 744 LISTNAME="SORBS (open relays)" 745 LISTRESPONSE="127\.0\.0\.5" 746 LISTSCORE="4" 747 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 748 } 749 750 :0 751 * SORBSSPAMCHECK ?? ^(yes)$ 752 { 753 LISTNAME="SORBS (spam sources)" 754 LISTRESPONSE="127\.0\.0\.6" 755 LISTSCORE="3" 756 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 757 } 758 759 :0 760 * SORBSCGICHECK ?? ^(yes)$ 761 { 762 LISTNAME="SORBS (insecure web forms)" 763 LISTRESPONSE="127\.0\.0\.7" 764 LISTSCORE="3" 765 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 766 } 767 768 :0 769 * SORBSZOMBIECHECK ?? ^(yes)$ 770 { 771 LISTNAME="SORBS (zombie netblocks)" 772 LISTRESPONSE="127\.0\.0\.9" 773 LISTSCORE="3" 774 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 775 } 776 777 LISTSERVER='localhost' 778 LOCALDESCRIPTION='Null' 779} 780 781INCLUDERC=${SBDIR}/functions/test-threshold.rc 782 783:0 784* ! SBCONFIG ?? ^(Analyze|Debug)$ 785* SPAMTAG ?? ^yes$ 786{ LOCALTAG=yes } 787 788# Check third Received IP. 789# 790:0 791* LOCALTAG ?? ^no$ 792* LT2 ?? ^(yes)$ 793* ! THIRDEXIP ?? ^000\.000\.000\.000$ 794* $ ! THIRDEXIP ?? ${FIRSTEXIP} 795* $ ! THIRDEXIP ?? ${SECONDEXIP} 796{ 797 LT5=no 798 LOCALDESCRIPTION="Received IP:" 799 LOCALCHECK=${THIRDEXIP} 800 LOCALREVCHECK=${THIRDEXREVIP} 801 LISTSERVER="dnsbl.sorbs.net" 802 803 :0 804 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 805 806 :0 807 * SORBSPROXYCHECK ?? ^(yes)$ 808 { 809 LISTNAME="SORBS (open proxies)" 810 LISTRESPONSE="127\.0\.0\.(2|3|4)" 811 LISTSCORE="4" 812 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 813 } 814 815 :0 816 * SORBSRELAYCHECK ?? ^(yes)$ 817 { 818 LISTNAME="SORBS (open relays)" 819 LISTRESPONSE="127\.0\.0\.5" 820 LISTSCORE="4" 821 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 822 } 823 824 :0 825 * SORBSSPAMCHECK ?? ^(yes)$ 826 { 827 LISTNAME="SORBS (spam sources)" 828 LISTRESPONSE="127\.0\.0\.6" 829 LISTSCORE="3" 830 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 831 } 832 833 :0 834 * SORBSCGICHECK ?? ^(yes)$ 835 { 836 LISTNAME="SORBS (insecure web forms)" 837 LISTRESPONSE="127\.0\.0\.7" 838 LISTSCORE="3" 839 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 840 } 841 842 :0 843 * SORBSZOMBIECHECK ?? ^(yes)$ 844 { 845 LISTNAME="SORBS (zombie netblocks)" 846 LISTRESPONSE="127\.0\.0\.9" 847 LISTSCORE="3" 848 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 849 } 850 851 LISTSERVER='localhost' 852 LOCALDESCRIPTION='Null' 853} 854 855INCLUDERC=${SBDIR}/functions/test-threshold.rc 856 857:0 858* ! SBCONFIG ?? ^(Analyze|Debug)$ 859* SPAMTAG ?? ^yes$ 860{ LOCALTAG=yes } 861 862# Check fourth external IP, if one exists. 863# 864:0 865* LOCALTAG ?? ^no$ 866* LT2 ?? ^(yes)$ 867* ! FOURTHEXIP ?? ^000\.000\.000\.000$ 868* $ ! FOURTHEXIP ?? ${FIRSTEXIP} 869* $ ! FOURTHEXIP ?? ${SECONDEXIP} 870* $ ! FOURTHEXIP ?? ${THIRDEXIP} 871{ 872 LT5=no 873 LOCALDESCRIPTION="Received IP:" 874 LOCALCHECK=${FOURTHEXIP} 875 LOCALREVCHECK=${FOURTHEXREVIP} 876 LISTSERVER="dnsbl.sorbs.net" 877 878 :0 879 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 880 881 :0 882 * SORBSPROXYCHECK ?? ^(yes)$ 883 { 884 LISTNAME="SORBS (open proxies)" 885 LISTRESPONSE="127\.0\.0\.(2|3|4)" 886 LISTSCORE="4" 887 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 888 } 889 890 :0 891 * SORBSRELAYCHECK ?? ^(yes)$ 892 { 893 LISTNAME="SORBS (open relays)" 894 LISTRESPONSE="127\.0\.0\.5" 895 LISTSCORE="4" 896 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 897 } 898 899 :0 900 * SORBSSPAMCHECK ?? ^(yes)$ 901 { 902 LISTNAME="SORBS (spam sources)" 903 LISTRESPONSE="127\.0\.0\.6" 904 LISTSCORE="3" 905 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 906 } 907 908 :0 909 * SORBSCGICHECK ?? ^(yes)$ 910 { 911 LISTNAME="SORBS (insecure web forms)" 912 LISTRESPONSE="127\.0\.0\.7" 913 LISTSCORE="3" 914 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 915 } 916 917 :0 918 * SORBSZOMBIECHECK ?? ^(yes)$ 919 { 920 LISTNAME="SORBS (zombie netblocks)" 921 LISTRESPONSE="127\.0\.0\.9" 922 LISTSCORE="3" 923 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 924 } 925 926 LISTSERVER='localhost' 927 LOCALDESCRIPTION='Null' 928} 929 930INCLUDERC=${SBDIR}/functions/test-threshold.rc 931 932:0 933* ! SBCONFIG ?? ^(Analyze|Debug)$ 934* SPAMTAG ?? ^yes$ 935{ LOCALTAG=yes } 936 937# Check X-Original-IP, if one exists. 938# 939:0 940* LOCALTAG ?? ^no$ 941* LT2 ?? ^(yes)$ 942* ! XORIGINALIP ?? ^000\.000\.000\.000$ 943* $ ! XORIGINALIP ?? ${FIRSTEXIP} 944* $ ! XORIGINALIP ?? ${SECONDEXIP} 945* $ ! XORIGINALIP ?? ${THIRDEXIP} 946* $ ! XORIGINALIP ?? ${FOURTHEXIP} 947{ 948 LT5=no 949 LOCALDESCRIPTION="Received IP:" 950 LOCALCHECK=${XORIGINALIP} 951 LOCALREVCHECK=${XORIGINALEXREVIP} 952 LISTSERVER="dnsbl.sorbs.net" 953 954 :0 955 { LISTCHECK=`${SBHOST} ${LOCALREVCHECK}.${LISTSERVER} 2> /dev/null` } 956 957 :0 958 * SORBSPROXYCHECK ?? ^(yes)$ 959 { 960 LISTNAME="SORBS (open proxies)" 961 LISTRESPONSE="127\.0\.0\.(2|3|4)" 962 LISTSCORE="4" 963 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 964 } 965 966 :0 967 * SORBSRELAYCHECK ?? ^(yes)$ 968 { 969 LISTNAME="SORBS (open relays)" 970 LISTRESPONSE="127\.0\.0\.5" 971 LISTSCORE="4" 972 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 973 } 974 975 :0 976 * SORBSSPAMCHECK ?? ^(yes)$ 977 { 978 LISTNAME="SORBS (spam sources)" 979 LISTRESPONSE="127\.0\.0\.6" 980 LISTSCORE="3" 981 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 982 } 983 984 :0 985 * SORBSCGICHECK ?? ^(yes)$ 986 { 987 LISTNAME="SORBS (insecure web forms)" 988 LISTRESPONSE="127\.0\.0\.7" 989 LISTSCORE="3" 990 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 991 } 992 993 :0 994 * SORBSZOMBIECHECK ?? ^(yes)$ 995 { 996 LISTNAME="SORBS (zombie netblocks)" 997 LISTRESPONSE="127\.0\.0\.9" 998 LISTSCORE="3" 999 INCLUDERC=${SBDIR}/functions/dnsbl-sub.rc 1000 } 1001 1002 LISTSERVER='localhost' 1003 LOCALDESCRIPTION='Null' 1004} 1005 1006INCLUDERC=${SBDIR}/functions/test-threshold.rc 1007 1008:0 1009* ! SBCONFIG ?? ^(Analyze|Debug)$ 1010* SPAMTAG ?? ^yes$ 1011{ LOCALTAG=yes } 1012 1013