1# sb5.rc
2#
3#  Called by sb4.rc if email is not whitelisted.
4#
5# Last Updated: 3/20/2017
6
7# LOOK FOR AND TAG MAILER-DAEMON, ADMIN, & BULK EMAIL.
8#
9# SpamBouncer handles this differently than other email.
10
11# Detect actual MAILER-DAEMON stuff so SpamBouncer will handle it
12# appropriately.
13
14LOCALTAG=no
15
16:0
17* ^From:.*[^0-9a-z](MAILER-DAEMON|\
18                    postmaster|\
19                    root)(@|$|( ))
20* ^Subject:.*[^0-9a-z](Delivery Status Notification \(Failure\)|\
21                      =\?UTF-8\?B\?0JLQsNGI0LUg0YHQvtC+0LHRidC10L3QuNC1INC90LUg0LTQvtGB0YLQsNCy0LvQtdC90L4=\?=\. Mail failure\.)([^0-9a-z]|$)
22{ LOCALTAG=yes }
23
24:0
25* ^From:.*[^0-9a-z]Mail Delivery System([^0-9a-z]|$)
26* ^Subject:.*[^0-9a-z](Delivery Status Notification \(Failure\)|\
27               =\?UTF-8\?B\?0JLQsNGI0LUg0YHQvtC+0LHRidC10L3QuNC1INC90LUg0LTQvtGB0YLQsNCy0LvQtdC90L4=\?=\. Mail failure\.)([^0-9a-z]|$)
28{ LOCALTAG=yes }
29
30:0
31* LOCALTAG ?? ^yes$
32{
33 SBLOGFLAGS="ALWAYS 1 PASS"
34 SBLOG="MAILER-DAEMON"
35 INCLUDERC=${SBDIR}/functions/loglevel.rc
36
37 :0
38 {
39  DAEMONTAG=yes
40  ADMINTAG=yes
41 }
42}
43
44# Other Admin Email
45
46LOCALTAG=no
47
48:0
49* ^From: Anacron <root@
50* ^Subject: Anacron job([^0-9a-z]|$)
51{ LOCALTAG=yes }
52
53:0
54* ^From:.*[^0-9a-z]Cron Daemon([^0-9a-z]|$)
55* ^Subject: Cron <root@
56{ LOCALTAG=yes }
57
58:0
59* ^From: Fail2Ban <fail2ban@
60* ^Subject: \[Fail2Ban\]
61{ LOCALTAG=yes }
62
63:0
64* LOCALTAG ?? ^yes$
65{
66 SBLOGFLAGS="ALWAYS 1 PASS"
67 SBLOG="Server Administration"
68 INCLUDERC=${SBDIR}/functions/loglevel.rc
69
70 :0
71 {
72  DAEMONTAG=yes
73  ADMINTAG=yes
74 }
75}
76
77# Identify bulk email that admits it is bulk :)
78:0
79* H ?? (^Precedence: (Bulk|Junk|List)|\
80        ^Resent-(By|From|To|Sender):|\
81        ^List-[0-9a-z]*:|\
82        ^X-ListName:|\
83        ^X-Listprocessor|\
84        ^X-Listserver:|\
85        ^X-Lyris-(To|MemberID|MessageID):|\
86        ^Received:.*majordom)
87{
88 SBLOGFLAGS="ALWAYS 1 NOTE"
89 SBLOG="Bulk Email (Listserv/Resent/Precedence)"
90 INCLUDERC=${SBDIR}/functions/loglevel.rc
91
92 :0
93 { BULKTAG=yes }
94}
95
96:0
97* SBCONFIG ?? ^(Analyze|Debug)$
98{ LOCALTAG=no }
99
100# Start of "else" wrapper so MAILER-DAEMON stuff is skipped over
101:0
102* DAEMONTAG ?? ^no$
103* LOCALTAG ?? ^no$
104{
105
106# CHECK CONNECTING IP AND DOMAIN AGAINST CONFIGURED BLOCKLISTS
107#
108#  This recipe checks connecting IPs and domains of the connecting hosts found
109#  in rDNS against those blocklists that you have configured for this
110#  purpose.
111
112INCLUDERC=${SBDIR}/sb-blocklists-connecting.rc
113
114# Test to see if Spam Threshold has been reached
115#
116INCLUDERC=${SBDIR}/functions/test-threshold.rc
117
118:0
119* SBCONFIG ?? ^(Analyze|Debug)$
120{ SPAMTAG=no }
121
122# CHECK OTHER HEADER IPS AND DOMAINS AGAINST CONFIGURED BLOCKLISTS
123#
124#  This recipe checks those blocklists you have configured the
125#  SpamBouncer to use on message body headers.  By default, the
126#  SpamBouncer checks the SpamHaus blocklists, Spamcop, the PSBL,
127#  and some of the NJABL lists unless you have explicitly turned
128#  those lists off.  You must enable any other lists you want to
129#  use.
130
131:0
132* SPAMTAG ?? ^no$
133{
134 INCLUDERC=${SBDIR}/sb-blocklists-headers.rc
135}
136
137# Test to see if Spam Threshold has been reached
138#
139INCLUDERC=${SBDIR}/functions/test-threshold.rc
140
141:0
142* SBCONFIG ?? ^(Analyze|Debug)$
143{ SPAMTAG=no }
144
145# If header checks don't designate something as spam, extracts
146# message body information and checks it.  Start of header checks
147# else wrapper.
148
149:0
150* LOCALTAG ?? no
151{
152 INCLUDERC=${SBDIR}/sb6.rc
153}
154# End of :0 wrapper around Header checks
155
156}
157# End of :0 E wrapper around MAILER-DAEMON
158