1# sb5.rc 2# 3# Called by sb4.rc if email is not whitelisted. 4# 5# Last Updated: 3/20/2017 6 7# LOOK FOR AND TAG MAILER-DAEMON, ADMIN, & BULK EMAIL. 8# 9# SpamBouncer handles this differently than other email. 10 11# Detect actual MAILER-DAEMON stuff so SpamBouncer will handle it 12# appropriately. 13 14LOCALTAG=no 15 16:0 17* ^From:.*[^0-9a-z](MAILER-DAEMON|\ 18 postmaster|\ 19 root)(@|$|( )) 20* ^Subject:.*[^0-9a-z](Delivery Status Notification \(Failure\)|\ 21 =\?UTF-8\?B\?0JLQsNGI0LUg0YHQvtC+0LHRidC10L3QuNC1INC90LUg0LTQvtGB0YLQsNCy0LvQtdC90L4=\?=\. Mail failure\.)([^0-9a-z]|$) 22{ LOCALTAG=yes } 23 24:0 25* ^From:.*[^0-9a-z]Mail Delivery System([^0-9a-z]|$) 26* ^Subject:.*[^0-9a-z](Delivery Status Notification \(Failure\)|\ 27 =\?UTF-8\?B\?0JLQsNGI0LUg0YHQvtC+0LHRidC10L3QuNC1INC90LUg0LTQvtGB0YLQsNCy0LvQtdC90L4=\?=\. Mail failure\.)([^0-9a-z]|$) 28{ LOCALTAG=yes } 29 30:0 31* LOCALTAG ?? ^yes$ 32{ 33 SBLOGFLAGS="ALWAYS 1 PASS" 34 SBLOG="MAILER-DAEMON" 35 INCLUDERC=${SBDIR}/functions/loglevel.rc 36 37 :0 38 { 39 DAEMONTAG=yes 40 ADMINTAG=yes 41 } 42} 43 44# Other Admin Email 45 46LOCALTAG=no 47 48:0 49* ^From: Anacron <root@ 50* ^Subject: Anacron job([^0-9a-z]|$) 51{ LOCALTAG=yes } 52 53:0 54* ^From:.*[^0-9a-z]Cron Daemon([^0-9a-z]|$) 55* ^Subject: Cron <root@ 56{ LOCALTAG=yes } 57 58:0 59* ^From: Fail2Ban <fail2ban@ 60* ^Subject: \[Fail2Ban\] 61{ LOCALTAG=yes } 62 63:0 64* LOCALTAG ?? ^yes$ 65{ 66 SBLOGFLAGS="ALWAYS 1 PASS" 67 SBLOG="Server Administration" 68 INCLUDERC=${SBDIR}/functions/loglevel.rc 69 70 :0 71 { 72 DAEMONTAG=yes 73 ADMINTAG=yes 74 } 75} 76 77# Identify bulk email that admits it is bulk :) 78:0 79* H ?? (^Precedence: (Bulk|Junk|List)|\ 80 ^Resent-(By|From|To|Sender):|\ 81 ^List-[0-9a-z]*:|\ 82 ^X-ListName:|\ 83 ^X-Listprocessor|\ 84 ^X-Listserver:|\ 85 ^X-Lyris-(To|MemberID|MessageID):|\ 86 ^Received:.*majordom) 87{ 88 SBLOGFLAGS="ALWAYS 1 NOTE" 89 SBLOG="Bulk Email (Listserv/Resent/Precedence)" 90 INCLUDERC=${SBDIR}/functions/loglevel.rc 91 92 :0 93 { BULKTAG=yes } 94} 95 96:0 97* SBCONFIG ?? ^(Analyze|Debug)$ 98{ LOCALTAG=no } 99 100# Start of "else" wrapper so MAILER-DAEMON stuff is skipped over 101:0 102* DAEMONTAG ?? ^no$ 103* LOCALTAG ?? ^no$ 104{ 105 106# CHECK CONNECTING IP AND DOMAIN AGAINST CONFIGURED BLOCKLISTS 107# 108# This recipe checks connecting IPs and domains of the connecting hosts found 109# in rDNS against those blocklists that you have configured for this 110# purpose. 111 112INCLUDERC=${SBDIR}/sb-blocklists-connecting.rc 113 114# Test to see if Spam Threshold has been reached 115# 116INCLUDERC=${SBDIR}/functions/test-threshold.rc 117 118:0 119* SBCONFIG ?? ^(Analyze|Debug)$ 120{ SPAMTAG=no } 121 122# CHECK OTHER HEADER IPS AND DOMAINS AGAINST CONFIGURED BLOCKLISTS 123# 124# This recipe checks those blocklists you have configured the 125# SpamBouncer to use on message body headers. By default, the 126# SpamBouncer checks the SpamHaus blocklists, Spamcop, the PSBL, 127# and some of the NJABL lists unless you have explicitly turned 128# those lists off. You must enable any other lists you want to 129# use. 130 131:0 132* SPAMTAG ?? ^no$ 133{ 134 INCLUDERC=${SBDIR}/sb-blocklists-headers.rc 135} 136 137# Test to see if Spam Threshold has been reached 138# 139INCLUDERC=${SBDIR}/functions/test-threshold.rc 140 141:0 142* SBCONFIG ?? ^(Analyze|Debug)$ 143{ SPAMTAG=no } 144 145# If header checks don't designate something as spam, extracts 146# message body information and checks it. Start of header checks 147# else wrapper. 148 149:0 150* LOCALTAG ?? no 151{ 152 INCLUDERC=${SBDIR}/sb6.rc 153} 154# End of :0 wrapper around Header checks 155 156} 157# End of :0 E wrapper around MAILER-DAEMON 158