1# SB-BLOCKLISTS.RC 2# 3# SpamBouncer Blocklist Checks 4# 5# This series of recipes checks various IPs and/or domains associated with 6# a particular email message against assorted blacklists. 7LOCALTAG=no 8 9 10# XBL (Exploits BlockList) Check 11# 12# Originally a SpamHaus clone of the CBL (Composite BlockList) at 13# cbl.abuseat.org, now contains the data from the NJABL Open Proxies list 14# and may contain information from other sources of open proxies, 15# exploited and trojaned machines. 16# 17:0 18* XBLCHECK ?? yes 19* ! CBLCHECK ?? yes 20* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 21{ 22 LOCALDESCRIPTION="Received IP:" 23 LOCALCHECK=${FIRSTEXIP} 24 LOCALREVCHECK=${FIRSTEXREVIP} 25 RDNSSERVER="xbl.spamhaus.org" 26 RDNSNAME1="the XBL" 27 RDNSRESPONSE1="127\.0\.0\.4" 28 RDNSSCORE1="10" 29 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 30} 31 32INCLUDERC=${SBDIR}/functions/test-threshold.rc 33 34:0 35* ! SBCONFIG ?? Debug 36* SPAMTAG ?? yes 37{ LOCALTAG=yes } 38 39:0 40* XBLCHECK ?? yes 41* ! CBLCHECK ?? yes 42* ! SECONDEXIP ?? ^000\.000\.000\.000$ 43* $ ! SECONDEXIP ?? ${FIRSTEXIP} 44{ 45 LOCALDESCRIPTION="Received IP:" 46 LOCALCHECK=${SECONDEXIP} 47 LOCALREVCHECK=${SECONDEXREVIP} 48 RDNSSERVER="xbl.spamhaus.org" 49 RDNSNAME1="the XBL" 50 RDNSRESPONSE1="127\.0\.0\.4" 51 RDNSSCORE1="5" 52 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 53} 54 55INCLUDERC=${SBDIR}/functions/test-threshold.rc 56 57:0 58* ! SBCONFIG ?? Debug 59* SPAMTAG ?? yes 60{ LOCALTAG=yes } 61 62:0 63* XBLCHECK ?? yes 64* ! CBLCHECK ?? yes 65* ! THIRDEXIP ?? 000.000.000.000 66* $ ! THIRDEXIP ?? ${FIRSTEXIP} 67* $ ! THIRDEXIP ?? ${SECONDEXIP} 68{ 69 LOCALDESCRIPTION="Received IP:" 70 LOCALCHECK=${THIRDEXIP} 71 LOCALREVCHECK=${THIRDEXREVIP} 72 RDNSSERVER="xbl.spamhaus.org" 73 RDNSNAME1="the XBL" 74 RDNSRESPONSE1="127\.0\.0\.4" 75 RDNSSCORE1="5" 76 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 77} 78 79INCLUDERC=${SBDIR}/functions/test-threshold.rc 80 81:0 82* ! SBCONFIG ?? Debug 83* SPAMTAG ?? yes 84{ LOCALTAG=yes } 85 86:0 87* XBLCHECK ?? yes 88* ! CBLCHECK ?? yes 89* ! FOURTHEXIP ?? 000.000.000.000 90* $ ! FOURTHEXIP ?? ${FIRSTEXIP} 91* $ ! FOURTHEXIP ?? ${SECONDEXIP} 92* $ ! FOURTHEXIP ?? ${THIRDEXIP} 93{ 94 LOCALDESCRIPTION="Received IP:" 95 LOCALCHECK=${FOURTHEXIP} 96 LOCALREVCHECK=${FOURTHEXREVIP} 97 RDNSSERVER="xbl.spamhaus.org" 98 RDNSNAME1="the XBL" 99 RDNSRESPONSE1="127\.0\.0\.4" 100 RDNSSCORE1="5" 101 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 102} 103 104INCLUDERC=${SBDIR}/functions/test-threshold.rc 105 106:0 107* ! SBCONFIG ?? Debug 108* SPAMTAG ?? yes 109{ LOCALTAG=yes } 110 111:0 112* XBLCHECK ?? yes 113* ! CBLCHECK ?? yes 114* ! XORIGINALIP ?? 000.000.000.000 115* $ ! XORIGINALIP ?? ${FIRSTEXIP} 116* $ ! XORIGINALIP ?? ${SECONDEXIP} 117* $ ! XORIGINALIP ?? ${THIRDEXIP} 118* $ ! XORIGINALIP ?? ${FOURTHEXIP} 119{ 120 LOCALDESCRIPTION="X-Original-IP:" 121 LOCALCHECK=${XORIGINALIP} 122 LOCALREVCHECK=${XORIGINALREVIP} 123 RDNSSERVER="xbl.spamhaus.org" 124 RDNSNAME1="the XBL" 125 RDNSRESPONSE1="127\.0\.0\.4" 126 RDNSSCORE1="5" 127 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 128} 129 130INCLUDERC=${SBDIR}/functions/test-threshold.rc 131 132:0 133* ! SBCONFIG ?? Debug 134* SPAMTAG ?? yes 135{ LOCALTAG=yes } 136 137# Check Body IPs, if any. 138:0 139* XBLCHECK ?? yes 140* ! FIRSTBODYIP ?? ^000\.000\.000\.000$ 141{ 142 LOCALDESCRIPTION="Body IP:" 143 LOCALCHECK=${FIRSTBODYIP} 144 LOCALREVCHECK=${FIRSTBODYREVIP} 145 RDNSSERVER="xbl.spamhaus.org" 146 RDNSNAME1="the XBL" 147 RDNSRESPONSE1="127\.0\.0\.4" 148 RDNSSCORE1="5" 149 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 150} 151 152INCLUDERC=${SBDIR}/functions/test-threshold.rc 153 154:0 155* ! SBCONFIG ?? Debug 156* SPAMTAG ?? yes 157{ LOCALTAG=yes } 158 159:0 160* XBLCHECK ?? yes 161* ! SECONDBODYIP ?? ^000\.000\.000\.000$ 162* $ ! SECONDBODYIP ?? ${FIRSTBODYIP} 163{ 164 LOCALDESCRIPTION="Body IP:" 165 LOCALCHECK=${SECONDBODYIP} 166 LOCALREVCHECK=${SECONDBODYREVIP} 167 RDNSSERVER="xbl.spamhaus.org" 168 RDNSNAME1="the XBL" 169 RDNSRESPONSE1="127\.0\.0\.4" 170 RDNSSCORE1="5" 171 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 172} 173 174INCLUDERC=${SBDIR}/functions/test-threshold.rc 175 176:0 177* ! SBCONFIG ?? Debug 178* SPAMTAG ?? yes 179{ LOCALTAG=yes } 180 181:0 182* XBLCHECK ?? yes 183* ! THIRDBODYIP ?? ^000\.000\.000\.000$ 184* $ ! THIRDBODYIP ?? ${FIRSTBODYIP} 185* $ ! THIRDBODYIP ?? ${SECONDBODYIP} 186{ 187 LOCALDESCRIPTION="Body IP:" 188 LOCALCHECK=${THIRDBODYIP} 189 LOCALREVCHECK=${THIRDBODYREVIP} 190 RDNSSERVER="xbl.spamhaus.org" 191 RDNSNAME1="the XBL" 192 RDNSRESPONSE1="127\.0\.0\.4" 193 RDNSSCORE1="5" 194 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 195} 196 197INCLUDERC=${SBDIR}/functions/test-threshold.rc 198 199:0 200* ! SBCONFIG ?? Debug 201* SPAMTAG ?? yes 202{ LOCALTAG=yes } 203 204:0 205* XBLCHECK ?? yes 206* ! FOURTHBODYIP ?? ^000\.000\.000\.000$ 207* $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} 208* $ ! FOURTHBODYIP ?? ${SECONDBODYIP} 209* $ ! FOURTHBODYIP ?? ${THIRDBODYIP} 210{ 211 LOCALDESCRIPTION="Body IP:" 212 LOCALCHECK=${FOURTHBODYIP} 213 LOCALREVCHECK=${FOURTHBODYREVIP} 214 RDNSSERVER="xbl.spamhaus.org" 215 RDNSNAME1="the XBL" 216 RDNSRESPONSE1="127\.0\.0\.4" 217 RDNSSCORE1="5" 218 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 219} 220 221INCLUDERC=${SBDIR}/functions/test-threshold.rc 222 223:0 224* ! SBCONFIG ?? Debug 225* SPAMTAG ?? yes 226{ LOCALTAG=yes } 227 228:0 229* XBLCHECK ?? yes 230* ! FIFTHBODYIP ?? 000\.000\.000\.000 231* $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} 232* $ ! FIFTHBODYIP ?? ${SECONDBODYIP} 233* $ ! FIFTHBODYIP ?? ${THIRDBODYIP} 234* $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} 235{ 236 LOCALDESCRIPTION="Body IP:" 237 LOCALCHECK=${FIFTHBODYIP} 238 LOCALREVCHECK=${FIFTHBODYREVIP} 239 RDNSSERVER="xbl.spamhaus.org" 240 RDNSNAME1="the XBL" 241 RDNSRESPONSE1="127\.0\.0\.4" 242 RDNSSCORE1="5" 243 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 244} 245 246INCLUDERC=${SBDIR}/functions/test-threshold.rc 247 248:0 249* ! SBCONFIG ?? Debug 250* SPAMTAG ?? yes 251{ LOCALTAG=yes } 252 253:0 254* XBLCHECK ?? yes 255* ! SIXTHBODYIP ?? 000\.000\.000\.000 256* $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} 257* $ ! SIXTHBODYIP ?? ${SECONDBODYIP} 258* $ ! SIXTHBODYIP ?? ${THIRDBODYIP} 259* $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} 260* $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} 261{ 262 LOCALDESCRIPTION="Body IP:" 263 LOCALCHECK=${SIXTHBODYIP} 264 LOCALREVCHECK=${SIXTHBODYREVIP} 265 RDNSSERVER="xbl.spamhaus.org" 266 RDNSNAME1="the XBL" 267 RDNSRESPONSE1="127\.0\.0\.4" 268 RDNSSCORE1="5" 269 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 270} 271 272INCLUDERC=${SBDIR}/functions/test-threshold.rc 273 274:0 275* ! SBCONFIG ?? Debug 276* SPAMTAG ?? yes 277{ LOCALTAG=yes } 278 279# Check IPs of message body hosts, if any. 280:0 281* XBLCHECK ?? yes 282* ! FIRSTBODYHOSTIP ?? 000\.000\.000\.000 283{ 284 LOCALDESCRIPTION="Body Host:" 285 LOCALDESCRIPTION2="IP:" 286 LOCALHOST=${FIRSTBODYHOST} 287 LOCALCHECK=${FIRSTBODYHOSTIP} 288 LOCALREVCHECK=${FIRSTBODYHOSTREVIP} 289 RDNSSERVER="xbl.spamhaus.org" 290 RDNSNAME1="the XBL" 291 RDNSRESPONSE1="127\.0\.0\.4" 292 RDNSSCORE1="5" 293 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 294} 295 296INCLUDERC=${SBDIR}/functions/test-threshold.rc 297 298:0 299* ! SBCONFIG ?? Debug 300* SPAMTAG ?? yes 301{ LOCALTAG=yes } 302 303:0 304* XBLCHECK ?? yes 305* ! SECONDBODYHOSTIP ?? 000\.000\.000\.000 306* $ ! SECONDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 307{ 308 LOCALDESCRIPTION="Body Host:" 309 LOCALDESCRIPTION2="IP:" 310 LOCALHOST=${SECONDBODYHOST} 311 LOCALCHECK=${SECONDBODYHOSTIP} 312 LOCALREVCHECK=${SECONDBODYHOSTREVIP} 313 RDNSSERVER="xbl.spamhaus.org" 314 RDNSNAME1="the XBL" 315 RDNSRESPONSE1="127\.0\.0\.4" 316 RDNSSCORE1="5" 317 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 318} 319 320INCLUDERC=${SBDIR}/functions/test-threshold.rc 321 322:0 323* ! SBCONFIG ?? Debug 324* SPAMTAG ?? yes 325{ LOCALTAG=yes } 326 327:0 328* XBLCHECK ?? yes 329* ! THIRDBODYHOSTIP ?? 000\.000\.000\.000 330* $ ! THIRDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 331* $ ! THIRDBODYHOSTIP ?? ${SECONDBODYHOSTIP} 332{ 333 LOCALDESCRIPTION="Body Host:" 334 LOCALDESCRIPTION2="IP:" 335 LOCALHOST=${THIRDBODYHOST} 336 LOCALCHECK=${THIRDBODYHOSTIP} 337 LOCALREVCHECK=${THIRDBODYHOSTREVIP} 338 RDNSSERVER="xbl.spamhaus.org" 339 RDNSNAME1="the XBL" 340 RDNSRESPONSE1="127\.0\.0\.4" 341 RDNSSCORE1="5" 342 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 343} 344 345INCLUDERC=${SBDIR}/functions/test-threshold.rc 346 347:0 348* ! SBCONFIG ?? Debug 349* SPAMTAG ?? yes 350{ LOCALTAG=yes } 351 352:0 353* XBLCHECK ?? yes 354* ! FOURTHBODYHOSTIP ?? 000\.000\.000\.000 355* $ ! FOURTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 356* $ ! FOURTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 357* $ ! FOURTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 358{ 359 LOCALDESCRIPTION="Body Host:" 360 LOCALDESCRIPTION2="IP:" 361 LOCALHOST=${FOURTHBODYHOST} 362 LOCALCHECK=${FOURTHBODYHOSTIP} 363 LOCALREVCHECK=${FOURTHBODYHOSTREVIP} 364 RDNSSERVER="xbl.spamhaus.org" 365 RDNSNAME1="the XBL" 366 RDNSRESPONSE1="127\.0\.0\.4" 367 RDNSSCORE1="5" 368 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 369} 370 371INCLUDERC=${SBDIR}/functions/test-threshold.rc 372 373:0 374* ! SBCONFIG ?? Debug 375* SPAMTAG ?? yes 376{ LOCALTAG=yes } 377 378:0 379* XBLCHECK ?? yes 380* ! FIFTHBODYHOSTIP ?? 000\.000\.000\.000 381* $ ! FIFTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 382* $ ! FIFTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 383* $ ! FIFTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 384* $ ! FIFTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 385{ 386 LOCALDESCRIPTION="Body Host:" 387 LOCALDESCRIPTION2="IP:" 388 LOCALHOST=${FIFTHBODYHOST} 389 LOCALCHECK=${FIFTHBODYHOSTIP} 390 LOCALREVCHECK=${FIFTHBODYHOSTREVIP} 391 RDNSSERVER="xbl.spamhaus.org" 392 RDNSNAME1="the XBL" 393 RDNSRESPONSE1="127\.0\.0\.4" 394 RDNSSCORE1="5" 395 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 396} 397 398INCLUDERC=${SBDIR}/functions/test-threshold.rc 399 400:0 401* ! SBCONFIG ?? Debug 402* SPAMTAG ?? yes 403{ LOCALTAG=yes } 404 405:0 406* XBLCHECK ?? yes 407* ! SIXTHBODYHOSTIP ?? 000\.000\.000\.000 408* $ ! SIXTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 409* $ ! SIXTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 410* $ ! SIXTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 411* $ ! SIXTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 412* $ ! SIXTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} 413{ 414 LOCALDESCRIPTION="Body Host:" 415 LOCALDESCRIPTION2="IP:" 416 LOCALHOST=${SIXTHBODYHOST} 417 LOCALCHECK=${SIXTHBODYHOSTIP} 418 LOCALREVCHECK=${SIXTHBODYHOSTREVIP} 419 RDNSSERVER="xbl.spamhaus.org" 420 RDNSNAME1="the XBL" 421 RDNSRESPONSE1="127\.0\.0\.4" 422 RDNSSCORE1="5" 423 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 424} 425 426INCLUDERC=${SBDIR}/functions/test-threshold.rc 427 428:0 429* ! SBCONFIG ?? Debug 430* SPAMTAG ?? yes 431{ LOCALTAG=yes } 432 433:0 434* XBLCHECK ?? yes 435* ! SEVENTHBODYHOSTIP ?? 000\.000\.000\.000 436* $ ! SEVENTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 437* $ ! SEVENTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 438* $ ! SEVENTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 439* $ ! SEVENTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 440* $ ! SEVENTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} 441* $ ! SEVENTHBODYHOSTIP ?? ${SIXTHBODYHOSTIP} 442{ 443 LOCALDESCRIPTION="Body Host:" 444 LOCALDESCRIPTION2="IP:" 445 LOCALHOST=${SEVENTHBODYHOST} 446 LOCALCHECK=${SEVENTHBODYHOSTIP} 447 LOCALREVCHECK=${SEVENTHBODYHOSTREVIP} 448 RDNSSERVER="xbl.spamhaus.org" 449 RDNSNAME1="the XBL" 450 RDNSRESPONSE1="127\.0\.0\.4" 451 RDNSSCORE1="5" 452 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 453} 454 455INCLUDERC=${SBDIR}/functions/test-threshold.rc 456 457:0 458* ! SBCONFIG ?? Debug 459* SPAMTAG ?? yes 460{ LOCALTAG=yes } 461 462 463# CBL (Composite BlockList) Check 464# 465# The CBL checks for a range of things, but excels primarily in 466# catching compromised or trojaned systems that spew open proxy 467# spam. I've seen almost no false positives from using this 468# list. The folks at SpamHaus.org were so impressed that they 469# created the SpamHaus XBL as a mirror of the CBL. 470# 471:0 472* CBLCHECK ?? yes 473* XBLCHECK ?? no 474* ! FIRSTEXIP ?? ^000.000.000.000$ 475{ 476 LOCALDESCRIPTION="Received IP:" 477 LOCALCHECK=${FIRSTEXIP} 478 LOCALREVCHECK=${FIRSTEXREVIP} 479 RDNSSERVER="cbl.abuseat.org" 480 RDNSNAME1="the CBL" 481 RDNSRESPONSE1="127\.0\.0\.2" 482 RDNSSCORE1="10" 483 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 484} 485 486INCLUDERC=${SBDIR}/functions/test-threshold.rc 487 488:0 489* ! SBCONFIG ?? Debug 490* SPAMTAG ?? yes 491{ LOCALTAG=yes } 492 493:0 494* CBLCHECK ?? yes 495* XBLCHECK ?? no 496* ! SECONDEXIP ?? ^000.000.000.000$ 497* $ ! SECONDEXIP ?? ${FIRSTEXIP} 498{ 499 LOCALDESCRIPTION="Received IP:" 500 LOCALCHECK=${SECONDEXIP} 501 LOCALREVCHECK=${SECONDEXREVIP} 502 RDNSSERVER="cbl.abuseat.org" 503 RDNSNAME1="the CBL" 504 RDNSRESPONSE1="127\.0\.0\.2" 505 RDNSSCORE1="5" 506 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 507} 508 509INCLUDERC=${SBDIR}/functions/test-threshold.rc 510 511:0 512* ! SBCONFIG ?? Debug 513* SPAMTAG ?? yes 514{ LOCALTAG=yes } 515 516:0 517* CBLCHECK ?? yes 518* XBLCHECK ?? no 519* ! THIRDEXIP ?? ^000.000.000.000$ 520* $ ! THIRDEXIP ?? ${FIRSTEXIP} 521* $ ! THIRDEXIP ?? ${SECONDEXIP} 522{ 523 LOCALDESCRIPTION="Received IP:" 524 LOCALCHECK=${THIRDEXIP} 525 LOCALREVCHECK=${THIRDEXREVIP} 526 RDNSSERVER="cbl.abuseat.org" 527 RDNSNAME1="the CBL" 528 RDNSRESPONSE1="127\.0\.0\.2" 529 RDNSSCORE1="5" 530 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 531} 532 533INCLUDERC=${SBDIR}/functions/test-threshold.rc 534 535:0 536* ! SBCONFIG ?? Debug 537* SPAMTAG ?? yes 538{ LOCALTAG=yes } 539 540:0 541* CBLCHECK ?? yes 542* XBLCHECK ?? no 543* ! FOURTHEXIP ?? ^000.000.000.000$ 544* $ ! FOURTHEXIP ?? ${FIRSTEXIP} 545* $ ! FOURTHEXIP ?? ${SECONDEXIP} 546* $ ! FOURTHEXIP ?? ${THIRDEXIP} 547{ 548 LOCALDESCRIPTION="Received IP:" 549 LOCALCHECK=${FOURTHEXIP} 550 LOCALREVCHECK=${FOURTHEXREVIP} 551 RDNSSERVER="cbl.abuseat.org" 552 RDNSNAME1="the CBL" 553 RDNSRESPONSE1="127\.0\.0\.2" 554 RDNSSCORE1="5" 555 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 556} 557 558INCLUDERC=${SBDIR}/functions/test-threshold.rc 559 560:0 561* ! SBCONFIG ?? Debug 562* SPAMTAG ?? yes 563{ LOCALTAG=yes } 564 565:0 566* CBLCHECK ?? yes 567* XBLCHECK ?? no 568* ! XORIGINALIP ?? ^000.000.000.000$ 569* $ ! XORIGINALIP ?? ${FIRSTEXIP} 570* $ ! XORIGINALIP ?? ${SECONDEXIP} 571* $ ! XORIGINALIP ?? ${THIRDEXIP} 572* $ ! XORIGINALIP ?? ${FOURTHEXIP} 573{ 574 LOCALDESCRIPTION="X-Original-IP:" 575 LOCALCHECK=${XORIGINALIP} 576 LOCALREVCHECK=${XORIGINALREVIP} 577 RDNSSERVER="cbl.abuseat.org" 578 RDNSNAME1="the CBL" 579 RDNSRESPONSE1="127\.0\.0\.2" 580 RDNSSCORE1="5" 581 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 582} 583 584INCLUDERC=${SBDIR}/functions/test-threshold.rc 585 586:0 587* ! SBCONFIG ?? Debug 588* SPAMTAG ?? yes 589{ LOCALTAG=yes } 590 591# Check Body IPs, if any. 592:0 593* CBLCHECK ?? yes 594* XBLCHECK ?? no 595* ! FIRSTBODYIP ?? 000\.000\.000\.000 596{ 597 LOCALDESCRIPTION="Body IP:" 598 LOCALCHECK=${FIRSTBODYIP} 599 LOCALREVCHECK=${FIRSTBODYREVIP} 600 RDNSSERVER="cbl.abuseat.org" 601 RDNSNAME1="the CBL" 602 RDNSRESPONSE1="127\.0\.0\.2" 603 RDNSSCORE1="5" 604 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 605} 606 607INCLUDERC=${SBDIR}/functions/test-threshold.rc 608 609:0 610* ! SBCONFIG ?? Debug 611* SPAMTAG ?? yes 612{ LOCALTAG=yes } 613 614:0 615* CBLCHECK ?? yes 616* XBLCHECK ?? no 617* ! SECONDBODYIP ?? 000\.000\.000\.000 618* $ ! SECONDBODYIP ?? ${FIRSTBODYIP} 619{ 620 LOCALDESCRIPTION="Body IP:" 621 LOCALCHECK=${SECONDBODYIP} 622 LOCALREVCHECK=${SECONDBODYREVIP} 623 RDNSSERVER="cbl.abuseat.org" 624 RDNSNAME1="the CBL" 625 RDNSRESPONSE1="127\.0\.0\.2" 626 RDNSSCORE1="5" 627 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 628} 629 630INCLUDERC=${SBDIR}/functions/test-threshold.rc 631 632:0 633* ! SBCONFIG ?? Debug 634* SPAMTAG ?? yes 635{ LOCALTAG=yes } 636 637:0 638* CBLCHECK ?? yes 639* XBLCHECK ?? no 640* ! THIRDBODYIP ?? 000\.000\.000\.000 641* $ ! THIRDBODYIP ?? ${FIRSTBODYIP} 642* $ ! THIRDBODYIP ?? ${SECONDBODYIP} 643{ 644 LOCALDESCRIPTION="Body IP:" 645 LOCALCHECK=${THIRDBODYIP} 646 LOCALREVCHECK=${THIRDBODYREVIP} 647 RDNSSERVER="cbl.abuseat.org" 648 RDNSNAME1="the CBL" 649 RDNSRESPONSE1="127\.0\.0\.2" 650 RDNSSCORE1="5" 651 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 652} 653 654INCLUDERC=${SBDIR}/functions/test-threshold.rc 655 656:0 657* ! SBCONFIG ?? Debug 658* SPAMTAG ?? yes 659{ LOCALTAG=yes } 660 661:0 662* CBLCHECK ?? yes 663* XBLCHECK ?? no 664* ! FOURTHBODYIP ?? 000\.000\.000\.000 665* $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} 666* $ ! FOURTHBODYIP ?? ${SECONDBODYIP} 667* $ ! FOURTHBODYIP ?? ${THIRDBODYIP} 668{ 669 LOCALDESCRIPTION="Body IP:" 670 LOCALCHECK=${FOURTHBODYIP} 671 LOCALREVCHECK=${FOURTHBODYREVIP} 672 RDNSSERVER="cbl.abuseat.org" 673 RDNSNAME1="the CBL" 674 RDNSRESPONSE1="127\.0\.0\.2" 675 RDNSSCORE1="5" 676 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 677} 678 679INCLUDERC=${SBDIR}/functions/test-threshold.rc 680 681:0 682* ! SBCONFIG ?? Debug 683* SPAMTAG ?? yes 684{ LOCALTAG=yes } 685 686:0 687* CBLCHECK ?? yes 688* XBLCHECK ?? no 689* ! FIFTHBODYIP ?? 000\.000\.000\.000 690* $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} 691* $ ! FIFTHBODYIP ?? ${SECONDBODYIP} 692* $ ! FIFTHBODYIP ?? ${THIRDBODYIP} 693* $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} 694{ 695 LOCALDESCRIPTION="Body IP:" 696 LOCALCHECK=${FIFTHBODYIP} 697 LOCALREVCHECK=${FIFTHBODYREVIP} 698 RDNSSERVER="cbl.abuseat.org" 699 RDNSNAME1="the CBL" 700 RDNSRESPONSE1="127\.0\.0\.2" 701 RDNSSCORE1="5" 702 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 703} 704 705INCLUDERC=${SBDIR}/functions/test-threshold.rc 706 707:0 708* ! SBCONFIG ?? Debug 709* SPAMTAG ?? yes 710{ LOCALTAG=yes } 711 712:0 713* CBLCHECK ?? yes 714* XBLCHECK ?? no 715* ! SIXTHBODYIP ?? 000\.000\.000\.000 716* $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} 717* $ ! SIXTHBODYIP ?? ${SECONDBODYIP} 718* $ ! SIXTHBODYIP ?? ${THIRDBODYIP} 719* $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} 720* $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} 721{ 722 LOCALDESCRIPTION="Body IP:" 723 LOCALCHECK=${SIXTHBODYIP} 724 LOCALREVCHECK=${SIXTHBODYREVIP} 725 RDNSSERVER="cbl.abuseat.org" 726 RDNSNAME1="the CBL" 727 RDNSRESPONSE1="127\.0\.0\.2" 728 RDNSSCORE1="5" 729 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 730} 731 732INCLUDERC=${SBDIR}/functions/test-threshold.rc 733 734:0 735* ! SBCONFIG ?? Debug 736* SPAMTAG ?? yes 737{ LOCALTAG=yes } 738 739# Check IPs of message body hosts, if any. 740:0 741* CBLCHECK ?? yes 742* XBLCHECK ?? no 743* ! FIRSTBODYHOSTIP ?? 000\.000\.000\.000 744{ 745 LOCALDESCRIPTION="Body Host:" 746 LOCALDESCRIPTION2="IP:" 747 LOCALHOST=${FIRSTBODYHOST} 748 LOCALCHECK=${FIRSTBODYHOSTIP} 749 LOCALREVCHECK=${FIRSTBODYHOSTREVIP} 750 RDNSSERVER="cbl.abuseat.org" 751 RDNSNAME1="the CBL" 752 RDNSRESPONSE1="127\.0\.0\.2" 753 RDNSSCORE1="5" 754 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 755} 756 757INCLUDERC=${SBDIR}/functions/test-threshold.rc 758 759:0 760* ! SBCONFIG ?? Debug 761* SPAMTAG ?? yes 762{ LOCALTAG=yes } 763 764:0 765* CBLCHECK ?? yes 766* XBLCHECK ?? no 767* ! SECONDBODYHOSTIP ?? 000\.000\.000\.000 768* $ ! SECONDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 769{ 770 LOCALDESCRIPTION="Body Host:" 771 LOCALDESCRIPTION2="IP:" 772 LOCALHOST=${SECONDBODYHOST} 773 LOCALCHECK=${SECONDBODYHOSTIP} 774 LOCALREVCHECK=${SECONDBODYHOSTREVIP} 775 RDNSSERVER="cbl.abuseat.org" 776 RDNSNAME1="the CBL" 777 RDNSRESPONSE1="127\.0\.0\.2" 778 RDNSSCORE1="5" 779 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 780} 781 782INCLUDERC=${SBDIR}/functions/test-threshold.rc 783 784:0 785* ! SBCONFIG ?? Debug 786* SPAMTAG ?? yes 787{ LOCALTAG=yes } 788 789:0 790* CBLCHECK ?? yes 791* XBLCHECK ?? no 792* ! THIRDBODYHOSTIP ?? 000\.000\.000\.000 793* $ ! THIRDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 794* $ ! THIRDBODYHOSTIP ?? ${SECONDBODYHOSTIP} 795{ 796 LOCALDESCRIPTION="Body Host:" 797 LOCALDESCRIPTION2="IP:" 798 LOCALHOST=${THIRDBODYHOST} 799 LOCALCHECK=${THIRDBODYHOSTIP} 800 LOCALREVCHECK=${THIRDBODYHOSTREVIP} 801 RDNSSERVER="cbl.abuseat.org" 802 RDNSNAME1="the CBL" 803 RDNSRESPONSE1="127\.0\.0\.2" 804 RDNSSCORE1="5" 805 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 806} 807 808INCLUDERC=${SBDIR}/functions/test-threshold.rc 809 810:0 811* ! SBCONFIG ?? Debug 812* SPAMTAG ?? yes 813{ LOCALTAG=yes } 814 815:0 816* CBLCHECK ?? yes 817* XBLCHECK ?? no 818* ! FOURTHBODYHOSTIP ?? 000\.000\.000\.000 819* $ ! FOURTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 820* $ ! FOURTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 821* $ ! FOURTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 822{ 823 LOCALDESCRIPTION="Body Host:" 824 LOCALDESCRIPTION2="IP:" 825 LOCALHOST=${FOURTHBODYHOST} 826 LOCALCHECK=${FOURTHBODYHOSTIP} 827 LOCALREVCHECK=${FOURTHBODYHOSTREVIP} 828 RDNSSERVER="cbl.abuseat.org" 829 RDNSNAME1="the CBL" 830 RDNSRESPONSE1="127\.0\.0\.2" 831 RDNSSCORE1="5" 832 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 833} 834 835INCLUDERC=${SBDIR}/functions/test-threshold.rc 836 837:0 838* ! SBCONFIG ?? Debug 839* SPAMTAG ?? yes 840{ LOCALTAG=yes } 841 842:0 843* CBLCHECK ?? yes 844* XBLCHECK ?? no 845* ! FIFTHBODYHOSTIP ?? 000\.000\.000\.000 846* $ ! FIFTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 847* $ ! FIFTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 848* $ ! FIFTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 849* $ ! FIFTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 850{ 851 LOCALDESCRIPTION="Body Host:" 852 LOCALDESCRIPTION2="IP:" 853 LOCALHOST=${FIFTHBODYHOST} 854 LOCALCHECK=${FIFTHBODYHOSTIP} 855 LOCALREVCHECK=${FIFTHBODYHOSTREVIP} 856 RDNSSERVER="cbl.abuseat.org" 857 RDNSNAME1="the CBL" 858 RDNSRESPONSE1="127\.0\.0\.2" 859 RDNSSCORE1="5" 860 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 861} 862 863INCLUDERC=${SBDIR}/functions/test-threshold.rc 864 865:0 866* ! SBCONFIG ?? Debug 867* SPAMTAG ?? yes 868{ LOCALTAG=yes } 869 870:0 871* CBLCHECK ?? yes 872* XBLCHECK ?? no 873* ! SIXTHBODYHOSTIP ?? 000\.000\.000\.000 874* $ ! SIXTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 875* $ ! SIXTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 876* $ ! SIXTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 877* $ ! SIXTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 878* $ ! SIXTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} 879{ 880 LOCALDESCRIPTION="Body Host:" 881 LOCALDESCRIPTION2="IP:" 882 LOCALHOST=${SIXTHBODYHOST} 883 LOCALCHECK=${SIXTHBODYHOSTIP} 884 LOCALREVCHECK=${SIXTHBODYHOSTREVIP} 885 RDNSSERVER="cbl.abuseat.org" 886 RDNSNAME1="the CBL" 887 RDNSRESPONSE1="127\.0\.0\.2" 888 RDNSSCORE1="5" 889 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 890} 891 892INCLUDERC=${SBDIR}/functions/test-threshold.rc 893 894:0 895* ! SBCONFIG ?? Debug 896* SPAMTAG ?? yes 897{ LOCALTAG=yes } 898 899:0 900* CBLCHECK ?? yes 901* XBLCHECK ?? no 902* ! SEVENTHBODYHOSTIP ?? 000\.000\.000\.000 903* $ ! SEVENTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 904* $ ! SEVENTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 905* $ ! SEVENTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 906* $ ! SEVENTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 907* $ ! SEVENTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} 908* $ ! SEVENTHBODYHOSTIP ?? ${SIXTHBODYHOSTIP} 909{ 910 LOCALDESCRIPTION="Body Host:" 911 LOCALDESCRIPTION2="IP:" 912 LOCALHOST=${SEVENTHBODYHOST} 913 LOCALCHECK=${SEVENTHBODYHOSTIP} 914 LOCALREVCHECK=${SEVENTHBODYHOSTREVIP} 915 RDNSSERVER="cbl.abuseat.org" 916 RDNSNAME1="the CBL" 917 RDNSRESPONSE1="127\.0\.0\.2" 918 RDNSSCORE1="5" 919 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 920} 921 922INCLUDERC=${SBDIR}/functions/test-threshold.rc 923 924:0 925* ! SBCONFIG ?? Debug 926* SPAMTAG ?? yes 927{ LOCALTAG=yes } 928 929 930# PBL (Policy Blocklist) Check 931# 932# A blocklist containing IPs that should never be used to send 933# email. SpamBouncer can extrapolate this to include IPs that should 934# also never host web sites/appear in URLs. These IPs are mostly 935# maintained, not by SpamHaus itself, but by the ISPs. The PBL replaces 936# the NJABL dial-up/dynamic IPs list and the MAPS DUL. 937# 938:0 939* PBLCHECK ?? yes 940* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 941{ 942 LOCALDESCRIPTION="Received IP:" 943 LOCALCHECK=${FIRSTEXIP} 944 LOCALREVCHECK=${FIRSTEXREVIP} 945 RDNSSERVER="pbl.spamhaus.org" 946 RDNSNAME1="the PBL" 947 RDNSRESPONSE1="127\.0\.0\.1[0-1]" 948 RDNSSCORE1="10" 949 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 950} 951 952INCLUDERC=${SBDIR}/functions/test-threshold.rc 953 954:0 955* ! SBCONFIG ?? Debug 956* SPAMTAG ?? yes 957{ LOCALTAG=yes } 958 959 960# SpamHaus CSS Check 961# 962# The CSS is SpamHaus's new automated snowshoe catcher. It 963# appears to work well, and so is fully supported. 964# 965:0 966* CSSCHECK ?? yes 967* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 968{ 969 LOCALDESCRIPTION="Received IP:" 970 LOCALCHECK=${FIRSTEXIP} 971 LOCALREVCHECK=${FIRSTEXREVIP} 972 RDNSSERVER="sbl.spamhaus.org" 973 RDNSNAME1="the CSS" 974 RDNSRESPONSE1="127\.0\.0\.3" 975 RDNSSCORE1="10" 976 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 977} 978 979INCLUDERC=${SBDIR}/functions/test-threshold.rc 980 981:0 982* ! SBCONFIG ?? Debug 983* SPAMTAG ?? yes 984{ LOCALTAG=yes } 985 986:0 987* LOCALTAG ?? no$ 988* CSSCHECK ?? yes 989* ! SECONDEXIP ?? ^000\.000\.000\.000$ 990* $ ! SECONDEXIP ?? ${FIRSTEXIP} 991{ 992 LOCALDESCRIPTION="Received IP:" 993 LOCALCHECK=${SECONDEXIP} 994 LOCALREVCHECK=${SECONDEXREVIP} 995 RDNSSERVER="sbl.spamhaus.org" 996 RDNSNAME1="the CSS" 997 RDNSRESPONSE1="127\.0\.0\.3" 998 RDNSSCORE1="5" 999 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1000} 1001 1002INCLUDERC=${SBDIR}/functions/test-threshold.rc 1003 1004:0 1005* ! SBCONFIG ?? Debug 1006* SPAMTAG ?? yes 1007{ LOCALTAG=yes } 1008 1009:0 1010* LOCALTAG ?? no$ 1011* CSSCHECK ?? yes 1012* ! THIRDEXIP ?? ^000\.000\.000\.000$ 1013* $ ! THIRDEXIP ?? ${FIRSTEXIP} 1014* $ ! THIRDEXIP ?? ${SECONDEXIP} 1015{ 1016 LOCALDESCRIPTION="Received IP:" 1017 LOCALCHECK=${THIRDEXIP} 1018 LOCALREVCHECK=${THIRDEXREVIP} 1019 RDNSSERVER="sbl.spamhaus.org" 1020 RDNSNAME1="the CSS" 1021 RDNSRESPONSE1="127\.0\.0\.3" 1022 RDNSSCORE1="5" 1023 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1024} 1025 1026INCLUDERC=${SBDIR}/functions/test-threshold.rc 1027 1028:0 1029* ! SBCONFIG ?? Debug 1030* SPAMTAG ?? yes 1031{ LOCALTAG=yes } 1032 1033:0 1034* LOCALTAG ?? no$ 1035* CSSCHECK ?? yes 1036* ! FOURTHEXIP ?? ^000\.000\.000\.000$ 1037* $ ! FOURTHEXIP ?? ${FIRSTEXIP} 1038* $ ! FOURTHEXIP ?? ${SECONDEXIP} 1039* $ ! FOURTHEXIP ?? ${THIRDEXIP} 1040{ 1041 LOCALDESCRIPTION="Received IP:" 1042 LOCALCHECK=${FOURTHEXIP} 1043 LOCALREVCHECK=${FOURTHEXREVIP} 1044 RDNSSERVER="sbl.spamhaus.org" 1045 RDNSNAME1="the CSS" 1046 RDNSRESPONSE1="127\.0\.0\.3" 1047 RDNSSCORE1="5" 1048 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1049} 1050 1051INCLUDERC=${SBDIR}/functions/test-threshold.rc 1052 1053:0 1054* ! SBCONFIG ?? Debug 1055* SPAMTAG ?? yes 1056{ LOCALTAG=yes } 1057 1058:0 1059* LOCALTAG ?? no$ 1060* CSSCHECK ?? yes 1061* ! XORIGINALIP ?? ^000\.000\.000\.000$ 1062* $ ! XORIGINALIP ?? ${FIRSTEXIP} 1063* $ ! XORIGINALIP ?? ${SECONDEXIP} 1064* $ ! XORIGINALIP ?? ${THIRDEXIP} 1065* $ ! XORIGINALIP ?? ${FOURTHEXIP} 1066{ 1067 LOCALDESCRIPTION="X-Original-IP:" 1068 LOCALCHECK=${XORIGINALIP} 1069 LOCALREVCHECK=${XORIGINALREVIP} 1070 RDNSSERVER="sbl.spamhaus.org" 1071 RDNSNAME1="the CSS" 1072 RDNSRESPONSE1="127\.0\.0\.3" 1073 RDNSSCORE1="5" 1074 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1075} 1076 1077INCLUDERC=${SBDIR}/functions/test-threshold.rc 1078 1079:0 1080* ! SBCONFIG ?? Debug 1081* SPAMTAG ?? yes 1082{ LOCALTAG=yes } 1083 1084# Check Body IPs, if any. 1085:0 1086* LOCALTAG ?? no$ 1087* CSSCHECK ?? yes 1088* ! FIRSTBODYIP ?? ^000\.000\.000\.000$ 1089{ 1090 LOCALDESCRIPTION="Body IP:" 1091 LOCALCHECK=${FIRSTBODYIP} 1092 LOCALREVCHECK=${FIRSTBODYREVIP} 1093 RDNSSERVER="sbl.spamhaus.org" 1094 RDNSNAME1="the CSS" 1095 RDNSRESPONSE1="127\.0\.0\.3" 1096 RDNSSCORE1="5" 1097 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1098} 1099 1100INCLUDERC=${SBDIR}/functions/test-threshold.rc 1101 1102:0 1103* ! SBCONFIG ?? Debug 1104* SPAMTAG ?? yes 1105{ LOCALTAG=yes } 1106 1107:0 1108* LOCALTAG ?? no$ 1109* CSSCHECK ?? yes 1110* ! SECONDBODYIP ?? ^000\.000\.000\.000$ 1111* $ ! SECONDBODYIP ?? ${FIRSTBODYIP} 1112{ 1113 LOCALDESCRIPTION="Body IP:" 1114 LOCALCHECK=${SECONDBODYIP} 1115 LOCALREVCHECK=${SECONDBODYREVIP} 1116 RDNSSERVER="sbl.spamhaus.org" 1117 RDNSNAME1="the CSS" 1118 RDNSRESPONSE1="127\.0\.0\.3" 1119 RDNSSCORE1="5" 1120 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1121} 1122 1123INCLUDERC=${SBDIR}/functions/test-threshold.rc 1124 1125:0 1126* ! SBCONFIG ?? Debug 1127* SPAMTAG ?? yes 1128{ LOCALTAG=yes } 1129 1130:0 1131* LOCALTAG ?? no$ 1132* CSSCHECK ?? yes 1133* ! THIRDBODYIP ?? ^000\.000\.000\.000$ 1134* $ ! THIRDBODYIP ?? ${FIRSTBODYIP} 1135* $ ! THIRDBODYIP ?? ${SECONDBODYIP} 1136{ 1137 LOCALDESCRIPTION="Body IP:" 1138 LOCALCHECK=${THIRDBODYIP} 1139 LOCALREVCHECK=${THIRDBODYREVIP} 1140 RDNSSERVER="sbl.spamhaus.org" 1141 RDNSNAME1="the CSS" 1142 RDNSRESPONSE1="127\.0\.0\.3" 1143 RDNSSCORE1="5" 1144 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1145} 1146 1147INCLUDERC=${SBDIR}/functions/test-threshold.rc 1148 1149:0 1150* ! SBCONFIG ?? Debug 1151* SPAMTAG ?? yes 1152{ LOCALTAG=yes } 1153 1154:0 1155* LOCALTAG ?? no$ 1156* CSSCHECK ?? yes 1157* ! FOURTHBODYIP ?? ^000\.000\.000\.000$ 1158* $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} 1159* $ ! FOURTHBODYIP ?? ${SECONDBODYIP} 1160* $ ! FOURTHBODYIP ?? ${THIRDBODYIP} 1161{ 1162 LOCALDESCRIPTION="Body IP:" 1163 LOCALCHECK=${FOURTHBODYIP} 1164 LOCALREVCHECK=${FOURTHBODYREVIP} 1165 RDNSSERVER="sbl.spamhaus.org" 1166 RDNSNAME1="the CSS" 1167 RDNSRESPONSE1="127\.0\.0\.3" 1168 RDNSSCORE1="5" 1169 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1170} 1171 1172INCLUDERC=${SBDIR}/functions/test-threshold.rc 1173 1174:0 1175* ! SBCONFIG ?? Debug 1176* SPAMTAG ?? yes 1177{ LOCALTAG=yes } 1178 1179:0 1180* LOCALTAG ?? no$ 1181* CSSCHECK ?? yes 1182* ! FIFTHBODYIP ?? ^000\.000\.000\.000$ 1183* $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} 1184* $ ! FIFTHBODYIP ?? ${SECONDBODYIP} 1185* $ ! FIFTHBODYIP ?? ${THIRDBODYIP} 1186* $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} 1187{ 1188 LOCALDESCRIPTION="Body IP:" 1189 LOCALCHECK=${FIFTHBODYIP} 1190 LOCALREVCHECK=${FIFTHBODYREVIP} 1191 RDNSSERVER="sbl.spamhaus.org" 1192 RDNSNAME1="the CSS" 1193 RDNSRESPONSE1="127\.0\.0\.3" 1194 RDNSSCORE1="5" 1195 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1196} 1197 1198INCLUDERC=${SBDIR}/functions/test-threshold.rc 1199 1200:0 1201* ! SBCONFIG ?? Debug 1202* SPAMTAG ?? yes 1203{ LOCALTAG=yes } 1204 1205:0 1206* LOCALTAG ?? no$ 1207* CSSCHECK ?? yes 1208* ! SIXTHBODYIP ?? ^000\.000\.000\.000$ 1209* $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} 1210* $ ! SIXTHBODYIP ?? ${SECONDBODYIP} 1211* $ ! SIXTHBODYIP ?? ${THIRDBODYIP} 1212* $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} 1213* $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} 1214{ 1215 LOCALDESCRIPTION="Body IP:" 1216 LOCALCHECK=${SIXTHBODYIP} 1217 LOCALREVCHECK=${SIXTHBODYREVIP} 1218 RDNSSERVER="sbl.spamhaus.org" 1219 RDNSNAME1="the CSS" 1220 RDNSRESPONSE1="127\.0\.0\.3" 1221 RDNSSCORE1="5" 1222 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1223} 1224 1225INCLUDERC=${SBDIR}/functions/test-threshold.rc 1226 1227:0 1228* ! SBCONFIG ?? Debug 1229* SPAMTAG ?? yes 1230{ LOCALTAG=yes } 1231 1232# Check IPs of message body hosts, if any. 1233:0 1234* LOCALTAG ?? no$ 1235* CSSCHECK ?? yes 1236* ! FIRSTBODYHOSTIP ?? ^000\.000\.000\.000$ 1237{ 1238 LOCALDESCRIPTION="Body Host:" 1239 LOCALDESCRIPTION2="IP:" 1240 LOCALHOST=${FIRSTBODYHOST} 1241 LOCALCHECK=${FIRSTBODYHOSTIP} 1242 LOCALREVCHECK=${FIRSTBODYHOSTREVIP} 1243 RDNSSERVER="sbl.spamhaus.org" 1244 RDNSNAME1="the CSS" 1245 RDNSRESPONSE1="127\.0\.0\.3" 1246 RDNSSCORE1="5" 1247 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 1248} 1249 1250INCLUDERC=${SBDIR}/functions/test-threshold.rc 1251 1252:0 1253* ! SBCONFIG ?? Debug 1254* SPAMTAG ?? yes 1255{ LOCALTAG=yes } 1256 1257:0 1258* LOCALTAG ?? no$ 1259* CSSCHECK ?? yes 1260* ! SECONDBODYHOSTIP ?? ^000\.000\.000\.000$ 1261* $ ! SECONDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 1262{ 1263 LOCALDESCRIPTION="Body Host:" 1264 LOCALDESCRIPTION2="IP:" 1265 LOCALHOST=${SECONDBODYHOST} 1266 LOCALCHECK=${SECONDBODYHOSTIP} 1267 LOCALREVCHECK=${SECONDBODYHOSTREVIP} 1268 RDNSSERVER="sbl.spamhaus.org" 1269 RDNSNAME1="the CSS" 1270 RDNSRESPONSE1="127\.0\.0\.3" 1271 RDNSSCORE1="5" 1272 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 1273} 1274 1275INCLUDERC=${SBDIR}/functions/test-threshold.rc 1276 1277:0 1278* ! SBCONFIG ?? Debug 1279* SPAMTAG ?? yes 1280{ LOCALTAG=yes } 1281 1282:0 1283* LOCALTAG ?? no$ 1284* CSSCHECK ?? yes 1285* ! THIRDBODYHOSTIP ?? ^000\.000\.000\.000$ 1286* $ ! THIRDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 1287* $ ! THIRDBODYHOSTIP ?? ${SECONDBODYHOSTIP} 1288{ 1289 LOCALDESCRIPTION="Body Host:" 1290 LOCALDESCRIPTION2="IP:" 1291 LOCALHOST=${THIRDBODYHOST} 1292 LOCALCHECK=${THIRDBODYHOSTIP} 1293 LOCALREVCHECK=${THIRDBODYHOSTREVIP} 1294 RDNSSERVER="sbl.spamhaus.org" 1295 RDNSNAME1="the CSS" 1296 RDNSRESPONSE1="127\.0\.0\.3" 1297 RDNSSCORE1="5" 1298 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 1299} 1300 1301INCLUDERC=${SBDIR}/functions/test-threshold.rc 1302 1303:0 1304* ! SBCONFIG ?? Debug 1305* SPAMTAG ?? yes 1306{ LOCALTAG=yes } 1307 1308:0 1309* LOCALTAG ?? no$ 1310* CSSCHECK ?? yes 1311* ! FOURTHBODYHOSTIP ?? ^000\.000\.000\.000$ 1312* $ ! FOURTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 1313* $ ! FOURTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 1314* $ ! FOURTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 1315{ 1316 LOCALDESCRIPTION="Body Host:" 1317 LOCALDESCRIPTION2="IP:" 1318 LOCALHOST=${FOURTHBODYHOST} 1319 LOCALCHECK=${FOURTHBODYHOSTIP} 1320 LOCALREVCHECK=${FOURTHBODYHOSTREVIP} 1321 RDNSSERVER="sbl.spamhaus.org" 1322 RDNSNAME1="the CSS" 1323 RDNSRESPONSE1="127\.0\.0\.3" 1324 RDNSSCORE1="5" 1325 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 1326} 1327 1328INCLUDERC=${SBDIR}/functions/test-threshold.rc 1329 1330:0 1331* ! SBCONFIG ?? Debug 1332* SPAMTAG ?? yes 1333{ LOCALTAG=yes } 1334 1335:0 1336* LOCALTAG ?? no$ 1337* CSSCHECK ?? yes 1338* ! FIFTHBODYHOSTIP ?? ^000\.000\.000\.000$ 1339* $ ! FIFTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 1340* $ ! FIFTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 1341* $ ! FIFTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 1342* $ ! FIFTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 1343{ 1344 LOCALDESCRIPTION="Body Host:" 1345 LOCALDESCRIPTION2="IP:" 1346 LOCALHOST=${FIFTHBODYHOST} 1347 LOCALCHECK=${FIFTHBODYHOSTIP} 1348 LOCALREVCHECK=${FIFTHBODYHOSTREVIP} 1349 RDNSSERVER="sbl.spamhaus.org" 1350 RDNSNAME1="the CSS" 1351 RDNSRESPONSE1="127\.0\.0\.3" 1352 RDNSSCORE1="5" 1353 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 1354} 1355 1356INCLUDERC=${SBDIR}/functions/test-threshold.rc 1357 1358:0 1359* ! SBCONFIG ?? Debug 1360* SPAMTAG ?? yes 1361{ LOCALTAG=yes } 1362 1363:0 1364* LOCALTAG ?? no$ 1365* CSSCHECK ?? yes 1366* ! SIXTHBODYHOSTIP ?? ^000\.000\.000\.000$ 1367* $ ! SIXTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 1368* $ ! SIXTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 1369* $ ! SIXTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 1370* $ ! SIXTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 1371* $ ! SIXTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} 1372{ 1373 LOCALDESCRIPTION="Body Host:" 1374 LOCALDESCRIPTION2="IP:" 1375 LOCALHOST=${SIXTHBODYHOST} 1376 LOCALCHECK=${SIXTHBODYHOSTIP} 1377 LOCALREVCHECK=${SIXTHBODYHOSTREVIP} 1378 RDNSSERVER="sbl.spamhaus.org" 1379 RDNSNAME1="the CSS" 1380 RDNSRESPONSE1="127\.0\.0\.3" 1381 RDNSSCORE1="5" 1382 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 1383} 1384 1385INCLUDERC=${SBDIR}/functions/test-threshold.rc 1386 1387:0 1388* ! SBCONFIG ?? Debug 1389* SPAMTAG ?? yes 1390{ LOCALTAG=yes } 1391 1392:0 1393* LOCALTAG ?? no$ 1394* CSSCHECK ?? yes 1395* ! SEVENTHBODYHOSTIP ?? ^000\.000\.000\.000$ 1396* $ ! SEVENTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 1397* $ ! SEVENTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 1398* $ ! SEVENTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 1399* $ ! SEVENTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 1400* $ ! SEVENTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} 1401* $ ! SEVENTHBODYHOSTIP ?? ${SIXTHBODYHOSTIP} 1402{ 1403 LOCALDESCRIPTION="Body Host:" 1404 LOCALDESCRIPTION2="IP:" 1405 LOCALHOST=${SEVENTHBODYHOST} 1406 LOCALCHECK=${SEVENTHBODYHOSTIP} 1407 LOCALREVCHECK=${SEVENTHBODYHOSTREVIP} 1408 RDNSSERVER="sbl.spamhaus.org" 1409 RDNSNAME1="the CSS" 1410 RDNSRESPONSE1="127\.0\.0\.3" 1411 RDNSSCORE1="5" 1412 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 1413} 1414 1415INCLUDERC=${SBDIR}/functions/test-threshold.rc 1416 1417:0 1418* ! SBCONFIG ?? Debug 1419* SPAMTAG ?? yes 1420{ LOCALTAG=yes } 1421 1422 1423# SpamHaus.org SBL Check 1424# 1425# The SBL is perhaps the most widely respected anti-spam 1426# blocklist at present. It is enabled by default in the 1427# SpamBouncer. The SBL ROKSO list of known spam gangs 1428# is also a major source of data for filters that catch 1429# and complain about spam from specific known spammers. 1430# 1431# 1432:0 1433* LOCALTAG ?? no$ 1434* SPAMHAUSORGCHECK ?? yes 1435* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 1436{ 1437 LOCALDESCRIPTION="Received IP:" 1438 LOCALCHECK=${FIRSTEXIP} 1439 LOCALREVCHECK=${FIRSTEXREVIP} 1440 RDNSSERVER="sbl.spamhaus.org" 1441 RDNSNAME1="the SBL" 1442 RDNSRESPONSE1="127\.0\.0\.2" 1443 RDNSSCORE1="10" 1444 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1445} 1446 1447INCLUDERC=${SBDIR}/functions/test-threshold.rc 1448 1449:0 1450* ! SBCONFIG ?? Debug 1451* SPAMTAG ?? yes 1452{ LOCALTAG=yes } 1453 1454:0 1455* LOCALTAG ?? no$ 1456* SPAMHAUSORGCHECK ?? yes 1457* ! SECONDEXIP ?? ^000\.000\.000\.000$ 1458* $ ! SECONDEXIP ?? ${FIRSTEXIP} 1459{ 1460 LOCALDESCRIPTION="Received IP:" 1461 LOCALCHECK=${SECONDEXIP} 1462 LOCALREVCHECK=${SECONDEXREVIP} 1463 RDNSSERVER="sbl.spamhaus.org" 1464 RDNSNAME1="the SBL" 1465 RDNSRESPONSE1="127\.0\.0\.2" 1466 RDNSSCORE1="5" 1467 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1468} 1469 1470INCLUDERC=${SBDIR}/functions/test-threshold.rc 1471 1472:0 1473* ! SBCONFIG ?? Debug 1474* SPAMTAG ?? yes 1475{ LOCALTAG=yes } 1476 1477:0 1478* LOCALTAG ?? no$ 1479* SPAMHAUSORGCHECK ?? yes 1480* ! THIRDEXIP ?? ^000\.000\.000\.000$ 1481* $ ! THIRDEXIP ?? ${FIRSTEXIP} 1482* $ ! THIRDEXIP ?? ${SECONDEXIP} 1483{ 1484 LOCALDESCRIPTION="Received IP:" 1485 LOCALCHECK=${THIRDEXIP} 1486 LOCALREVCHECK=${THIRDEXREVIP} 1487 RDNSSERVER="sbl.spamhaus.org" 1488 RDNSNAME1="the SBL" 1489 RDNSRESPONSE1="127\.0\.0\.2" 1490 RDNSSCORE1="5" 1491 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1492} 1493 1494INCLUDERC=${SBDIR}/functions/test-threshold.rc 1495 1496:0 1497* ! SBCONFIG ?? Debug 1498* SPAMTAG ?? yes 1499{ LOCALTAG=yes } 1500 1501:0 1502* LOCALTAG ?? no$ 1503* SPAMHAUSORGCHECK ?? yes 1504* ! FOURTHEXIP ?? ^000\.000\.000\.000$ 1505* $ ! FOURTHEXIP ?? ${FIRSTEXIP} 1506* $ ! FOURTHEXIP ?? ${SECONDEXIP} 1507* $ ! FOURTHEXIP ?? ${THIRDEXIP} 1508{ 1509 LOCALDESCRIPTION="Received IP:" 1510 LOCALCHECK=${FOURTHEXIP} 1511 LOCALREVCHECK=${FOURTHEXREVIP} 1512 RDNSSERVER="sbl.spamhaus.org" 1513 RDNSNAME1="the SBL" 1514 RDNSRESPONSE1="127\.0\.0\.2" 1515 RDNSSCORE1="5" 1516 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1517} 1518 1519INCLUDERC=${SBDIR}/functions/test-threshold.rc 1520 1521:0 1522* ! SBCONFIG ?? Debug 1523* SPAMTAG ?? yes 1524{ LOCALTAG=yes } 1525 1526:0 1527* LOCALTAG ?? no$ 1528* SPAMHAUSORGCHECK ?? yes 1529* ! XORIGINALIP ?? ^000\.000\.000\.000$ 1530* $ ! XORIGINALIP ?? ${FIRSTEXIP} 1531* $ ! XORIGINALIP ?? ${SECONDEXIP} 1532* $ ! XORIGINALIP ?? ${THIRDEXIP} 1533* $ ! XORIGINALIP ?? ${FOURTHEXIP} 1534{ 1535 LOCALDESCRIPTION="X-Original-IP:" 1536 LOCALCHECK=${XORIGINALIP} 1537 LOCALREVCHECK=${XORIGINALREVIP} 1538 RDNSSERVER="sbl.spamhaus.org" 1539 RDNSNAME1="the SBL" 1540 RDNSRESPONSE1="127\.0\.0\.2" 1541 RDNSSCORE1="5" 1542 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1543} 1544 1545INCLUDERC=${SBDIR}/functions/test-threshold.rc 1546 1547:0 1548* ! SBCONFIG ?? Debug 1549* SPAMTAG ?? yes 1550{ LOCALTAG=yes } 1551 1552# Check Body IPs, if any. 1553:0 1554* LOCALTAG ?? no$ 1555* SPAMHAUSORGCHECK ?? yes 1556* ! FIRSTBODYIP ?? ^000\.000\.000\.000$ 1557{ 1558 LOCALDESCRIPTION="Body IP:" 1559 LOCALCHECK=${FIRSTBODYIP} 1560 LOCALREVCHECK=${FIRSTBODYREVIP} 1561 RDNSSERVER="sbl.spamhaus.org" 1562 RDNSNAME1="the SBL" 1563 RDNSRESPONSE1="127\.0\.0\.2" 1564 RDNSSCORE1="5" 1565 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1566} 1567 1568INCLUDERC=${SBDIR}/functions/test-threshold.rc 1569 1570:0 1571* ! SBCONFIG ?? Debug 1572* SPAMTAG ?? yes 1573{ LOCALTAG=yes } 1574 1575:0 1576* LOCALTAG ?? no$ 1577* SPAMHAUSORGCHECK ?? yes 1578* ! SECONDBODYIP ?? ^000\.000\.000\.000$ 1579* $ ! SECONDBODYIP ?? ${FIRSTBODYIP} 1580{ 1581 LOCALDESCRIPTION="Body IP:" 1582 LOCALCHECK=${SECONDBODYIP} 1583 LOCALREVCHECK=${SECONDBODYREVIP} 1584 RDNSSERVER="sbl.spamhaus.org" 1585 RDNSNAME1="the SBL" 1586 RDNSRESPONSE1="127\.0\.0\.2" 1587 RDNSSCORE1="5" 1588 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1589} 1590 1591INCLUDERC=${SBDIR}/functions/test-threshold.rc 1592 1593:0 1594* ! SBCONFIG ?? Debug 1595* SPAMTAG ?? yes 1596{ LOCALTAG=yes } 1597 1598:0 1599* LOCALTAG ?? no$ 1600* SPAMHAUSORGCHECK ?? yes 1601* ! THIRDBODYIP ?? ^000\.000\.000\.000$ 1602* $ ! THIRDBODYIP ?? ${FIRSTBODYIP} 1603* $ ! THIRDBODYIP ?? ${SECONDBODYIP} 1604{ 1605 LOCALDESCRIPTION="Body IP:" 1606 LOCALCHECK=${THIRDBODYIP} 1607 LOCALREVCHECK=${THIRDBODYREVIP} 1608 RDNSSERVER="sbl.spamhaus.org" 1609 RDNSNAME1="the SBL" 1610 RDNSRESPONSE1="127\.0\.0\.2" 1611 RDNSSCORE1="5" 1612 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1613} 1614 1615INCLUDERC=${SBDIR}/functions/test-threshold.rc 1616 1617:0 1618* ! SBCONFIG ?? Debug 1619* SPAMTAG ?? yes 1620{ LOCALTAG=yes } 1621 1622:0 1623* LOCALTAG ?? no$ 1624* SPAMHAUSORGCHECK ?? yes 1625* ! FOURTHBODYIP ?? ^000\.000\.000\.000$ 1626* $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} 1627* $ ! FOURTHBODYIP ?? ${SECONDBODYIP} 1628* $ ! FOURTHBODYIP ?? ${THIRDBODYIP} 1629{ 1630 LOCALDESCRIPTION="Body IP:" 1631 LOCALCHECK=${FOURTHBODYIP} 1632 LOCALREVCHECK=${FOURTHBODYREVIP} 1633 RDNSSERVER="sbl.spamhaus.org" 1634 RDNSNAME1="the SBL" 1635 RDNSRESPONSE1="127\.0\.0\.2" 1636 RDNSSCORE1="5" 1637 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1638} 1639 1640INCLUDERC=${SBDIR}/functions/test-threshold.rc 1641 1642:0 1643* ! SBCONFIG ?? Debug 1644* SPAMTAG ?? yes 1645{ LOCALTAG=yes } 1646 1647:0 1648* LOCALTAG ?? no$ 1649* SPAMHAUSORGCHECK ?? yes 1650* ! FIFTHBODYIP ?? ^000\.000\.000\.000$ 1651* $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} 1652* $ ! FIFTHBODYIP ?? ${SECONDBODYIP} 1653* $ ! FIFTHBODYIP ?? ${THIRDBODYIP} 1654* $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} 1655{ 1656 LOCALDESCRIPTION="Body IP:" 1657 LOCALCHECK=${FIFTHBODYIP} 1658 LOCALREVCHECK=${FIFTHBODYREVIP} 1659 RDNSSERVER="sbl.spamhaus.org" 1660 RDNSNAME1="the SBL" 1661 RDNSRESPONSE1="127\.0\.0\.2" 1662 RDNSSCORE1="5" 1663 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1664} 1665 1666INCLUDERC=${SBDIR}/functions/test-threshold.rc 1667 1668:0 1669* ! SBCONFIG ?? Debug 1670* SPAMTAG ?? yes 1671{ LOCALTAG=yes } 1672 1673:0 1674* LOCALTAG ?? no$ 1675* SPAMHAUSORGCHECK ?? yes 1676* ! SIXTHBODYIP ?? ^000\.000\.000\.000$ 1677* $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} 1678* $ ! SIXTHBODYIP ?? ${SECONDBODYIP} 1679* $ ! SIXTHBODYIP ?? ${THIRDBODYIP} 1680* $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} 1681* $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} 1682{ 1683 LOCALDESCRIPTION="Body IP:" 1684 LOCALCHECK=${SIXTHBODYIP} 1685 LOCALREVCHECK=${SIXTHBODYREVIP} 1686 RDNSSERVER="sbl.spamhaus.org" 1687 RDNSNAME1="the SBL" 1688 RDNSRESPONSE1="127\.0\.0\.2" 1689 RDNSSCORE1="5" 1690 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1691} 1692 1693INCLUDERC=${SBDIR}/functions/test-threshold.rc 1694 1695:0 1696* ! SBCONFIG ?? Debug 1697* SPAMTAG ?? yes 1698{ LOCALTAG=yes } 1699 1700# Check IPs of message body hosts, if any. 1701:0 1702* LOCALTAG ?? no$ 1703* SPAMHAUSORGCHECK ?? yes 1704* ! FIRSTBODYHOSTIP ?? ^000\.000\.000\.000$ 1705{ 1706 LOCALDESCRIPTION="Body Host:" 1707 LOCALDESCRIPTION2="IP:" 1708 LOCALHOST=${FIRSTBODYHOST} 1709 LOCALCHECK=${FIRSTBODYHOSTIP} 1710 LOCALREVCHECK=${FIRSTBODYHOSTREVIP} 1711 RDNSSERVER="sbl.spamhaus.org" 1712 RDNSNAME1="the SBL" 1713 RDNSRESPONSE1="127\.0\.0\.2" 1714 RDNSSCORE1="5" 1715 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 1716} 1717 1718INCLUDERC=${SBDIR}/functions/test-threshold.rc 1719 1720:0 1721* ! SBCONFIG ?? Debug 1722* SPAMTAG ?? yes 1723{ LOCALTAG=yes } 1724 1725:0 1726* LOCALTAG ?? no$ 1727* SPAMHAUSORGCHECK ?? yes 1728* ! SECONDBODYHOSTIP ?? ^000\.000\.000\.000$ 1729* $ ! SECONDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 1730{ 1731 LOCALDESCRIPTION="Body Host:" 1732 LOCALDESCRIPTION2="IP:" 1733 LOCALHOST=${SECONDBODYHOST} 1734 LOCALCHECK=${SECONDBODYHOSTIP} 1735 LOCALREVCHECK=${SECONDBODYHOSTREVIP} 1736 RDNSSERVER="sbl.spamhaus.org" 1737 RDNSNAME1="the SBL" 1738 RDNSRESPONSE1="127\.0\.0\.2" 1739 RDNSSCORE1="5" 1740 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 1741} 1742 1743INCLUDERC=${SBDIR}/functions/test-threshold.rc 1744 1745:0 1746* ! SBCONFIG ?? Debug 1747* SPAMTAG ?? yes 1748{ LOCALTAG=yes } 1749 1750:0 1751* LOCALTAG ?? no$ 1752* SPAMHAUSORGCHECK ?? yes 1753* ! THIRDBODYHOSTIP ?? ^000\.000\.000\.000$ 1754* $ ! THIRDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 1755* $ ! THIRDBODYHOSTIP ?? ${SECONDBODYHOSTIP} 1756{ 1757 LOCALDESCRIPTION="Body Host:" 1758 LOCALDESCRIPTION2="IP:" 1759 LOCALHOST=${THIRDBODYHOST} 1760 LOCALCHECK=${THIRDBODYHOSTIP} 1761 LOCALREVCHECK=${THIRDBODYHOSTREVIP} 1762 RDNSSERVER="sbl.spamhaus.org" 1763 RDNSNAME1="the SBL" 1764 RDNSRESPONSE1="127\.0\.0\.2" 1765 RDNSSCORE1="5" 1766 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 1767} 1768 1769INCLUDERC=${SBDIR}/functions/test-threshold.rc 1770 1771:0 1772* ! SBCONFIG ?? Debug 1773* SPAMTAG ?? yes 1774{ LOCALTAG=yes } 1775 1776:0 1777* LOCALTAG ?? no$ 1778* SPAMHAUSORGCHECK ?? yes 1779* ! FOURTHBODYHOSTIP ?? ^000\.000\.000\.000$ 1780* $ ! FOURTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 1781* $ ! FOURTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 1782* $ ! FOURTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 1783{ 1784 LOCALDESCRIPTION="Body Host:" 1785 LOCALDESCRIPTION2="IP:" 1786 LOCALHOST=${FOURTHBODYHOST} 1787 LOCALCHECK=${FOURTHBODYHOSTIP} 1788 LOCALREVCHECK=${FOURTHBODYHOSTREVIP} 1789 RDNSSERVER="sbl.spamhaus.org" 1790 RDNSNAME1="the SBL" 1791 RDNSRESPONSE1="127\.0\.0\.2" 1792 RDNSSCORE1="5" 1793 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 1794} 1795 1796INCLUDERC=${SBDIR}/functions/test-threshold.rc 1797 1798:0 1799* ! SBCONFIG ?? Debug 1800* SPAMTAG ?? yes 1801{ LOCALTAG=yes } 1802 1803:0 1804* LOCALTAG ?? no$ 1805* SPAMHAUSORGCHECK ?? yes 1806* ! FIFTHBODYHOSTIP ?? ^000\.000\.000\.000$ 1807* $ ! FIFTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 1808* $ ! FIFTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 1809* $ ! FIFTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 1810* $ ! FIFTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 1811{ 1812 LOCALDESCRIPTION="Body Host:" 1813 LOCALDESCRIPTION2="IP:" 1814 LOCALHOST=${FIFTHBODYHOST} 1815 LOCALCHECK=${FIFTHBODYHOSTIP} 1816 LOCALREVCHECK=${FIFTHBODYHOSTREVIP} 1817 RDNSSERVER="sbl.spamhaus.org" 1818 RDNSNAME1="the SBL" 1819 RDNSRESPONSE1="127\.0\.0\.2" 1820 RDNSSCORE1="5" 1821 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 1822} 1823 1824INCLUDERC=${SBDIR}/functions/test-threshold.rc 1825 1826:0 1827* ! SBCONFIG ?? Debug 1828* SPAMTAG ?? yes 1829{ LOCALTAG=yes } 1830 1831:0 1832* LOCALTAG ?? no$ 1833* SPAMHAUSORGCHECK ?? yes 1834* ! SIXTHBODYHOSTIP ?? ^000\.000\.000\.000$ 1835* $ ! SIXTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 1836* $ ! SIXTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 1837* $ ! SIXTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 1838* $ ! SIXTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 1839* $ ! SIXTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} 1840{ 1841 LOCALDESCRIPTION="Body Host:" 1842 LOCALDESCRIPTION2="IP:" 1843 LOCALHOST=${SIXTHBODYHOST} 1844 LOCALCHECK=${SIXTHBODYHOSTIP} 1845 LOCALREVCHECK=${SIXTHBODYHOSTREVIP} 1846 RDNSSERVER="sbl.spamhaus.org" 1847 RDNSNAME1="the SBL" 1848 RDNSRESPONSE1="127\.0\.0\.2" 1849 RDNSSCORE1="5" 1850 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 1851} 1852 1853INCLUDERC=${SBDIR}/functions/test-threshold.rc 1854 1855:0 1856* ! SBCONFIG ?? Debug 1857* SPAMTAG ?? yes 1858{ LOCALTAG=yes } 1859 1860:0 1861* LOCALTAG ?? no$ 1862* SPAMHAUSORGCHECK ?? yes 1863* ! SEVENTHBODYHOSTIP ?? ^000\.000\.000\.000$ 1864* $ ! SEVENTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 1865* $ ! SEVENTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 1866* $ ! SEVENTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 1867* $ ! SEVENTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 1868* $ ! SEVENTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} 1869* $ ! SEVENTHBODYHOSTIP ?? ${SIXTHBODYHOSTIP} 1870{ 1871 LOCALDESCRIPTION="Body Host:" 1872 LOCALDESCRIPTION2="IP:" 1873 LOCALHOST=${SEVENTHBODYHOST} 1874 LOCALCHECK=${SEVENTHBODYHOSTIP} 1875 LOCALREVCHECK=${SEVENTHBODYHOSTREVIP} 1876 RDNSSERVER="sbl.spamhaus.org" 1877 RDNSNAME1="the SBL" 1878 RDNSRESPONSE1="127\.0\.0\.2" 1879 RDNSSCORE1="5" 1880 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 1881} 1882 1883INCLUDERC=${SBDIR}/functions/test-threshold.rc 1884 1885:0 1886* ! SBCONFIG ?? Debug 1887* SPAMTAG ?? yes 1888{ LOCALTAG=yes } 1889 1890# SDBL Blocklist 1891# 1892# Test new SpamHaus Domains Blocklist (SDBL) 1893 1894LT2=no 1895 1896:0 1897* SDBLCHECK ?? ^yes$ 1898{ LT2=yes } 1899 1900# Check first message body domain, if one exists. 1901# 1902:0 1903* LOCALTAG ?? ^no$ 1904* LT2 ?? ^yes$ 1905* ! FIRSTBODYDOMAIN ?? ^example\.com$ 1906{ 1907 LOCALDESCRIPTION="Body Domain:" 1908 LOCALCHECK=${FIRSTBODYDOMAIN} 1909 LOCALREVCHECK=${FIRSTBODYDOMAIN} 1910 RDNSSERVER="dbl.plan3.org" 1911 1912 :0 1913 * SDBLCHECK ?? ^yes$ 1914 { 1915 RDNSNAME1="SDBL" 1916 RDNSRESPONSE1="127\.0\.0\.2" 1917 RDNSSCORE1="5" 1918 } 1919 1920 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1921} 1922 1923INCLUDERC=${SBDIR}/functions/test-threshold.rc 1924 1925# Check second message body domain, if one exists. 1926# 1927:0 1928* LOCALTAG ?? ^no$ 1929* LT2 ?? ^yes$ 1930* ! SECONDBODYDOMAIN ?? ^example\.com$ 1931* $ ! SECONDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 1932{ 1933 LOCALDESCRIPTION="Body Domain:" 1934 LOCALCHECK=${SECONDBODYDOMAIN} 1935 LOCALREVCHECK=${SECONDBODYDOMAIN} 1936 RDNSSERVER="dbl.plan3.org" 1937 1938 :0 1939 * SDBLCHECK ?? ^yes$ 1940 { 1941 RDNSNAME1="SDBL" 1942 RDNSRESPONSE1="127\.0\.0\.2" 1943 RDNSSCORE1="5" 1944 } 1945 1946 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1947} 1948 1949INCLUDERC=${SBDIR}/functions/test-threshold.rc 1950 1951 1952# Check third message body domain, if one exists. 1953# 1954:0 1955* LOCALTAG ?? ^no$ 1956* LT2 ?? ^yes$ 1957* ! THIRDBODYDOMAIN ?? ^example\.com$ 1958* $ ! THIRDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 1959* $ ! THIRDBODYDOMAIN ?? ${SECONDBODYDOMAIN} 1960{ 1961 LOCALDESCRIPTION="Body Domain:" 1962 LOCALCHECK=${THIRDBODYDOMAIN} 1963 LOCALREVCHECK=${THIRDBODYDOMAIN} 1964 RDNSSERVER="dbl.plan3.org" 1965 1966 :0 1967 * SDBLCHECK ?? ^yes$ 1968 { 1969 RDNSNAME1="SDBL" 1970 RDNSRESPONSE1="127\.0\.0\.2" 1971 RDNSSCORE1="5" 1972 } 1973 1974 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 1975} 1976 1977INCLUDERC=${SBDIR}/functions/test-threshold.rc 1978 1979# Check fourth message body domain, if one exists. 1980# 1981:0 1982* LOCALTAG ?? ^no$ 1983* LT2 ?? ^yes$ 1984* ! FOURTHBODYDOMAIN ?? ^example\.com$ 1985* $ ! FOURTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 1986* $ ! FOURTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 1987* $ ! FOURTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 1988{ 1989 LOCALDESCRIPTION="Body Domain:" 1990 LOCALCHECK=${FOURTHBODYDOMAIN} 1991 LOCALREVCHECK=${FOURTHBODYDOMAIN} 1992 RDNSSERVER="dbl.plan3.org" 1993 1994 :0 1995 * SDBLCHECK ?? ^yes$ 1996 { 1997 RDNSNAME1="SDBL" 1998 RDNSRESPONSE1="127\.0\.0\.2" 1999 RDNSSCORE1="5" 2000 } 2001 2002 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2003} 2004 2005INCLUDERC=${SBDIR}/functions/test-threshold.rc 2006 2007# Check fifth message body domain, if one exists. 2008# 2009:0 2010* LOCALTAG ?? ^no$ 2011* LT2 ?? ^yes$ 2012* ! FIFTHBODYDOMAIN ?? ^example\.com$ 2013* $ ! FIFTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 2014* $ ! FIFTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 2015* $ ! FIFTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 2016* $ ! FIFTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} 2017{ 2018 LOCALDESCRIPTION="Body Domain:" 2019 LOCALCHECK=${FIFTHBODYDOMAIN} 2020 LOCALREVCHECK=${FIFTHBODYDOMAIN} 2021 RDNSSERVER="dbl.plan3.org" 2022 2023 :0 2024 * SDBLCHECK ?? ^yes$ 2025 { 2026 RDNSNAME1="SDBL" 2027 RDNSRESPONSE1="127\.0\.0\.2" 2028 RDNSSCORE1="5" 2029 } 2030 2031 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2032} 2033 2034INCLUDERC=${SBDIR}/functions/test-threshold.rc 2035 2036# Check sixth message body domain, if one exists. 2037# 2038:0 2039* LOCALTAG ?? ^no$ 2040* LT2 ?? ^yes$ 2041* ! SIXTHBODYDOMAIN ?? ^example\.com$ 2042* $ ! SIXTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 2043* $ ! SIXTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 2044* $ ! SIXTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 2045* $ ! SIXTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} 2046* $ ! SIXTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN} 2047{ 2048 LOCALDESCRIPTION="Body Domain:" 2049 LOCALCHECK=${SIXTHBODYDOMAIN} 2050 LOCALREVCHECK=${SIXTHBODYDOMAIN} 2051 RDNSSERVER="dbl.plan3.org" 2052 2053 :0 2054 * SDBLCHECK ?? ^yes$ 2055 { 2056 RDNSNAME1="SDBL" 2057 RDNSRESPONSE1="127\.0\.0\.2" 2058 RDNSSCORE1="5" 2059 } 2060 2061 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2062} 2063 2064INCLUDERC=${SBDIR}/functions/test-threshold.rc 2065 2066# Check seventh message body domain, if one exists. 2067# 2068:0 2069* LOCALTAG ?? ^no$ 2070* LT2 ?? ^yes$ 2071* ! SEVENTHBODYDOMAIN ?? ^example\.com$ 2072* $ ! SEVENTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 2073* $ ! SEVENTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 2074* $ ! SEVENTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 2075* $ ! SEVENTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} 2076* $ ! SEVENTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN} 2077* $ ! SEVENTHBODYDOMAIN ?? ${SIXTHBODYDOMAIN} 2078{ 2079 LOCALDESCRIPTION="Body Domain:" 2080 LOCALCHECK=${SEVENTHBODYDOMAIN} 2081 LOCALREVCHECK=${SEVENTHBODYDOMAIN} 2082 RDNSSERVER="dbl.plan3.org" 2083 2084 :0 2085 * SDBLCHECK ?? ^yes$ 2086 { 2087 RDNSNAME1="SDBL" 2088 RDNSRESPONSE1="127\.0\.0\.2" 2089 RDNSSCORE1="5" 2090 } 2091 2092 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2093} 2094 2095INCLUDERC=${SBDIR}/functions/test-threshold.rc 2096 2097# Check From domain. 2098# 2099:0 2100* LOCALTAG ?? ^no$ 2101* LT2 ?? ^yes$ 2102* ! FROMDOMAIN ?? ^example\.com$ 2103* $ ! FROMDOMAIN ?? ${FIRSTBODYDOMAIN} 2104* $ ! FROMDOMAIN ?? ${SECONDBODYDOMAIN} 2105* $ ! FROMDOMAIN ?? ${THIRDBODYDOMAIN} 2106* $ ! FROMDOMAIN ?? ${FOURTHBODYDOMAIN} 2107* $ ! FROMDOMAIN ?? ${FIFTHBODYDOMAIN} 2108* $ ! FROMDOMAIN ?? ${SIXTHBODYDOMAIN} 2109* $ ! FROMDOMAIN ?? ${SEVENTHBODYDOMAIN} 2110{ 2111 LOCALDESCRIPTION="From Domain:" 2112 LOCALCHECK=${FROMDOMAIN} 2113 LOCALREVCHECK=${FROMDOMAIN} 2114 RDNSSERVER="dbl.plan3.org" 2115 2116 :0 2117 * SDBLCHECK ?? ^yes$ 2118 { 2119 RDNSNAME1="SDBL" 2120 RDNSRESPONSE1="127\.0\.0\.2" 2121 RDNSSCORE1="5" 2122 } 2123 2124 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2125} 2126 2127INCLUDERC=${SBDIR}/functions/test-threshold.rc 2128 2129# Check Reply-To Domain. 2130# 2131:0 2132* LOCALTAG ?? ^no$ 2133* LT2 ?? ^yes$ 2134* ! REPLYTODOMAIN ?? ^example\.com$ 2135* $ ! REPLYTODOMAIN ?? ${FIRSTBODYDOMAIN} 2136* $ ! REPLYTODOMAIN ?? ${SECONDBODYDOMAIN} 2137* $ ! REPLYTODOMAIN ?? ${THIRDBODYDOMAIN} 2138* $ ! REPLYTODOMAIN ?? ${FOURTHBODYDOMAIN} 2139* $ ! REPLYTODOMAIN ?? ${FIFTHBODYDOMAIN} 2140* $ ! REPLYTODOMAIN ?? ${SIXTHBODYDOMAIN} 2141* $ ! REPLYTODOMAIN ?? ${SEVENTHBODYDOMAIN} 2142* $ ! REPLYTODOMAIN ?? ${FROMDOMAIN} 2143{ 2144 LOCALDESCRIPTION="Reply-To Domain:" 2145 LOCALCHECK=${REPLYTODOMAIN} 2146 LOCALREVCHECK=${REPLYTODOMAIN} 2147 RDNSSERVER="dbl.plan3.org" 2148 2149 :0 2150 * SDBLCHECK ?? ^yes$ 2151 { 2152 RDNSNAME1="SDBL" 2153 RDNSRESPONSE1="127\.0\.0\.2" 2154 RDNSSCORE1="5" 2155 } 2156 2157 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2158} 2159 2160INCLUDERC=${SBDIR}/functions/test-threshold.rc 2161 2162# Check Error Domain. 2163# 2164:0 2165* LOCALTAG ?? ^no$ 2166* LT2 ?? ^yes$ 2167* ! ERRORDOMAIN ?? ^example\.com$ 2168* $ ! ERRORDOMAIN ?? ${FIRSTBODYDOMAIN} 2169* $ ! ERRORDOMAIN ?? ${SECONDBODYDOMAIN} 2170* $ ! ERRORDOMAIN ?? ${THIRDBODYDOMAIN} 2171* $ ! ERRORDOMAIN ?? ${FOURTHBODYDOMAIN} 2172* $ ! ERRORDOMAIN ?? ${FIFTHBODYDOMAIN} 2173* $ ! ERRORDOMAIN ?? ${SIXTHBODYDOMAIN} 2174* $ ! ERRORDOMAIN ?? ${SEVENTHBODYDOMAIN} 2175* $ ! ERRORDOMAIN ?? ${FROMDOMAIN} 2176* $ ! ERRORDOMAIN ?? ${REPLYTODOMAIN} 2177{ 2178 LOCALDESCRIPTION="Errors-To Domain:" 2179 LOCALCHECK=${ERRORDOMAIN} 2180 LOCALREVCHECK=${ERRORDOMAIN} 2181 RDNSSERVER="dbl.plan3.org" 2182 2183 :0 2184 * SDBLCHECK ?? ^yes$ 2185 { 2186 RDNSNAME1="SDBL" 2187 RDNSRESPONSE1="127\.0\.0\.2" 2188 RDNSSCORE1="5" 2189 } 2190 2191 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2192} 2193 2194INCLUDERC=${SBDIR}/functions/test-threshold.rc 2195 2196# Check First External Received Domain. 2197# 2198:0 2199* LOCALTAG ?? ^no$ 2200* LT2 ?? ^yes$ 2201* ! FIRSTEXDOMAIN ?? ^example\.com$ 2202* $ ! FIRSTEXDOMAIN ?? ${FIRSTBODYDOMAIN} 2203* $ ! FIRSTEXDOMAIN ?? ${SECONDBODYDOMAIN} 2204* $ ! FIRSTEXDOMAIN ?? ${THIRDBODYDOMAIN} 2205* $ ! FIRSTEXDOMAIN ?? ${FOURTHBODYDOMAIN} 2206* $ ! FIRSTEXDOMAIN ?? ${FIFTHBODYDOMAIN} 2207* $ ! FIRSTEXDOMAIN ?? ${SIXTHBODYDOMAIN} 2208* $ ! FIRSTEXDOMAIN ?? ${SEVENTHBODYDOMAIN} 2209* $ ! FIRSTEXDOMAIN ?? ${FROMDOMAIN} 2210* $ ! FIRSTEXDOMAIN ?? ${REPLYTODOMAIN} 2211* $ ! FIRSTEXDOMAIN ?? ${ERRORDOMAIN} 2212{ 2213 LOCALDESCRIPTION="First ExRev Domain:" 2214 LOCALCHECK=${FIRSTEXDOMAIN} 2215 LOCALREVCHECK=${FIRSTEXDOMAIN} 2216 RDNSSERVER="dbl.plan3.org" 2217 2218 :0 2219 * SDBLCHECK ?? ^yes$ 2220 { 2221 RDNSNAME1="SDBL" 2222 RDNSRESPONSE1="127\.0\.0\.2" 2223 RDNSSCORE1="5" 2224 } 2225 2226 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2227} 2228 2229INCLUDERC=${SBDIR}/functions/test-threshold.rc 2230 2231# Check Second External Received Domain. 2232# 2233:0 2234* LOCALTAG ?? ^no$ 2235* LT2 ?? ^yes$ 2236* ! SECONDEXDOMAIN ?? ^example\.com$ 2237* $ ! SECONDEXDOMAIN ?? ${FIRSTBODYDOMAIN} 2238* $ ! SECONDEXDOMAIN ?? ${SECONDBODYDOMAIN} 2239* $ ! SECONDEXDOMAIN ?? ${THIRDBODYDOMAIN} 2240* $ ! SECONDEXDOMAIN ?? ${FOURTHBODYDOMAIN} 2241* $ ! SECONDEXDOMAIN ?? ${FIFTHBODYDOMAIN} 2242* $ ! SECONDEXDOMAIN ?? ${SIXTHBODYDOMAIN} 2243* $ ! SECONDEXDOMAIN ?? ${SEVENTHBODYDOMAIN} 2244* $ ! SECONDEXDOMAIN ?? ${FROMDOMAIN} 2245* $ ! SECONDEXDOMAIN ?? ${REPLYTODOMAIN} 2246* $ ! SECONDEXDOMAIN ?? ${ERRORDOMAIN} 2247* $ ! SECONDEXDOMAIN ?? ${FIRSTEXDOMAIN} 2248{ 2249 LOCALDESCRIPTION="Second ExRev Domain:" 2250 LOCALCHECK=${SECONDEXDOMAIN} 2251 LOCALREVCHECK=${SECONDEXDOMAIN} 2252 RDNSSERVER="dbl.plan3.org" 2253 2254 :0 2255 * SDBLCHECK ?? ^yes$ 2256 { 2257 RDNSNAME1="SDBL" 2258 RDNSRESPONSE1="127\.0\.0\.2" 2259 RDNSSCORE1="5" 2260 } 2261 2262 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2263} 2264 2265INCLUDERC=${SBDIR}/functions/test-threshold.rc 2266 2267# Check Third External Received Domain. 2268# 2269:0 2270* LOCALTAG ?? ^no$ 2271* LT2 ?? ^yes$ 2272* ! THIRDEXDOMAIN ?? ^example\.com$ 2273* $ ! THIRDEXDOMAIN ?? ${FIRSTBODYDOMAIN} 2274* $ ! THIRDEXDOMAIN ?? ${SECONDBODYDOMAIN} 2275* $ ! THIRDEXDOMAIN ?? ${THIRDBODYDOMAIN} 2276* $ ! THIRDEXDOMAIN ?? ${FOURTHBODYDOMAIN} 2277* $ ! THIRDEXDOMAIN ?? ${FIFTHBODYDOMAIN} 2278* $ ! THIRDEXDOMAIN ?? ${SIXTHBODYDOMAIN} 2279* $ ! THIRDEXDOMAIN ?? ${SEVENTHBODYDOMAIN} 2280* $ ! THIRDEXDOMAIN ?? ${FROMDOMAIN} 2281* $ ! THIRDEXDOMAIN ?? ${REPLYTODOMAIN} 2282* $ ! THIRDEXDOMAIN ?? ${ERRORDOMAIN} 2283* $ ! THIRDEXDOMAIN ?? ${FIRSTEXDOMAIN} 2284* $ ! THIRDEXDOMAIN ?? ${SECONDEXDOMAIN} 2285{ 2286 LOCALDESCRIPTION="Third ExRev Domain:" 2287 LOCALCHECK=${THIRDEXDOMAIN} 2288 LOCALREVCHECK=${THIRDEXDOMAIN} 2289 RDNSSERVER="dbl.plan3.org" 2290 2291 :0 2292 * SDBLCHECK ?? ^yes$ 2293 { 2294 RDNSNAME1="SDBL" 2295 RDNSRESPONSE1="127\.0\.0\.2" 2296 RDNSSCORE1="5" 2297 } 2298 2299 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2300} 2301 2302INCLUDERC=${SBDIR}/functions/test-threshold.rc 2303 2304# Check Fourth External Received Domain. 2305# 2306:0 2307* LOCALTAG ?? ^no$ 2308* LT2 ?? ^yes$ 2309* ! FOURTHEXDOMAIN ?? ^example\.com$ 2310* $ ! FOURTHEXDOMAIN ?? ${FIRSTBODYDOMAIN} 2311* $ ! FOURTHEXDOMAIN ?? ${SECONDBODYDOMAIN} 2312* $ ! FOURTHEXDOMAIN ?? ${THIRDBODYDOMAIN} 2313* $ ! FOURTHEXDOMAIN ?? ${FOURTHBODYDOMAIN} 2314* $ ! FOURTHEXDOMAIN ?? ${FIFTHBODYDOMAIN} 2315* $ ! FOURTHEXDOMAIN ?? ${SIXTHBODYDOMAIN} 2316* $ ! FOURTHEXDOMAIN ?? ${SEVENTHBODYDOMAIN} 2317* $ ! FOURTHEXDOMAIN ?? ${FROMDOMAIN} 2318* $ ! FOURTHEXDOMAIN ?? ${REPLYTODOMAIN} 2319* $ ! FOURTHEXDOMAIN ?? ${ERRORDOMAIN} 2320* $ ! FOURTHEXDOMAIN ?? ${FIRSTEXDOMAIN} 2321* $ ! FOURTHEXDOMAIN ?? ${SECONDEXDOMAIN} 2322* $ ! FOURTHEXDOMAIN ?? ${THIRDEXDOMAIN} 2323{ 2324 LOCALDESCRIPTION="Fourth ExRev Domain:" 2325 LOCALCHECK=${FOURTHEXDOMAIN} 2326 LOCALREVCHECK=${FOURTHEXDOMAIN} 2327 RDNSSERVER="dbl.plan3.org" 2328 2329 :0 2330 * SDBLCHECK ?? ^yes$ 2331 { 2332 RDNSNAME1="SDBL" 2333 RDNSRESPONSE1="127\.0\.0\.2" 2334 RDNSSCORE1="5" 2335 } 2336 2337 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2338} 2339 2340INCLUDERC=${SBDIR}/functions/test-threshold.rc 2341 2342# Check First External HELO Domain. 2343# 2344:0 2345* LOCALTAG ?? ^no$ 2346* LT2 ?? ^yes$ 2347* ! FIRSTEXHELODOMAIN ?? ^example\.com$ 2348* $ ! FIRSTEXHELODOMAIN ?? ${FIRSTBODYDOMAIN} 2349* $ ! FIRSTEXHELODOMAIN ?? ${SECONDBODYDOMAIN} 2350* $ ! FIRSTEXHELODOMAIN ?? ${THIRDBODYDOMAIN} 2351* $ ! FIRSTEXHELODOMAIN ?? ${FOURTHBODYDOMAIN} 2352* $ ! FIRSTEXHELODOMAIN ?? ${FIFTHBODYDOMAIN} 2353* $ ! FIRSTEXHELODOMAIN ?? ${SIXTHBODYDOMAIN} 2354* $ ! FIRSTEXHELODOMAIN ?? ${SEVENTHBODYDOMAIN} 2355* $ ! FIRSTEXHELODOMAIN ?? ${FROMDOMAIN} 2356* $ ! FIRSTEXHELODOMAIN ?? ${REPLYTODOMAIN} 2357* $ ! FIRSTEXHELODOMAIN ?? ${ERRORDOMAIN} 2358* $ ! FIRSTEXHELODOMAIN ?? ${FIRSTEXDOMAIN} 2359* $ ! FIRSTEXHELODOMAIN ?? ${SECONDEXDOMAIN} 2360* $ ! FIRSTEXHELODOMAIN ?? ${THIRDEXDOMAIN} 2361* $ ! FIRSTEXHELODOMAIN ?? ${FOURTHEXDOMAIN} 2362{ 2363 LOCALDESCRIPTION="First ExHELO Domain:" 2364 LOCALCHECK=${FIRSTEXHELODOMAIN} 2365 LOCALREVCHECK=${FIRSTEXHELODOMAIN} 2366 RDNSSERVER="dbl.plan3.org" 2367 2368 :0 2369 * SDBLCHECK ?? ^yes$ 2370 { 2371 RDNSNAME1="SDBL" 2372 RDNSRESPONSE1="127\.0\.0\.2" 2373 RDNSSCORE1="5" 2374 } 2375 2376 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2377} 2378 2379INCLUDERC=${SBDIR}/functions/test-threshold.rc 2380 2381:0 2382* ! SBCONFIG ?? Debug 2383* SPAMTAG ?? yes 2384{ LOCALTAG=yes } 2385 2386 2387# SURBL (Spam URI Realtime Blocklist) 2388# 2389# The SURBL is designed to be used to check the domains and IPs 2390# actually found in the message bodies of spam, not the IPs in 2391# headers or the rDNS IPs of the URL hosts in the message bodies. 2392# Using it therefore generates less "overhead" on your system 2393# than many of the other blocklists. It's also extremely 2394# effective. 2395# 2396LT2=no 2397 2398# AbuseButler URI data 2399:0 2400* SURBLABCHECK ?? yes 2401{ LT2=yes } 2402 2403# Outblaze URI data 2404:0 2405* SURBLOBCHECK ?? yes 2406{ LT2=yes } 2407 2408# URI data from Phishing spams 2409:0 2410* SURBLPHCHECK ?? yes 2411{ LT2=yes } 2412 2413# Wein/Dijkxhoorn URI data 2414:0 2415* SURBLPJCHECK ?? yes 2416{ LT2=yes } 2417 2418# Spamcop URI data 2419:0 2420* SURBLSCCHECK ?? yes 2421{ LT2=yes } 2422 2423# William Stearn's blacklist data 2424:0 2425* SURBLWSCHECK ?? yes 2426{ LT2=yes } 2427 2428# Check first message body IP, if one exists. 2429# 2430:0 2431* LOCALTAG ?? no$ 2432* LT2 ?? yes 2433* ! FIRSTBODYIP ?? ^000\.000\.000\.000$ 2434{ 2435 LOCALDESCRIPTION="Body IP:" 2436 LOCALCHECK=${FIRSTBODYIP} 2437 LOCALREVCHECK=${FIRSTBODYREVIP} 2438 RDNSSERVER="multi.surbl.org" 2439 2440 :0 2441 * SURBLABCHECK ?? yes 2442 { 2443 RDNSNAME1="SURBL (Abuse Butler)" 2444 RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 2445 102|104|106|108|110|112|114|116|118|120|122|124|126)" 2446 RDNSSCORE1="5" 2447 } 2448 2449 :0 2450 * SURBLOBCHECK ?? yes 2451 { 2452 RDNSNAME2="SURBL (OutBlaze)" 2453 RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 2454 88|90|92|94|112|114|116|118|120|122|124|126)" 2455 RDNSSCORE2="5" 2456 } 2457 2458 :0 2459 * SURBLPHCHECK ?? yes 2460 { 2461 RDNSNAME3="SURBL (Phishing)" 2462 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 2463 88|90|92|94|104|106|108|110|120|122|124|126)" 2464 RDNSSCORE3="5" 2465 } 2466 2467 :0 2468 * SURBLWSCHECK ?? yes 2469 { 2470 RDNSNAME4="SURBL (William Stearns)" 2471 RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 2472 84|86|92|94|100|102|108|110|116|118|124|126)" 2473 RDNSSCORE4="5" 2474 } 2475 2476 :0 2477 * SURBLSCCHECK ?? yes 2478 { 2479 RDNSNAME5="SURBL (Spamcop)" 2480 RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 2481 82|86|90|94|98|102|106|110|114|118|122|126)" 2482 RDNSSCORE5="5" 2483 } 2484 2485 :0 2486 * SURBLPJCHECK ?? yes 2487 { 2488 RDNSNAME6="SURBL (Wein/Dijkxhoorn)" 2489 RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 2490 102|104|106|108|110|112|114|116|118|120|122|124|126)" 2491 RDNSSCORE6="5" 2492 } 2493 2494 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2495} 2496 2497INCLUDERC=${SBDIR}/functions/test-threshold.rc 2498 2499:0 2500* ! SBCONFIG ?? Debug 2501* SPAMTAG ?? yes 2502{ LOCALTAG=yes } 2503 2504# Check second message body IP, if one exists. 2505# 2506:0 2507* LOCALTAG ?? no$ 2508* LT2 ?? yes 2509* ! SECONDBODYIP ?? ^000\.000\.000\.000$ 2510* $ ! SECONDBODYIP ?? ${FIRSTBODYIP} 2511{ 2512 LOCALDESCRIPTION="Body IP:" 2513 LOCALCHECK=${SECONDBODYIP} 2514 LOCALREVCHECK=${SECONDBODYREVIP} 2515 RDNSSERVER="multi.surbl.org" 2516 2517 :0 2518 * SURBLABCHECK ?? yes 2519 { 2520 RDNSNAME1="SURBL (Abuse Butler)" 2521 RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 2522 102|104|106|108|110|112|114|116|118|120|122|124|126)" 2523 RDNSSCORE1="5" 2524 } 2525 2526 :0 2527 * SURBLOBCHECK ?? yes 2528 { 2529 RDNSNAME2="SURBL (OutBlaze)" 2530 RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 2531 88|90|92|94|112|114|116|118|120|122|124|126)" 2532 RDNSSCORE2="5" 2533 } 2534 2535 :0 2536 * SURBLPHCHECK ?? yes 2537 { 2538 RDNSNAME3="SURBL (Phishing)" 2539 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 2540 88|90|92|94|104|106|108|110|120|122|124|126)" 2541 RDNSSCORE3="5" 2542 } 2543 2544 :0 2545 * SURBLWSCHECK ?? yes 2546 { 2547 RDNSNAME4="SURBL (William Stearns)" 2548 RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 2549 84|86|92|94|100|102|108|110|116|118|124|126)" 2550 RDNSSCORE4="5" 2551 } 2552 2553 :0 2554 * SURBLSCCHECK ?? yes 2555 { 2556 RDNSNAME5="SURBL (Spamcop)" 2557 RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 2558 82|86|90|94|98|102|106|110|114|118|122|126)" 2559 RDNSSCORE5="5" 2560 } 2561 2562 :0 2563 * SURBLPJCHECK ?? yes 2564 { 2565 RDNSNAME6="SURBL (Wein/Dijkxhoorn)" 2566 RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 2567 102|104|106|108|110|112|114|116|118|120|122|124|126)" 2568 RDNSSCORE6="5" 2569 } 2570 2571 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2572} 2573 2574INCLUDERC=${SBDIR}/functions/test-threshold.rc 2575 2576:0 2577* ! SBCONFIG ?? Debug 2578* SPAMTAG ?? yes 2579{ LOCALTAG=yes } 2580 2581# Check third message body IP, if one exists. 2582# 2583:0 2584* LOCALTAG ?? no$ 2585* LT2 ?? yes 2586* ! THIRDBODYIP ?? ^000\.000\.000\.000$ 2587* $ ! THIRDBODYIP ?? ${FIRSTBODYIP} 2588* $ ! THIRDBODYIP ?? ${SECONDBODYIP} 2589{ 2590 LOCALDESCRIPTION="Body IP:" 2591 LOCALCHECK=${THIRDBODYIP} 2592 LOCALREVCHECK=${THIRDBODYREVIP} 2593 RDNSSERVER="multi.surbl.org" 2594 2595 :0 2596 * SURBLABCHECK ?? yes 2597 { 2598 RDNSNAME1="SURBL (Abuse Butler)" 2599 RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 2600 102|104|106|108|110|112|114|116|118|120|122|124|126)" 2601 RDNSSCORE1="5" 2602 } 2603 2604 :0 2605 * SURBLOBCHECK ?? yes 2606 { 2607 RDNSNAME2="SURBL (OutBlaze)" 2608 RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 2609 88|90|92|94|112|114|116|118|120|122|124|126)" 2610 RDNSSCORE2="5" 2611 } 2612 2613 :0 2614 * SURBLPHCHECK ?? yes 2615 { 2616 RDNSNAME3="SURBL (Phishing)" 2617 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 2618 88|90|92|94|104|106|108|110|120|122|124|126)" 2619 RDNSSCORE3="5" 2620 } 2621 2622 :0 2623 * SURBLWSCHECK ?? yes 2624 { 2625 RDNSNAME4="SURBL (William Stearns)" 2626 RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 2627 84|86|92|94|100|102|108|110|116|118|124|126)" 2628 RDNSSCORE4="5" 2629 } 2630 2631 :0 2632 * SURBLSCCHECK ?? yes 2633 { 2634 RDNSNAME5="SURBL (Spamcop)" 2635 RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 2636 82|86|90|94|98|102|106|110|114|118|122|126)" 2637 RDNSSCORE5="5" 2638 } 2639 2640 :0 2641 * SURBLPJCHECK ?? yes 2642 { 2643 RDNSNAME6="SURBL (Wein/Dijkxhoorn)" 2644 RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 2645 102|104|106|108|110|112|114|116|118|120|122|124|126)" 2646 RDNSSCORE6="5" 2647 } 2648 2649 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2650} 2651 2652INCLUDERC=${SBDIR}/functions/test-threshold.rc 2653 2654:0 2655* ! SBCONFIG ?? Debug 2656* SPAMTAG ?? yes 2657{ LOCALTAG=yes } 2658 2659# Check fourth message body IP, if one exists. 2660# 2661:0 2662* LOCALTAG ?? no$ 2663* LT2 ?? yes 2664* ! FOURTHBODYIP ?? ^000\.000\.000\.000$ 2665* $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} 2666* $ ! FOURTHBODYIP ?? ${SECONDBODYIP} 2667* $ ! FOURTHBODYIP ?? ${THIRDBODYIP} 2668{ 2669 LOCALDESCRIPTION="Body IP:" 2670 LOCALCHECK=${FOURTHBODYIP} 2671 LOCALREVCHECK=${FOURTHBODYREVIP} 2672 RDNSSERVER="multi.surbl.org" 2673 2674 :0 2675 * SURBLABCHECK ?? yes 2676 { 2677 RDNSNAME1="SURBL (Abuse Butler)" 2678 RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 2679 102|104|106|108|110|112|114|116|118|120|122|124|126)" 2680 RDNSSCORE1="5" 2681 } 2682 2683 :0 2684 * SURBLOBCHECK ?? yes 2685 { 2686 RDNSNAME2="SURBL (OutBlaze)" 2687 RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 2688 88|90|92|94|112|114|116|118|120|122|124|126)" 2689 RDNSSCORE2="5" 2690 } 2691 2692 :0 2693 * SURBLPHCHECK ?? yes 2694 { 2695 RDNSNAME3="SURBL (Phishing)" 2696 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 2697 88|90|92|94|104|106|108|110|120|122|124|126)" 2698 RDNSSCORE3="5" 2699 } 2700 2701 :0 2702 * SURBLWSCHECK ?? yes 2703 { 2704 RDNSNAME4="SURBL (William Stearns)" 2705 RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 2706 84|86|92|94|100|102|108|110|116|118|124|126)" 2707 RDNSSCORE4="5" 2708 } 2709 2710 :0 2711 * SURBLSCCHECK ?? yes 2712 { 2713 RDNSNAME5="SURBL (Spamcop)" 2714 RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 2715 82|86|90|94|98|102|106|110|114|118|122|126)" 2716 RDNSSCORE5="5" 2717 } 2718 2719 :0 2720 * SURBLPJCHECK ?? yes 2721 { 2722 RDNSNAME6="SURBL (Wein/Dijkxhoorn)" 2723 RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 2724 102|104|106|108|110|112|114|116|118|120|122|124|126)" 2725 RDNSSCORE6="5" 2726 } 2727 2728 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2729} 2730 2731INCLUDERC=${SBDIR}/functions/test-threshold.rc 2732 2733:0 2734* ! SBCONFIG ?? Debug 2735* SPAMTAG ?? yes 2736{ LOCALTAG=yes } 2737 2738# Check fifth message body IP, if one exists. 2739# 2740:0 2741* LOCALTAG ?? no$ 2742* LT2 ?? yes 2743* ! FIFTHBODYIP ?? ^000\.000\.000\.000$ 2744* $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} 2745* $ ! FIFTHBODYIP ?? ${SECONDBODYIP} 2746* $ ! FIFTHBODYIP ?? ${THIRDBODYIP} 2747* $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} 2748{ 2749 LOCALDESCRIPTION="Body IP:" 2750 LOCALCHECK=${FIFTHBODYIP} 2751 LOCALREVCHECK=${FIFTHBODYREVIP} 2752 RDNSSERVER="multi.surbl.org" 2753 2754 :0 2755 * SURBLABCHECK ?? yes 2756 { 2757 RDNSNAME1="SURBL (Abuse Butler)" 2758 RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 2759 102|104|106|108|110|112|114|116|118|120|122|124|126)" 2760 RDNSSCORE1="5" 2761 } 2762 2763 :0 2764 * SURBLOBCHECK ?? yes 2765 { 2766 RDNSNAME2="SURBL (OutBlaze)" 2767 RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 2768 88|90|92|94|112|114|116|118|120|122|124|126)" 2769 RDNSSCORE2="5" 2770 } 2771 2772 :0 2773 * SURBLPHCHECK ?? yes 2774 { 2775 RDNSNAME3="SURBL (Phishing)" 2776 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 2777 88|90|92|94|104|106|108|110|120|122|124|126)" 2778 RDNSSCORE3="5" 2779 } 2780 2781 :0 2782 * SURBLWSCHECK ?? yes 2783 { 2784 RDNSNAME4="SURBL (William Stearns)" 2785 RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 2786 84|86|92|94|100|102|108|110|116|118|124|126)" 2787 RDNSSCORE4="5" 2788 } 2789 2790 :0 2791 * SURBLSCCHECK ?? yes 2792 { 2793 RDNSNAME5="SURBL (Spamcop)" 2794 RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 2795 82|86|90|94|98|102|106|110|114|118|122|126)" 2796 RDNSSCORE5="5" 2797 } 2798 2799 :0 2800 * SURBLPJCHECK ?? yes 2801 { 2802 RDNSNAME6="SURBL (Wein/Dijkxhoorn)" 2803 RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 2804 102|104|106|108|110|112|114|116|118|120|122|124|126)" 2805 RDNSSCORE6="5" 2806 } 2807 2808 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2809} 2810 2811INCLUDERC=${SBDIR}/functions/test-threshold.rc 2812 2813:0 2814* ! SBCONFIG ?? Debug 2815* SPAMTAG ?? yes 2816{ LOCALTAG=yes } 2817 2818# Check sixth message body IP, if one exists. 2819# 2820:0 2821* LOCALTAG ?? no$ 2822* LT2 ?? yes 2823* ! SIXTHBODYIP ?? ^000\.000\.000\.000$ 2824* $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} 2825* $ ! SIXTHBODYIP ?? ${SECONDBODYIP} 2826* $ ! SIXTHBODYIP ?? ${THIRDBODYIP} 2827* $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} 2828* $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} 2829{ 2830 LOCALDESCRIPTION="Body IP:" 2831 LOCALCHECK=${SIXTHBODYIP} 2832 LOCALREVCHECK=${SIXTHBODYREVIP} 2833 RDNSSERVER="multi.surbl.org" 2834 2835 :0 2836 * SURBLABCHECK ?? yes 2837 { 2838 RDNSNAME1="SURBL (Abuse Butler)" 2839 RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 2840 102|104|106|108|110|112|114|116|118|120|122|124|126)" 2841 RDNSSCORE1="5" 2842 } 2843 2844 :0 2845 * SURBLOBCHECK ?? yes 2846 { 2847 RDNSNAME2="SURBL (OutBlaze)" 2848 RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 2849 88|90|92|94|112|114|116|118|120|122|124|126)" 2850 RDNSSCORE2="5" 2851 } 2852 2853 :0 2854 * SURBLPHCHECK ?? yes 2855 { 2856 RDNSNAME3="SURBL (Phishing)" 2857 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 2858 88|90|92|94|104|106|108|110|120|122|124|126)" 2859 RDNSSCORE3="5" 2860 } 2861 2862 :0 2863 * SURBLWSCHECK ?? yes 2864 { 2865 RDNSNAME4="SURBL (William Stearns)" 2866 RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 2867 84|86|92|94|100|102|108|110|116|118|124|126)" 2868 RDNSSCORE4="5" 2869 } 2870 2871 :0 2872 * SURBLSCCHECK ?? yes 2873 { 2874 RDNSNAME5="SURBL (Spamcop)" 2875 RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 2876 82|86|90|94|98|102|106|110|114|118|122|126)" 2877 RDNSSCORE5="5" 2878 } 2879 2880 :0 2881 * SURBLPJCHECK ?? yes 2882 { 2883 RDNSNAME6="SURBL (Wein/Dijkxhoorn)" 2884 RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 2885 102|104|106|108|110|112|114|116|118|120|122|124|126)" 2886 RDNSSCORE6="5" 2887 } 2888 2889 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2890} 2891 2892INCLUDERC=${SBDIR}/functions/test-threshold.rc 2893 2894:0 2895* ! SBCONFIG ?? Debug 2896* SPAMTAG ?? yes 2897{ LOCALTAG=yes } 2898 2899# Check first message body domain, if one exists. 2900# 2901:0 2902* LOCALTAG ?? no$ 2903* LT2 ?? yes 2904* ! FIRSTBODYDOMAIN ?? example\.com 2905{ 2906 LOCALDESCRIPTION="Body Domain:" 2907 LOCALCHECK=${FIRSTBODYDOMAIN} 2908 LOCALREVCHECK=${FIRSTBODYDOMAIN} 2909 RDNSSERVER="multi.surbl.org" 2910 2911 :0 2912 * SURBLABCHECK ?? yes 2913 { 2914 RDNSNAME1="SURBL (Abuse Butler)" 2915 RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 2916 102|104|106|108|110|112|114|116|118|120|122|124|126)" 2917 RDNSSCORE1="5" 2918 } 2919 2920 :0 2921 * SURBLOBCHECK ?? yes 2922 { 2923 RDNSNAME2="SURBL (OutBlaze)" 2924 RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 2925 88|90|92|94|112|114|116|118|120|122|124|126)" 2926 RDNSSCORE2="5" 2927 } 2928 2929 :0 2930 * SURBLPHCHECK ?? yes 2931 { 2932 RDNSNAME3="SURBL (Phishing)" 2933 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 2934 88|90|92|94|104|106|108|110|120|122|124|126)" 2935 RDNSSCORE3="5" 2936 } 2937 2938 :0 2939 * SURBLWSCHECK ?? yes 2940 { 2941 RDNSNAME4="SURBL (William Stearns)" 2942 RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 2943 84|86|92|94|100|102|108|110|116|118|124|126)" 2944 RDNSSCORE4="5" 2945 } 2946 2947 :0 2948 * SURBLSCCHECK ?? yes 2949 { 2950 RDNSNAME5="SURBL (Spamcop)" 2951 RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 2952 82|86|90|94|98|102|106|110|114|118|122|126)" 2953 RDNSSCORE5="5" 2954 } 2955 2956 :0 2957 * SURBLPJCHECK ?? yes 2958 { 2959 RDNSNAME6="SURBL (Wein/Dijkxhoorn)" 2960 RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 2961 102|104|106|108|110|112|114|116|118|120|122|124|126)" 2962 RDNSSCORE6="5" 2963 } 2964 2965 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 2966} 2967 2968INCLUDERC=${SBDIR}/functions/test-threshold.rc 2969 2970:0 2971* ! SBCONFIG ?? Debug 2972* SPAMTAG ?? yes 2973{ LOCALTAG=yes } 2974 2975# Check second message body domain, if one exists. 2976# 2977:0 2978* LOCALTAG ?? no$ 2979* LT2 ?? yes 2980* ! SECONDBODYDOMAIN ?? example\.com 2981* $ ! SECONDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 2982{ 2983 LOCALDESCRIPTION="Body Domain:" 2984 LOCALCHECK=${SECONDBODYDOMAIN} 2985 LOCALREVCHECK=${SECONDBODYDOMAIN} 2986 RDNSSERVER="multi.surbl.org" 2987 2988 :0 2989 * SURBLABCHECK ?? yes 2990 { 2991 RDNSNAME1="SURBL (Abuse Butler)" 2992 RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 2993 102|104|106|108|110|112|114|116|118|120|122|124|126)" 2994 RDNSSCORE1="5" 2995 } 2996 2997 :0 2998 * SURBLOBCHECK ?? yes 2999 { 3000 RDNSNAME2="SURBL (OutBlaze)" 3001 RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 3002 88|90|92|94|112|114|116|118|120|122|124|126)" 3003 RDNSSCORE2="5" 3004 } 3005 3006 :0 3007 * SURBLPHCHECK ?? yes 3008 { 3009 RDNSNAME3="SURBL (Phishing)" 3010 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 3011 88|90|92|94|104|106|108|110|120|122|124|126)" 3012 RDNSSCORE3="5" 3013 } 3014 3015 :0 3016 * SURBLWSCHECK ?? yes 3017 { 3018 RDNSNAME4="SURBL (William Stearns)" 3019 RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 3020 84|86|92|94|100|102|108|110|116|118|124|126)" 3021 RDNSSCORE4="5" 3022 } 3023 3024 :0 3025 * SURBLSCCHECK ?? yes 3026 { 3027 RDNSNAME5="SURBL (Spamcop)" 3028 RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 3029 82|86|90|94|98|102|106|110|114|118|122|126)" 3030 RDNSSCORE5="5" 3031 } 3032 3033 :0 3034 * SURBLPJCHECK ?? yes 3035 { 3036 RDNSNAME6="SURBL (Wein/Dijkxhoorn)" 3037 RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 3038 102|104|106|108|110|112|114|116|118|120|122|124|126)" 3039 RDNSSCORE6="5" 3040 } 3041 3042 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3043} 3044 3045INCLUDERC=${SBDIR}/functions/test-threshold.rc 3046 3047:0 3048* ! SBCONFIG ?? Debug 3049* SPAMTAG ?? yes 3050{ LOCALTAG=yes } 3051 3052# Check third message body domain, if one exists. 3053# 3054:0 3055* LOCALTAG ?? no$ 3056* LT2 ?? yes 3057* ! THIRDBODYDOMAIN ?? example\.com 3058* $ ! THIRDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 3059* $ ! THIRDBODYDOMAIN ?? ${SECONDBODYDOMAIN} 3060{ 3061 LOCALDESCRIPTION="Body Domain:" 3062 LOCALCHECK=${THIRDBODYDOMAIN} 3063 LOCALREVCHECK=${THIRDBODYDOMAIN} 3064 RDNSSERVER="multi.surbl.org" 3065 3066 :0 3067 * SURBLABCHECK ?? yes 3068 { 3069 RDNSNAME1="SURBL (Abuse Butler)" 3070 RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 3071 102|104|106|108|110|112|114|116|118|120|122|124|126)" 3072 RDNSSCORE1="5" 3073 } 3074 3075 :0 3076 * SURBLOBCHECK ?? yes 3077 { 3078 RDNSNAME2="SURBL (OutBlaze)" 3079 RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 3080 88|90|92|94|112|114|116|118|120|122|124|126)" 3081 RDNSSCORE2="5" 3082 } 3083 3084 :0 3085 * SURBLPHCHECK ?? yes 3086 { 3087 RDNSNAME3="SURBL (Phishing)" 3088 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 3089 88|90|92|94|104|106|108|110|120|122|124|126)" 3090 RDNSSCORE3="5" 3091 } 3092 3093 :0 3094 * SURBLWSCHECK ?? yes 3095 { 3096 RDNSNAME4="SURBL (William Stearns)" 3097 RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 3098 84|86|92|94|100|102|108|110|116|118|124|126)" 3099 RDNSSCORE4="5" 3100 } 3101 3102 :0 3103 * SURBLSCCHECK ?? yes 3104 { 3105 RDNSNAME5="SURBL (Spamcop)" 3106 RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 3107 82|86|90|94|98|102|106|110|114|118|122|126)" 3108 RDNSSCORE5="5" 3109 } 3110 3111 :0 3112 * SURBLPJCHECK ?? yes 3113 { 3114 RDNSNAME6="SURBL (Wein/Dijkxhoorn)" 3115 RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 3116 102|104|106|108|110|112|114|116|118|120|122|124|126)" 3117 RDNSSCORE6="5" 3118 } 3119 3120 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3121} 3122 3123INCLUDERC=${SBDIR}/functions/test-threshold.rc 3124 3125:0 3126* ! SBCONFIG ?? Debug 3127* SPAMTAG ?? yes 3128{ LOCALTAG=yes } 3129 3130# Check fourth message body domain, if one exists. 3131# 3132:0 3133* LOCALTAG ?? no$ 3134* LT2 ?? yes 3135* ! FOURTHBODYDOMAIN ?? example\.com 3136* $ ! FOURTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 3137* $ ! FOURTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 3138* $ ! FOURTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 3139{ 3140 LOCALDESCRIPTION="Body Domain:" 3141 LOCALCHECK=${FOURTHBODYDOMAIN} 3142 LOCALREVCHECK=${FOURTHBODYDOMAIN} 3143 RDNSSERVER="multi.surbl.org" 3144 3145 :0 3146 * SURBLABCHECK ?? yes 3147 { 3148 RDNSNAME1="SURBL (Abuse Butler)" 3149 RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 3150 102|104|106|108|110|112|114|116|118|120|122|124|126)" 3151 RDNSSCORE1="5" 3152 } 3153 3154 :0 3155 * SURBLOBCHECK ?? yes 3156 { 3157 RDNSNAME2="SURBL (OutBlaze)" 3158 RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 3159 88|90|92|94|112|114|116|118|120|122|124|126)" 3160 RDNSSCORE2="5" 3161 } 3162 3163 :0 3164 * SURBLPHCHECK ?? yes 3165 { 3166 RDNSNAME3="SURBL (Phishing)" 3167 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 3168 88|90|92|94|104|106|108|110|120|122|124|126)" 3169 RDNSSCORE3="5" 3170 } 3171 3172 :0 3173 * SURBLWSCHECK ?? yes 3174 { 3175 RDNSNAME4="SURBL (William Stearns)" 3176 RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 3177 84|86|92|94|100|102|108|110|116|118|124|126)" 3178 RDNSSCORE4="5" 3179 } 3180 3181 :0 3182 * SURBLSCCHECK ?? yes 3183 { 3184 RDNSNAME5="SURBL (Spamcop)" 3185 RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 3186 82|86|90|94|98|102|106|110|114|118|122|126)" 3187 RDNSSCORE5="5" 3188 } 3189 3190 :0 3191 * SURBLPJCHECK ?? yes 3192 { 3193 RDNSNAME6="SURBL (Wein/Dijkxhoorn)" 3194 RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 3195 102|104|106|108|110|112|114|116|118|120|122|124|126)" 3196 RDNSSCORE6="5" 3197 } 3198 3199 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3200} 3201 3202INCLUDERC=${SBDIR}/functions/test-threshold.rc 3203 3204:0 3205* ! SBCONFIG ?? Debug 3206* SPAMTAG ?? yes 3207{ LOCALTAG=yes } 3208 3209# Check fifth message body domain, if one exists. 3210# 3211:0 3212* LOCALTAG ?? no$ 3213* LT2 ?? yes 3214* ! FIFTHBODYDOMAIN ?? example\.com 3215* $ ! FIFTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 3216* $ ! FIFTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 3217* $ ! FIFTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 3218* $ ! FIFTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} 3219{ 3220 LOCALDESCRIPTION="Body Domain:" 3221 LOCALCHECK=${FIFTHBODYDOMAIN} 3222 LOCALREVCHECK=${FIFTHBODYDOMAIN} 3223 RDNSSERVER="multi.surbl.org" 3224 3225 :0 3226 * SURBLABCHECK ?? yes 3227 { 3228 RDNSNAME1="SURBL (Abuse Butler)" 3229 RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 3230 102|104|106|108|110|112|114|116|118|120|122|124|126)" 3231 RDNSSCORE1="5" 3232 } 3233 3234 :0 3235 * SURBLOBCHECK ?? yes 3236 { 3237 RDNSNAME2="SURBL (OutBlaze)" 3238 RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 3239 88|90|92|94|112|114|116|118|120|122|124|126)" 3240 RDNSSCORE2="5" 3241 } 3242 3243 :0 3244 * SURBLPHCHECK ?? yes 3245 { 3246 RDNSNAME3="SURBL (Phishing)" 3247 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 3248 88|90|92|94|104|106|108|110|120|122|124|126)" 3249 RDNSSCORE3="5" 3250 } 3251 3252 :0 3253 * SURBLWSCHECK ?? yes 3254 { 3255 RDNSNAME4="SURBL (William Stearns)" 3256 RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 3257 84|86|92|94|100|102|108|110|116|118|124|126)" 3258 RDNSSCORE4="5" 3259 } 3260 3261 :0 3262 * SURBLSCCHECK ?? yes 3263 { 3264 RDNSNAME5="SURBL (Spamcop)" 3265 RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 3266 82|86|90|94|98|102|106|110|114|118|122|126)" 3267 RDNSSCORE5="5" 3268 } 3269 3270 :0 3271 * SURBLPJCHECK ?? yes 3272 { 3273 RDNSNAME6="SURBL (Wein/Dijkxhoorn)" 3274 RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 3275 102|104|106|108|110|112|114|116|118|120|122|124|126)" 3276 RDNSSCORE6="5" 3277 } 3278 3279 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3280} 3281 3282INCLUDERC=${SBDIR}/functions/test-threshold.rc 3283 3284:0 3285* ! SBCONFIG ?? Debug 3286* SPAMTAG ?? yes 3287{ LOCALTAG=yes } 3288 3289# Check sixth message body domain, if one exists. 3290# 3291:0 3292* LOCALTAG ?? no$ 3293* LT2 ?? yes 3294* ! SIXTHBODYDOMAIN ?? example\.com 3295* $ ! SIXTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 3296* $ ! SIXTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 3297* $ ! SIXTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 3298* $ ! SIXTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} 3299* $ ! SIXTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN} 3300{ 3301 LOCALDESCRIPTION="Body Domain:" 3302 LOCALCHECK=${SIXTHBODYDOMAIN} 3303 LOCALREVCHECK=${SIXTHBODYDOMAIN} 3304 RDNSSERVER="multi.surbl.org" 3305 3306 :0 3307 * SURBLABCHECK ?? yes 3308 { 3309 RDNSNAME1="SURBL (Abuse Butler)" 3310 RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 3311 102|104|106|108|110|112|114|116|118|120|122|124|126)" 3312 RDNSSCORE1="5" 3313 } 3314 3315 :0 3316 * SURBLOBCHECK ?? yes 3317 { 3318 RDNSNAME2="SURBL (OutBlaze)" 3319 RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 3320 88|90|92|94|112|114|116|118|120|122|124|126)" 3321 RDNSSCORE2="5" 3322 } 3323 3324 :0 3325 * SURBLPHCHECK ?? yes 3326 { 3327 RDNSNAME3="SURBL (Phishing)" 3328 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 3329 88|90|92|94|104|106|108|110|120|122|124|126)" 3330 RDNSSCORE3="5" 3331 } 3332 3333 :0 3334 * SURBLWSCHECK ?? yes 3335 { 3336 RDNSNAME4="SURBL (William Stearns)" 3337 RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 3338 84|86|92|94|100|102|108|110|116|118|124|126)" 3339 RDNSSCORE4="5" 3340 } 3341 3342 :0 3343 * SURBLSCCHECK ?? yes 3344 { 3345 RDNSNAME5="SURBL (Spamcop)" 3346 RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 3347 82|86|90|94|98|102|106|110|114|118|122|126)" 3348 RDNSSCORE5="5" 3349 } 3350 3351 :0 3352 * SURBLPJCHECK ?? yes 3353 { 3354 RDNSNAME6="SURBL (Wein/Dijkxhoorn)" 3355 RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 3356 102|104|106|108|110|112|114|116|118|120|122|124|126)" 3357 RDNSSCORE6="5" 3358 } 3359 3360 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3361} 3362 3363INCLUDERC=${SBDIR}/functions/test-threshold.rc 3364 3365:0 3366* ! SBCONFIG ?? Debug 3367* SPAMTAG ?? yes 3368{ LOCALTAG=yes } 3369 3370# Check seventh message body domain, if one exists. 3371# 3372:0 3373* LOCALTAG ?? no$ 3374* LT2 ?? yes 3375* ! SEVENTHBODYDOMAIN ?? example\.com 3376* $ ! SEVENTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 3377* $ ! SEVENTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 3378* $ ! SEVENTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 3379* $ ! SEVENTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} 3380* $ ! SEVENTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN} 3381* $ ! SEVENTHBODYDOMAIN ?? ${SIXTHBODYDOMAIN} 3382{ 3383 LOCALDESCRIPTION="Body Domain:" 3384 LOCALCHECK=${SEVENTHBODYDOMAIN} 3385 LOCALREVCHECK=${SEVENTHBODYDOMAIN} 3386 RDNSSERVER="multi.surbl.org" 3387 3388 :0 3389 * SURBLABCHECK ?? yes 3390 { 3391 RDNSNAME1="SURBL (Abuse Butler)" 3392 RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 3393 102|104|106|108|110|112|114|116|118|120|122|124|126)" 3394 RDNSSCORE1="5" 3395 } 3396 3397 :0 3398 * SURBLOBCHECK ?? yes 3399 { 3400 RDNSNAME2="SURBL (OutBlaze)" 3401 RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 3402 88|90|92|94|112|114|116|118|120|122|124|126)" 3403 RDNSSCORE2="5" 3404 } 3405 3406 :0 3407 * SURBLPHCHECK ?? yes 3408 { 3409 RDNSNAME3="SURBL (Phishing)" 3410 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 3411 88|90|92|94|104|106|108|110|120|122|124|126)" 3412 RDNSSCORE3="5" 3413 } 3414 3415 :0 3416 * SURBLWSCHECK ?? yes 3417 { 3418 RDNSNAME4="SURBL (William Stearns)" 3419 RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 3420 84|86|92|94|100|102|108|110|116|118|124|126)" 3421 RDNSSCORE4="5" 3422 } 3423 3424 :0 3425 * SURBLSCCHECK ?? yes 3426 { 3427 RDNSNAME5="SURBL (Spamcop)" 3428 RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 3429 82|86|90|94|98|102|106|110|114|118|122|126)" 3430 RDNSSCORE5="5" 3431 } 3432 3433 :0 3434 * SURBLPJCHECK ?? yes 3435 { 3436 RDNSNAME6="SURBL (Wein/Dijkxhoorn)" 3437 RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 3438 102|104|106|108|110|112|114|116|118|120|122|124|126)" 3439 RDNSSCORE6="5" 3440 } 3441 3442 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3443} 3444 3445INCLUDERC=${SBDIR}/functions/test-threshold.rc 3446 3447:0 3448* ! SBCONFIG ?? Debug 3449* SPAMTAG ?? yes 3450{ LOCALTAG=yes } 3451 3452 3453# URIBL Blocklists 3454# 3455# Blocklists of URI domains and IPs. "Black" should 3456# have no false positives. (It sometimes does, but they're 3457# delisted quickly.) "Grey" lists domains and IPs that send 3458# spam, but also send a significant amount of non-spam email. 3459# "Red" lists domains that share nameservers with one or more 3460# domains listed in "Black". "Red" is experimental and could 3461# lead to significant false positives, so is scored very lightly. 3462# 3463LT2=no 3464 3465:0 3466* URIBLCHECK ?? yes 3467{ LT2=yes } 3468 3469:0 3470* URIBLGREYCHECK ?? yes 3471{ LT2=yes } 3472 3473:0 3474* URIBLREDCHECK ?? yes 3475{ LT2=yes } 3476 3477# Check first message body domain, if one exists. 3478# 3479:0 3480* LOCALTAG ?? no$ 3481* LT2 ?? yes 3482* ! FIRSTBODYDOMAIN ?? ^example\.com$ 3483{ 3484 LOCALDESCRIPTION="Body Domain:" 3485 LOCALCHECK=${FIRSTBODYDOMAIN} 3486 LOCALREVCHECK=${FIRSTBODYDOMAIN} 3487 RDNSSERVER="multi.uribl.com" 3488 3489 :0 3490 * URIBLCHECK ?? yes 3491 { 3492 RDNSNAME1="URIBL Black" 3493 RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" 3494 RDNSSCORE1="5" 3495 } 3496 3497 :0 3498 * URIBLGREYCHECK ?? yes 3499 { 3500 RDNSNAME2="URIBL Grey" 3501 RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" 3502 RDNSSCORE2="2" 3503 } 3504 3505 :0 3506 * URIBLREDCHECK ?? yes 3507 { 3508 RDNSNAME3="URIBL Red" 3509 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" 3510 RDNSSCORE3="1" 3511 } 3512 3513 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3514} 3515 3516INCLUDERC=${SBDIR}/functions/test-threshold.rc 3517 3518# Check second message body domain, if one exists. 3519# 3520:0 3521* LOCALTAG ?? no$ 3522* LT2 ?? yes 3523* ! SECONDBODYDOMAIN ?? ^example\.com$ 3524* $ ! SECONDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 3525{ 3526 LOCALDESCRIPTION="Body Domain:" 3527 LOCALCHECK=${SECONDBODYDOMAIN} 3528 LOCALREVCHECK=${SECONDBODYDOMAIN} 3529 RDNSSERVER="multi.uribl.com" 3530 3531 :0 3532 * URIBLCHECK ?? yes 3533 { 3534 RDNSNAME1="URIBL Black" 3535 RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" 3536 RDNSSCORE1="4" 3537 } 3538 3539 :0 3540 * URIBLGREYCHECK ?? yes 3541 { 3542 RDNSNAME2="URIBL Grey" 3543 RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" 3544 RDNSSCORE2="2" 3545 } 3546 3547 :0 3548 * URIBLREDCHECK ?? yes 3549 { 3550 RDNSNAME3="URIBL Red" 3551 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" 3552 RDNSSCORE3="1" 3553 } 3554 3555 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3556} 3557 3558INCLUDERC=${SBDIR}/functions/test-threshold.rc 3559 3560 3561# Check third message body domain, if one exists. 3562# 3563:0 3564* LOCALTAG ?? no$ 3565* LT2 ?? yes 3566* ! THIRDBODYDOMAIN ?? ^example\.com$ 3567* $ ! THIRDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 3568* $ ! THIRDBODYDOMAIN ?? ${SECONDBODYDOMAIN} 3569{ 3570 LOCALDESCRIPTION="Body Domain:" 3571 LOCALCHECK=${THIRDBODYDOMAIN} 3572 LOCALREVCHECK=${THIRDBODYDOMAIN} 3573 RDNSSERVER="multi.uribl.com" 3574 3575 :0 3576 * URIBLCHECK ?? yes 3577 { 3578 RDNSNAME1="URIBL Black" 3579 RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" 3580 RDNSSCORE1="4" 3581 } 3582 3583 :0 3584 * URIBLGREYCHECK ?? yes 3585 { 3586 RDNSNAME2="URIBL Grey" 3587 RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" 3588 RDNSSCORE2="2" 3589 } 3590 3591 :0 3592 * URIBLREDCHECK ?? yes 3593 { 3594 RDNSNAME3="URIBL Red" 3595 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" 3596 RDNSSCORE3="1" 3597 } 3598 3599 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3600} 3601 3602INCLUDERC=${SBDIR}/functions/test-threshold.rc 3603 3604# Check fourth message body domain, if one exists. 3605# 3606:0 3607* LOCALTAG ?? no$ 3608* LT2 ?? yes 3609* ! FOURTHBODYDOMAIN ?? ^example\.com$ 3610* $ ! FOURTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 3611* $ ! FOURTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 3612* $ ! FOURTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 3613{ 3614 LOCALDESCRIPTION="Body Domain:" 3615 LOCALCHECK=${FOURTHBODYDOMAIN} 3616 LOCALREVCHECK=${FOURTHBODYDOMAIN} 3617 RDNSSERVER="multi.uribl.com" 3618 3619 :0 3620 * URIBLCHECK ?? yes 3621 { 3622 RDNSNAME1="URIBL Black" 3623 RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" 3624 RDNSSCORE1="4" 3625 } 3626 3627 :0 3628 * URIBLGREYCHECK ?? yes 3629 { 3630 RDNSNAME2="URIBL Grey" 3631 RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" 3632 RDNSSCORE2="2" 3633 } 3634 3635 :0 3636 * URIBLREDCHECK ?? yes 3637 { 3638 RDNSNAME3="URIBL Red" 3639 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" 3640 RDNSSCORE3="1" 3641 } 3642 3643 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3644} 3645 3646INCLUDERC=${SBDIR}/functions/test-threshold.rc 3647 3648# Check fifth message body domain, if one exists. 3649# 3650:0 3651* LOCALTAG ?? no$ 3652* LT2 ?? yes 3653* ! FIFTHBODYDOMAIN ?? ^example\.com$ 3654* $ ! FIFTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 3655* $ ! FIFTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 3656* $ ! FIFTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 3657* $ ! FIFTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} 3658{ 3659 LOCALDESCRIPTION="Body Domain:" 3660 LOCALCHECK=${FIFTHBODYDOMAIN} 3661 LOCALREVCHECK=${FIFTHBODYDOMAIN} 3662 RDNSSERVER="multi.uribl.com" 3663 3664 :0 3665 * URIBLCHECK ?? yes 3666 { 3667 RDNSNAME1="URIBL Black" 3668 RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" 3669 RDNSSCORE1="4" 3670 } 3671 3672 :0 3673 * URIBLGREYCHECK ?? yes 3674 { 3675 RDNSNAME2="URIBL Grey" 3676 RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" 3677 RDNSSCORE2="2" 3678 } 3679 3680 :0 3681 * URIBLREDCHECK ?? yes 3682 { 3683 RDNSNAME3="URIBL Red" 3684 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" 3685 RDNSSCORE3="1" 3686 } 3687 3688 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3689} 3690 3691INCLUDERC=${SBDIR}/functions/test-threshold.rc 3692 3693# Check sixth message body domain, if one exists. 3694# 3695:0 3696* LOCALTAG ?? no$ 3697* LT2 ?? yes 3698* ! SIXTHBODYDOMAIN ?? ^example\.com$ 3699* $ ! SIXTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 3700* $ ! SIXTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 3701* $ ! SIXTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 3702* $ ! SIXTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} 3703* $ ! SIXTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN} 3704{ 3705 LOCALDESCRIPTION="Body Domain:" 3706 LOCALCHECK=${SIXTHBODYDOMAIN} 3707 LOCALREVCHECK=${SIXTHBODYDOMAIN} 3708 RDNSSERVER="multi.uribl.com" 3709 3710 :0 3711 * URIBLCHECK ?? yes 3712 { 3713 RDNSNAME1="URIBL Black" 3714 RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" 3715 RDNSSCORE1="4" 3716 } 3717 3718 :0 3719 * URIBLGREYCHECK ?? yes 3720 { 3721 RDNSNAME2="URIBL Grey" 3722 RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" 3723 RDNSSCORE2="2" 3724 } 3725 3726 :0 3727 * URIBLREDCHECK ?? yes 3728 { 3729 RDNSNAME3="URIBL Red" 3730 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" 3731 RDNSSCORE3="1" 3732 } 3733 3734 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3735} 3736 3737INCLUDERC=${SBDIR}/functions/test-threshold.rc 3738 3739# Check seventh message body domain, if one exists. 3740# 3741:0 3742* LOCALTAG ?? no$ 3743* LT2 ?? yes 3744* ! SEVENTHBODYDOMAIN ?? ^example\.com$ 3745* $ ! SEVENTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 3746* $ ! SEVENTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 3747* $ ! SEVENTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 3748* $ ! SEVENTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} 3749* $ ! SEVENTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN} 3750* $ ! SEVENTHBODYDOMAIN ?? ${SIXTHBODYDOMAIN} 3751{ 3752 LOCALDESCRIPTION="Body Domain:" 3753 LOCALCHECK=${SEVENTHBODYDOMAIN} 3754 LOCALREVCHECK=${SEVENTHBODYDOMAIN} 3755 RDNSSERVER="multi.uribl.com" 3756 3757 :0 3758 * URIBLCHECK ?? yes 3759 { 3760 RDNSNAME1="URIBL Black" 3761 RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" 3762 RDNSSCORE1="4" 3763 } 3764 3765 :0 3766 * URIBLGREYCHECK ?? yes 3767 { 3768 RDNSNAME2="URIBL Grey" 3769 RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" 3770 RDNSSCORE2="2" 3771 } 3772 3773 :0 3774 * URIBLREDCHECK ?? yes 3775 { 3776 RDNSNAME3="URIBL Red" 3777 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" 3778 RDNSSCORE3="1" 3779 } 3780 3781 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3782} 3783 3784INCLUDERC=${SBDIR}/functions/test-threshold.rc 3785 3786# Check first message body IP, if one exists. 3787# 3788:0 3789* LOCALTAG ?? no$ 3790* LT2 ?? yes 3791* ! FIRSTBODYIP ?? ^000\.000\.000\.000$ 3792{ 3793 LOCALDESCRIPTION="Body IP:" 3794 LOCALCHECK=${FIRSTBODYIP} 3795 LOCALREVCHECK=${FIRSTBODYREVIP} 3796 RDNSSERVER="multi.uribl.com" 3797 3798 :0 3799 * URIBLCHECK ?? yes 3800 { 3801 RDNSNAME1="URIBL Black" 3802 RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" 3803 RDNSSCORE1="4" 3804 } 3805 3806 :0 3807 * URIBLGREYCHECK ?? yes 3808 { 3809 RDNSNAME2="URIBL Grey" 3810 RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" 3811 RDNSSCORE2="2" 3812 } 3813 3814 :0 3815 * URIBLREDCHECK ?? yes 3816 { 3817 RDNSNAME3="URIBL Red" 3818 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" 3819 RDNSSCORE3="1" 3820 } 3821 3822 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3823} 3824 3825INCLUDERC=${SBDIR}/functions/test-threshold.rc 3826 3827# Check second message body IP, if one exists. 3828# 3829:0 3830* LOCALTAG ?? no$ 3831* LT2 ?? yes 3832* ! SECONDBODYIP ?? ^000\.000\.000\.000$ 3833* $ ! SECONDBODYIP ?? ${FIRSTBODYIP} 3834{ 3835 LOCALDESCRIPTION="Body IP:" 3836 LOCALCHECK=${SECONDBODYIP} 3837 LOCALREVCHECK=${SECONDBODYREVIP} 3838 RDNSSERVER="multi.uribl.com" 3839 3840 :0 3841 * URIBLCHECK ?? yes 3842 { 3843 RDNSNAME1="URIBL Black" 3844 RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" 3845 RDNSSCORE1="4" 3846 } 3847 3848 :0 3849 * URIBLGREYCHECK ?? yes 3850 { 3851 RDNSNAME2="URIBL Grey" 3852 RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" 3853 RDNSSCORE2="2" 3854 } 3855 3856 :0 3857 * URIBLREDCHECK ?? yes 3858 { 3859 RDNSNAME3="URIBL Red" 3860 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" 3861 RDNSSCORE3="1" 3862 } 3863 3864 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3865} 3866 3867INCLUDERC=${SBDIR}/functions/test-threshold.rc 3868 3869# Check third message body IP, if one exists. 3870# 3871:0 3872* LOCALTAG ?? no$ 3873* LT2 ?? yes 3874* ! THIRDBODYIP ?? ^000\.000\.000\.000$ 3875* $ ! THIRDBODYIP ?? ${FIRSTBODYIP} 3876* $ ! THIRDBODYIP ?? ${SECONDBODYIP} 3877{ 3878 LOCALDESCRIPTION="Body IP:" 3879 LOCALCHECK=${THIRDBODYIP} 3880 LOCALREVCHECK=${THIRDBODYREVIP} 3881 RDNSSERVER="multi.uribl.com" 3882 3883 :0 3884 * URIBLCHECK ?? yes 3885 { 3886 RDNSNAME1="URIBL Black" 3887 RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" 3888 RDNSSCORE1="4" 3889 } 3890 3891 :0 3892 * URIBLGREYCHECK ?? yes 3893 { 3894 RDNSNAME2="URIBL Grey" 3895 RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" 3896 RDNSSCORE2="2" 3897 } 3898 3899 :0 3900 * URIBLREDCHECK ?? yes 3901 { 3902 RDNSNAME3="URIBL Red" 3903 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" 3904 RDNSSCORE3="1" 3905 } 3906 3907 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3908} 3909 3910INCLUDERC=${SBDIR}/functions/test-threshold.rc 3911 3912# Check fourth message body IP, if one exists. 3913# 3914:0 3915* LOCALTAG ?? no$ 3916* LT2 ?? yes 3917* ! FOURTHBODYIP ?? ^000\.000\.000\.000$ 3918* $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} 3919* $ ! FOURTHBODYIP ?? ${SECONDBODYIP} 3920* $ ! FOURTHBODYIP ?? ${THIRDBODYIP} 3921{ 3922 LOCALDESCRIPTION="Body IP:" 3923 LOCALCHECK=${FOURTHBODYIP} 3924 LOCALREVCHECK=${FOURTHBODYREVIP} 3925 RDNSSERVER="multi.uribl.com" 3926 3927 :0 3928 * URIBLCHECK ?? yes 3929 { 3930 RDNSNAME1="URIBL Black" 3931 RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" 3932 RDNSSCORE1="4" 3933 } 3934 3935 :0 3936 * URIBLGREYCHECK ?? yes 3937 { 3938 RDNSNAME2="URIBL Grey" 3939 RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" 3940 RDNSSCORE2="2" 3941 } 3942 3943 :0 3944 * URIBLREDCHECK ?? yes 3945 { 3946 RDNSNAME3="URIBL Red" 3947 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" 3948 RDNSSCORE3="1" 3949 } 3950 3951 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3952} 3953 3954INCLUDERC=${SBDIR}/functions/test-threshold.rc 3955 3956# Check fifth message body IP, if one exists. 3957# 3958:0 3959* LOCALTAG ?? no$ 3960* LT2 ?? yes 3961* ! FIFTHBODYIP ?? ^000\.000\.000\.000$ 3962* $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} 3963* $ ! FIFTHBODYIP ?? ${SECONDBODYIP} 3964* $ ! FIFTHBODYIP ?? ${THIRDBODYIP} 3965* $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} 3966{ 3967 LOCALDESCRIPTION="Body IP:" 3968 LOCALCHECK=${FIFTHBODYIP} 3969 LOCALREVCHECK=${FIFTHBODYREVIP} 3970 RDNSSERVER="multi.uribl.com" 3971 3972 :0 3973 * URIBLCHECK ?? yes 3974 { 3975 RDNSNAME1="URIBL Black" 3976 RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" 3977 RDNSSCORE1="4" 3978 } 3979 3980 :0 3981 * URIBLGREYCHECK ?? yes 3982 { 3983 RDNSNAME2="URIBL Grey" 3984 RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" 3985 RDNSSCORE2="2" 3986 } 3987 3988 :0 3989 * URIBLREDCHECK ?? yes 3990 { 3991 RDNSNAME3="URIBL Red" 3992 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" 3993 RDNSSCORE3="1" 3994 } 3995 3996 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 3997} 3998 3999INCLUDERC=${SBDIR}/functions/test-threshold.rc 4000 4001# Check sixth message body IP, if one exists. 4002# 4003:0 4004* LOCALTAG ?? no$ 4005* LT2 ?? yes 4006* ! SIXTHBODYIP ?? ^000\.000\.000\.000$ 4007* $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} 4008* $ ! SIXTHBODYIP ?? ${SECONDBODYIP} 4009* $ ! SIXTHBODYIP ?? ${THIRDBODYIP} 4010* $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} 4011* $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} 4012{ 4013 LOCALDESCRIPTION="Body IP:" 4014 LOCALCHECK=${SIXTHBODYIP} 4015 LOCALREVCHECK=${SIXTHBODYREVIP} 4016 RDNSSERVER="multi.uribl.com" 4017 4018 :0 4019 * URIBLCHECK ?? yes 4020 { 4021 RDNSNAME1="URIBL Black" 4022 RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" 4023 RDNSSCORE1="5" 4024 } 4025 4026 :0 4027 * URIBLGREYCHECK ?? yes 4028 { 4029 RDNSNAME2="URIBL Grey" 4030 RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" 4031 RDNSSCORE2="2" 4032 } 4033 4034 :0 4035 * URIBLREDCHECK ?? yes 4036 { 4037 RDNSNAME3="URIBL Red" 4038 RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" 4039 RDNSSCORE3="1" 4040 } 4041 4042 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4043} 4044 4045INCLUDERC=${SBDIR}/functions/test-threshold.rc 4046 4047:0 4048* ! SBCONFIG ?? Debug 4049* SPAMTAG ?? yes 4050{ LOCALTAG=yes } 4051 4052 4053# NJABL Blocklist Checks 4054# 4055# 4056LT2=no 4057 4058:0 4059* NJABLRSSCHECK ?? yes 4060{ LT2=yes } 4061 4062:0 4063* NJABLSRCCHECK ?? yes 4064{ LT2=yes } 4065 4066:0 4067* NJABLMULTICHECK ?? yes 4068{ LT2=yes } 4069 4070:0 4071* NJABLCGICHECK ?? yes 4072{ LT2=yes } 4073 4074:0 4075* NJABLPROXYCHECK ?? yes 4076{ LT2=yes } 4077 4078 4079# Check first external IP. 4080# 4081:0 4082* LOCALTAG ?? no$ 4083* LT2 ?? yes 4084* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 4085{ 4086 LOCALDESCRIPTION="Received IP:" 4087 LOCALCHECK=${FIRSTEXIP} 4088 LOCALREVCHECK=${FIRSTEXREVIP} 4089 RDNSSERVER="combined.njabl.org" 4090 4091 :0 4092 * NJABLRSSCHECK ?? yes 4093 { 4094 RDNSNAME1="NJABL (open relays)" 4095 RDNSRESPONSE1="127\.0\.0\.2" 4096 RDNSSCORE1="5" 4097 } 4098 4099 :0 4100 * NJABLSRCCHECK ?? yes 4101 { 4102 RDNSNAME3="NJABL (spam sources)" 4103 RDNSRESPONSE3="127\.0\.0\.4" 4104 RDNSSCORE3="10" 4105 } 4106 4107 :0 4108 * NJABLMULTICHECK ?? yes 4109 { 4110 RDNSNAME4="NJABL (multi-stage open relays)" 4111 RDNSRESPONSE4="127\.0\.0\.5" 4112 RDNSSCORE4="2" 4113 } 4114 4115 :0 4116 * NJABLCGICHECK ?? yes 4117 { 4118 RDNSNAME5="NJABL (insecure web forms)" 4119 RDNSRESPONSE5="127\.0\.0\.8" 4120 RDNSSCORE5="3" 4121 } 4122 4123 :0 4124 * NJABLPROXYCHECK ?? yes 4125 { 4126 RDNSNAME6="NJABL (open proxies)" 4127 RDNSRESPONSE6="127\.0\.0\.9" 4128 RDNSSCORE6="10" 4129 } 4130 4131 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4132} 4133 4134INCLUDERC=${SBDIR}/functions/test-threshold.rc 4135 4136:0 4137* ! SBCONFIG ?? Debug 4138* SPAMTAG ?? yes 4139{ LOCALTAG=yes } 4140 4141# Check second external IP. 4142# 4143:0 4144* LOCALTAG ?? no$ 4145* LT2 ?? yes 4146* ! SECONDEXIP ?? ^000\.000\.000\.000$ 4147* $ ! SECONDEXIP ?? ${FIRSTEXIP} 4148{ 4149 LOCALDESCRIPTION="Received IP:" 4150 LOCALCHECK=${SECONDEXIP} 4151 LOCALREVCHECK=${SECONDEXREVIP} 4152 RDNSSERVER="combined.njabl.org" 4153 4154 :0 4155 * NJABLSRCCHECK ?? yes 4156 { 4157 RDNSNAME3="NJABL (spam sources)" 4158 RDNSRESPONSE3="127\.0\.0\.4" 4159 RDNSSCORE3="5" 4160 } 4161 4162 :0 4163 * NJABLCGICHECK ?? yes 4164 { 4165 RDNSNAME5="NJABL (insecure web forms)" 4166 RDNSRESPONSE5="127\.0\.0\.8" 4167 RDNSSCORE5="3" 4168 } 4169 4170 :0 4171 * NJABLPROXYCHECK ?? yes 4172 { 4173 RDNSNAME6="NJABL (open proxies)" 4174 RDNSRESPONSE6="127\.0\.0\.9" 4175 RDNSSCORE6="5" 4176 } 4177 4178 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4179} 4180 4181INCLUDERC=${SBDIR}/functions/test-threshold.rc 4182 4183:0 4184* ! SBCONFIG ?? Debug 4185* SPAMTAG ?? yes 4186{ LOCALTAG=yes } 4187 4188# Check third external IP. 4189# 4190:0 4191* LOCALTAG ?? no$ 4192* LT2 ?? yes 4193* ! THIRDEXIP ?? ^000\.000\.000\.000$ 4194* $ ! THIRDEXIP ?? ${FIRSTEXIP} 4195* $ ! THIRDEXIP ?? ${SECONDEXIP} 4196{ 4197 LOCALDESCRIPTION="Received IP:" 4198 LOCALCHECK=${THIRDEXIP} 4199 LOCALREVCHECK=${THIRDEXREVIP} 4200 RDNSSERVER="combined.njabl.org" 4201 4202 :0 4203 * NJABLSRCCHECK ?? yes 4204 { 4205 RDNSNAME3="NJABL (spam sources)" 4206 RDNSRESPONSE3="127\.0\.0\.4" 4207 RDNSSCORE3="5" 4208 } 4209 4210 :0 4211 * NJABLCGICHECK ?? yes 4212 { 4213 RDNSNAME5="NJABL (insecure web forms)" 4214 RDNSRESPONSE5="127\.0\.0\.8" 4215 RDNSSCORE5="3" 4216 } 4217 4218 :0 4219 * NJABLPROXYCHECK ?? yes 4220 { 4221 RDNSNAME6="NJABL (open proxies)" 4222 RDNSRESPONSE6="127\.0\.0\.9" 4223 RDNSSCORE6="5" 4224 } 4225 4226 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4227} 4228 4229INCLUDERC=${SBDIR}/functions/test-threshold.rc 4230 4231:0 4232* ! SBCONFIG ?? Debug 4233* SPAMTAG ?? yes 4234{ LOCALTAG=yes } 4235 4236# Check fourth external IP. 4237# 4238:0 4239* LOCALTAG ?? no$ 4240* LT2 ?? yes 4241* ! FOURTHEXIP ?? ^000\.000\.000\.000$ 4242* $ ! FOURTHEXIP ?? ${FIRSTEXIP} 4243* $ ! FOURTHEXIP ?? ${SECONDEXIP} 4244* $ ! FOURTHEXIP ?? ${THIRDEXIP} 4245{ 4246 LOCALDESCRIPTION="Received IP:" 4247 LOCALCHECK=${FOURTHEXIP} 4248 LOCALREVCHECK=${FOURTHEXREVIP} 4249 RDNSSERVER="combined.njabl.org" 4250 4251 :0 4252 * NJABLSRCCHECK ?? yes 4253 { 4254 RDNSNAME3="NJABL (spam sources)" 4255 RDNSRESPONSE3="127\.0\.0\.4" 4256 RDNSSCORE3="5" 4257 } 4258 4259 :0 4260 * NJABLCGICHECK ?? yes 4261 { 4262 RDNSNAME5="NJABL (insecure web forms)" 4263 RDNSRESPONSE5="127\.0\.0\.8" 4264 RDNSSCORE5="3" 4265 } 4266 4267 :0 4268 * NJABLPROXYCHECK ?? yes 4269 { 4270 RDNSNAME6="NJABL (open proxies)" 4271 RDNSRESPONSE6="127\.0\.0\.9" 4272 RDNSSCORE6="5" 4273 } 4274 4275 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4276} 4277 4278INCLUDERC=${SBDIR}/functions/test-threshold.rc 4279 4280:0 4281* ! SBCONFIG ?? Debug 4282* SPAMTAG ?? yes 4283{ LOCALTAG=yes } 4284 4285# Check X-Original-IP, if exists. 4286# 4287:0 4288* LOCALTAG ?? no$ 4289* LT2 ?? yes 4290* ! XORIGINALIP ?? ^000\.000\.000\.000$ 4291* $ ! XORIGINALIP ?? ${FIRSTEXIP} 4292* $ ! XORIGINALIP ?? ${SECONDEXIP} 4293* $ ! XORIGINALIP ?? ${THIRDEXIP} 4294* $ ! XORIGINALIP ?? ${FOURTHEXIP} 4295{ 4296 LOCALDESCRIPTION="Received IP:" 4297 LOCALCHECK=${XORIGINALIP} 4298 LOCALREVCHECK=${XORIGINALREVIP} 4299 RDNSSERVER="combined.njabl.org" 4300 4301 :0 4302 * NJABLSRCCHECK ?? yes 4303 { 4304 RDNSNAME3="NJABL (spam sources)" 4305 RDNSRESPONSE3="127\.0\.0\.4" 4306 RDNSSCORE3="5" 4307 } 4308 4309 :0 4310 * NJABLCGICHECK ?? yes 4311 { 4312 RDNSNAME5="NJABL (insecure web forms)" 4313 RDNSRESPONSE5="127\.0\.0\.8" 4314 RDNSSCORE5="3" 4315 } 4316 4317 :0 4318 * NJABLPROXYCHECK ?? yes 4319 { 4320 RDNSNAME6="NJABL (open proxies)" 4321 RDNSRESPONSE6="127\.0\.0\.9" 4322 RDNSSCORE6="5" 4323 } 4324 4325 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4326} 4327 4328INCLUDERC=${SBDIR}/functions/test-threshold.rc 4329 4330:0 4331* ! SBCONFIG ?? Debug 4332* SPAMTAG ?? yes 4333{ LOCALTAG=yes } 4334 4335# Check first message body IP, if exists. 4336:0 4337* LOCALTAG ?? no$ 4338* NJABLSRCCHECK ?? yes 4339* ! FIRSTBODYIP ?? ^000\.000\.000\.000$ 4340{ 4341 LOCALDESCRIPTION="Body IP:" 4342 LOCALCHECK=${FIRSTBODYIP} 4343 LOCALREVCHECK=${FIRSTBODYREVIP} 4344 RDNSSERVER="combined.njabl.org" 4345 RDNSNAME1="NJABL (spam sources)" 4346 RDNSRESPONSE1="127\.0\.0\.4" 4347 RDNSSCORE1="5" 4348 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4349} 4350 4351INCLUDERC=${SBDIR}/functions/test-threshold.rc 4352 4353:0 4354* ! SBCONFIG ?? Debug 4355* SPAMTAG ?? yes 4356{ LOCALTAG=yes } 4357 4358# Check second message body IP, if exists. 4359:0 4360* LOCALTAG ?? no$ 4361* NJABLSRCCHECK ?? yes 4362* ! SECONDBODYIP ?? ^000\.000\.000\.000$ 4363* $ ! SECONDBODYIP ?? ${FIRSTBODYIP} 4364{ 4365 LOCALDESCRIPTION="Body IP:" 4366 LOCALCHECK=${SECONDBODYIP} 4367 LOCALREVCHECK=${SECONDBODYREVIP} 4368 RDNSSERVER="combined.njabl.org" 4369 RDNSNAME1="NJABL (spam sources)" 4370 RDNSRESPONSE1="127\.0\.0\.4" 4371 RDNSSCORE1="5" 4372 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4373} 4374 4375INCLUDERC=${SBDIR}/functions/test-threshold.rc 4376 4377:0 4378* ! SBCONFIG ?? Debug 4379* SPAMTAG ?? yes 4380{ LOCALTAG=yes } 4381 4382# Check third message body IP, if exists. 4383:0 4384* LOCALTAG ?? no$ 4385* NJABLSRCCHECK ?? yes 4386* ! THIRDBODYIP ?? ^000\.000\.000\.000$ 4387* $ ! THIRDBODYIP ?? ${FIRSTBODYIP} 4388* $ ! THIRDBODYIP ?? ${SECONDBODYIP} 4389{ 4390 LOCALDESCRIPTION="Body IP:" 4391 LOCALCHECK=${THIRDBODYIP} 4392 LOCALREVCHECK=${THIRDBODYREVIP} 4393 RDNSSERVER="combined.njabl.org" 4394 RDNSNAME1="NJABL (spam sources)" 4395 RDNSRESPONSE1="127\.0\.0\.4" 4396 RDNSSCORE1="5" 4397 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4398} 4399 4400INCLUDERC=${SBDIR}/functions/test-threshold.rc 4401 4402:0 4403* ! SBCONFIG ?? Debug 4404* SPAMTAG ?? yes 4405{ LOCALTAG=yes } 4406 4407# Check fourth message body IP, if exists. 4408:0 4409* LOCALTAG ?? no$ 4410* NJABLSRCCHECK ?? yes 4411* ! FOURTHBODYIP ?? ^000\.000\.000\.000$ 4412* $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} 4413* $ ! FOURTHBODYIP ?? ${SECONDBODYIP} 4414* $ ! FOURTHBODYIP ?? ${THIRDBODYIP} 4415{ 4416 LOCALDESCRIPTION="Body IP:" 4417 LOCALCHECK=${FOURTHBODYIP} 4418 LOCALREVCHECK=${FOURTHBODYREVIP} 4419 RDNSSERVER="combined.njabl.org" 4420 RDNSNAME1="NJABL (spam sources)" 4421 RDNSRESPONSE1="127\.0\.0\.4" 4422 RDNSSCORE1="5" 4423 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4424} 4425 4426INCLUDERC=${SBDIR}/functions/test-threshold.rc 4427 4428:0 4429* ! SBCONFIG ?? Debug 4430* SPAMTAG ?? yes 4431{ LOCALTAG=yes } 4432 4433# Check fifth message body IP, if exists. 4434:0 4435* LOCALTAG ?? no$ 4436* NJABLSRCCHECK ?? yes 4437* ! FIFTHBODYIP ?? ^000\.000\.000\.000$ 4438* $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} 4439* $ ! FIFTHBODYIP ?? ${SECONDBODYIP} 4440* $ ! FIFTHBODYIP ?? ${THIRDBODYIP} 4441* $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} 4442{ 4443 LOCALDESCRIPTION="Body IP:" 4444 LOCALCHECK=${FIFTHBODYIP} 4445 LOCALREVCHECK=${FIFTHBODYREVIP} 4446 RDNSSERVER="combined.njabl.org" 4447 RDNSNAME1="NJABL (spam sources)" 4448 RDNSRESPONSE1="127\.0\.0\.4" 4449 RDNSSCORE1="5" 4450 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4451} 4452 4453INCLUDERC=${SBDIR}/functions/test-threshold.rc 4454 4455:0 4456* ! SBCONFIG ?? Debug 4457* SPAMTAG ?? yes 4458{ LOCALTAG=yes } 4459 4460# Check sixth message body IP, if exists. 4461:0 4462* LOCALTAG ?? no$ 4463* NJABLSRCCHECK ?? yes 4464* ! SIXTHBODYIP ?? ^000\.000\.000\.000$ 4465* $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} 4466* $ ! SIXTHBODYIP ?? ${SECONDBODYIP} 4467* $ ! SIXTHBODYIP ?? ${THIRDBODYIP} 4468* $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} 4469* $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} 4470{ 4471 LOCALDESCRIPTION="Body IP:" 4472 LOCALCHECK=${SIXTHBODYIP} 4473 LOCALREVCHECK=${SIXTHBODYREVIP} 4474 RDNSSERVER="combined.njabl.org" 4475 RDNSNAME1="NJABL (spam sources)" 4476 RDNSRESPONSE1="127\.0\.0\.4" 4477 RDNSSCORE1="5" 4478 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4479} 4480 4481INCLUDERC=${SBDIR}/functions/test-threshold.rc 4482 4483:0 4484* ! SBCONFIG ?? Debug 4485* SPAMTAG ?? yes 4486{ LOCALTAG=yes } 4487 4488# Check IP of first message body host, if exists. 4489:0 4490* LOCALTAG ?? no$ 4491* NJABLSRCCHECK ?? yes 4492* ! FIRSTBODYHOSTIP ?? ^000\.000\.000\.000$ 4493{ 4494 LOCALDESCRIPTION="Body Host:" 4495 LOCALDESCRIPTION2="IP:" 4496 LOCALHOST=${FIRSTBODYHOST} 4497 LOCALCHECK=${FIRSTBODYHOSTIP} 4498 LOCALREVCHECK=${FIRSTBODYHOSTREVIP} 4499 RDNSSERVER="combined.njabl.org" 4500 RDNSNAME1="NJABL (spam sources)" 4501 RDNSRESPONSE1="127\.0\.0\.4" 4502 RDNSSCORE1="5" 4503 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 4504} 4505 4506INCLUDERC=${SBDIR}/functions/test-threshold.rc 4507 4508:0 4509* ! SBCONFIG ?? Debug 4510* SPAMTAG ?? yes 4511{ LOCALTAG=yes } 4512 4513# Check IP of second message body host, if exists. 4514:0 4515* LOCALTAG ?? no$ 4516* NJABLSRCCHECK ?? yes 4517* ! SECONDBODYHOSTIP ?? ^000\.000\.000\.000$ 4518* $ ! SECONDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 4519{ 4520 LOCALDESCRIPTION="Body Host:" 4521 LOCALDESCRIPTION2="IP:" 4522 LOCALHOST=${SECONDBODYHOST} 4523 LOCALCHECK=${SECONDBODYHOSTIP} 4524 LOCALREVCHECK=${SECONDBODYHOSTREVIP} 4525 RDNSSERVER="combined.njabl.org" 4526 RDNSNAME1="NJABL (spam sources)" 4527 RDNSRESPONSE1="127\.0\.0\.4" 4528 RDNSSCORE1="5" 4529 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 4530} 4531 4532INCLUDERC=${SBDIR}/functions/test-threshold.rc 4533 4534:0 4535* ! SBCONFIG ?? Debug 4536* SPAMTAG ?? yes 4537{ LOCALTAG=yes } 4538 4539# Check IP of third message body host, if exists. 4540:0 4541* LOCALTAG ?? no$ 4542* NJABLSRCCHECK ?? yes 4543* ! THIRDBODYHOSTIP ?? ^000\.000\.000\.000$ 4544* $ ! THIRDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 4545* $ ! THIRDBODYHOSTIP ?? ${SECONDBODYHOSTIP} 4546{ 4547 LOCALDESCRIPTION="Body Host:" 4548 LOCALDESCRIPTION2="IP:" 4549 LOCALHOST=${THIRDBODYHOST} 4550 LOCALCHECK=${THIRDBODYHOSTIP} 4551 LOCALREVCHECK=${THIRDBODYHOSTREVIP} 4552 RDNSSERVER="combined.njabl.org" 4553 RDNSNAME1="NJABL (spam sources)" 4554 RDNSRESPONSE1="127\.0\.0\.4" 4555 RDNSSCORE1="5" 4556 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 4557} 4558 4559INCLUDERC=${SBDIR}/functions/test-threshold.rc 4560 4561:0 4562* ! SBCONFIG ?? Debug 4563* SPAMTAG ?? yes 4564{ LOCALTAG=yes } 4565 4566# Check IP of fourth message body host, if exists. 4567:0 4568* LOCALTAG ?? no$ 4569* NJABLSRCCHECK ?? yes 4570* ! FOURTHBODYHOSTIP ?? ^000\.000\.000\.000$ 4571* $ ! FOURTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 4572* $ ! FOURTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 4573* $ ! FOURTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 4574{ 4575 LOCALDESCRIPTION="Body Host:" 4576 LOCALDESCRIPTION2="IP:" 4577 LOCALHOST=${FOURTHBODYHOST} 4578 LOCALCHECK=${FOURTHBODYHOSTIP} 4579 LOCALREVCHECK=${FOURTHBODYHOSTREVIP} 4580 RDNSSERVER="combined.njabl.org" 4581 RDNSNAME1="NJABL (spam sources)" 4582 RDNSRESPONSE1="127\.0\.0\.4" 4583 RDNSSCORE1="5" 4584 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 4585} 4586 4587INCLUDERC=${SBDIR}/functions/test-threshold.rc 4588 4589:0 4590* ! SBCONFIG ?? Debug 4591* SPAMTAG ?? yes 4592{ LOCALTAG=yes } 4593 4594# Check IP of fifth message body host, if exists. 4595:0 4596* LOCALTAG ?? no$ 4597* NJABLSRCCHECK ?? yes 4598* ! FIFTHBODYHOSTIP ?? ^000\.000\.000\.000$ 4599* $ ! FIFTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 4600* $ ! FIFTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 4601* $ ! FIFTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 4602* $ ! FIFTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 4603{ 4604 LOCALDESCRIPTION="Body Host:" 4605 LOCALDESCRIPTION2="IP:" 4606 LOCALHOST=${FIFTHBODYHOST} 4607 LOCALCHECK=${FIFTHBODYHOSTIP} 4608 LOCALREVCHECK=${FIFTHBODYHOSTREVIP} 4609 RDNSSERVER="combined.njabl.org" 4610 RDNSNAME1="NJABL (spam sources)" 4611 RDNSRESPONSE1="127\.0\.0\.4" 4612 RDNSSCORE1="5" 4613 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 4614} 4615 4616INCLUDERC=${SBDIR}/functions/test-threshold.rc 4617 4618:0 4619* ! SBCONFIG ?? Debug 4620* SPAMTAG ?? yes 4621{ LOCALTAG=yes } 4622 4623# Check IP of sixth message body host, if exists. 4624:0 4625* LOCALTAG ?? no$ 4626* NJABLSRCCHECK ?? yes 4627* ! SIXTHBODYHOSTIP ?? ^000\.000\.000\.000$ 4628* $ ! SIXTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 4629* $ ! SIXTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 4630* $ ! SIXTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 4631* $ ! SIXTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 4632* $ ! SIXTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} 4633{ 4634 LOCALDESCRIPTION="Body Host:" 4635 LOCALDESCRIPTION2="IP:" 4636 LOCALHOST=${SIXTHBODYHOST} 4637 LOCALCHECK=${SIXTHBODYHOSTIP} 4638 LOCALREVCHECK=${SIXTHBODYHOSTREVIP} 4639 RDNSSERVER="combined.njabl.org" 4640 RDNSNAME1="NJABL (spam sources)" 4641 RDNSRESPONSE1="127\.0\.0\.4" 4642 RDNSSCORE1="5" 4643 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 4644} 4645 4646INCLUDERC=${SBDIR}/functions/test-threshold.rc 4647 4648:0 4649* ! SBCONFIG ?? Debug 4650* SPAMTAG ?? yes 4651{ LOCALTAG=yes } 4652 4653# Check IP of seventh message body host, if exists. 4654:0 4655* LOCALTAG ?? no$ 4656* NJABLSRCCHECK ?? yes 4657* ! SEVENTHBODYHOSTIP ?? ^000\.000\.000\.000$ 4658* $ ! SEVENTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 4659* $ ! SEVENTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 4660* $ ! SEVENTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 4661* $ ! SEVENTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 4662* $ ! SEVENTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} 4663* $ ! SEVENTHBODYHOSTIP ?? ${SIXTHBODYHOSTIP} 4664{ 4665 LOCALDESCRIPTION="Body Host:" 4666 LOCALDESCRIPTION2="IP:" 4667 LOCALHOST=${SEVENTHBODYHOST} 4668 LOCALCHECK=${SEVENTHBODYHOSTIP} 4669 LOCALREVCHECK=${SEVENTHBODYHOSTREVIP} 4670 RDNSSERVER="combined.njabl.org" 4671 RDNSNAME1="NJABL (spam sources)" 4672 RDNSRESPONSE1="127\.0\.0\.4" 4673 RDNSSCORE1="5" 4674 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 4675} 4676 4677INCLUDERC=${SBDIR}/functions/test-threshold.rc 4678 4679:0 4680* ! SBCONFIG ?? Debug 4681* SPAMTAG ?? yes 4682{ LOCALTAG=yes } 4683 4684 4685# AHBL (Abusive Hosts Blocking List) 4686# 4687# There are three AHBL lists. The main blocklist lists IPs of almost every 4688# kind of abusive server, returning a different response code or codes 4689# for different issues. The supplementary rhsbl.ahbl.org blocklist lists 4690# domains. There is also a whitelist, exemptions.ahbl.org, which is 4691# located in the whitelists section of the SpamBouncer. 4692LT2=no 4693 4694:0 4695* AHBLRELAYCHECK ?? yes 4696{ LT2=yes } 4697 4698:0 4699* AHBLPROXYCHECK ?? yes 4700{ LT2=yes } 4701 4702:0 4703* AHBLSPAMCHECK ?? yes 4704{ LT2=yes } 4705 4706:0 4707* AHBLPSSLCHECK ?? yes 4708{ LT2=yes } 4709 4710:0 4711* AHBLCGICHECK ?? yes 4712{ LT2=yes } 4713 4714:0 4715* AHBLDDOSCHECK ?? yes 4716{ LT2=yes } 4717 4718# Check first external IP. 4719# 4720:0 4721* LOCALTAG ?? no$ 4722* LT2 ?? yes 4723* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 4724{ 4725 LOCALDESCRIPTION="Received IP:" 4726 LOCALCHECK=${FIRSTEXIP} 4727 LOCALREVCHECK=${FIRSTEXREVIP} 4728 RDNSSERVER="dnsbl.ahbl.org" 4729 4730 :0 4731 * AHBLRELAYCHECK ?? yes 4732 { 4733 RDNSNAME1="AHBL (open relay)" 4734 RDNSRESPONSE1="127\.0\.0\.2" 4735 RDNSSCORE1="5" 4736 } 4737 4738 :0 4739 * AHBLPROXYCHECK ?? yes 4740 { 4741 RDNSNAME2="AHBL (open proxy)" 4742 RDNSRESPONSE2="127\.0\.0\.(3|19)" 4743 RDNSSCORE2="8" 4744 } 4745 4746 :0 4747 * AHBLSPAMCHECK ?? yes 4748 { 4749 RDNSNAME3="AHBL (spam source)" 4750 RDNSRESPONSE3="127\.0\.0\.4" 4751 RDNSSCORE3="3" 4752 } 4753 4754 :0 4755 * AHBLPSSLCHECK ?? yes 4756 { 4757 RDNSNAME4="AHBL (current spam flood)" 4758 RDNSRESPONSE4="127\.0\.0\.5" 4759 RDNSSCORE4="5" 4760 } 4761 4762 :0 4763 * AHBLCGICHECK ?? yes 4764 { 4765 RDNSNAME5="AHBL (formmail spam)" 4766 RDNSRESPONSE5="127\.0\.0\.6" 4767 RDNSSCORE5="2" 4768 } 4769 4770 :0 4771 * AHBLDDOSCHECK ?? yes 4772 { 4773 RDNSNAME6="AHBL (compromised host)" 4774 RDNSRESPONSE6="127\.0\.0\.1[4-8]" 4775 RDNSSCORE6="5" 4776 } 4777 4778 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4779} 4780 4781INCLUDERC=${SBDIR}/functions/test-threshold.rc 4782 4783:0 4784* ! SBCONFIG ?? Debug 4785* SPAMTAG ?? yes 4786{ LOCALTAG=yes } 4787 4788# Check second external IP. 4789# 4790:0 4791* LOCALTAG ?? no$ 4792* LT2 ?? yes 4793* ! SECONDEXIP ?? ^000\.000\.000\.000$ 4794* $ ! SECONDEXIP ?? ${FIRSTEXIP} 4795{ 4796 LOCALDESCRIPTION="Received IP:" 4797 LOCALCHECK=${SECONDEXIP} 4798 LOCALREVCHECK=${SECONDEXREVIP} 4799 RDNSSERVER="dnsbl.ahbl.org" 4800 4801 :0 4802 * AHBLPROXYCHECK ?? yes 4803 { 4804 RDNSNAME2="AHBL (open proxy)" 4805 RDNSRESPONSE2="127\.0\.0\.(3|19)" 4806 RDNSSCORE2="5" 4807 } 4808 4809 :0 4810 * AHBLSPAMCHECK ?? yes 4811 { 4812 RDNSNAME3="AHBL (spam source)" 4813 RDNSRESPONSE3="127\.0\.0\.4" 4814 RDNSSCORE3="3" 4815 } 4816 4817 :0 4818 * AHBLCGICHECK ?? yes 4819 { 4820 RDNSNAME5="AHBL (formmail spam)" 4821 RDNSRESPONSE5="127\.0\.0\.6" 4822 RDNSSCORE5="2" 4823 } 4824 4825 :0 4826 * AHBLDDOSCHECK ?? yes 4827 { 4828 RDNSNAME6="AHBL (compromised host)" 4829 RDNSRESPONSE6="127\.0\.0\.1[4-8]" 4830 RDNSSCORE6="5" 4831 } 4832 4833 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4834} 4835 4836INCLUDERC=${SBDIR}/functions/test-threshold.rc 4837 4838:0 4839* ! SBCONFIG ?? Debug 4840* SPAMTAG ?? yes 4841{ LOCALTAG=yes } 4842 4843# Check third external IP. 4844# 4845:0 4846* LOCALTAG ?? no$ 4847* LT2 ?? yes 4848* ! THIRDEXIP ?? ^000\.000\.000\.000$ 4849* $ ! THIRDEXIP ?? ${FIRSTEXIP} 4850* $ ! THIRDEXIP ?? ${SECONDEXIP} 4851{ 4852 LOCALDESCRIPTION="Received IP:" 4853 LOCALCHECK=${THIRDEXIP} 4854 LOCALREVCHECK=${THIRDEXREVIP} 4855 RDNSSERVER="dnsbl.ahbl.org" 4856 4857 :0 4858 * AHBLPROXYCHECK ?? yes 4859 { 4860 RDNSNAME2="AHBL (open proxy)" 4861 RDNSRESPONSE2="127\.0\.0\.(3|19)" 4862 RDNSSCORE2="3" 4863 } 4864 4865 :0 4866 * AHBLSPAMCHECK ?? yes 4867 { 4868 RDNSNAME3="AHBL (spam source)" 4869 RDNSRESPONSE3="127\.0\.0\.4" 4870 RDNSSCORE3="3" 4871 } 4872 4873 :0 4874 * AHBLCGICHECK ?? yes 4875 { 4876 RDNSNAME5="AHBL (formmail spam)" 4877 RDNSRESPONSE5="127\.0\.0\.6" 4878 RDNSSCORE5="2" 4879 } 4880 4881 :0 4882 * AHBLDDOSCHECK ?? yes 4883 { 4884 RDNSNAME6="AHBL (compromised host)" 4885 RDNSRESPONSE6="127\.0\.0\.1[4-8]" 4886 RDNSSCORE6="5" 4887 } 4888 4889 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4890} 4891 4892INCLUDERC=${SBDIR}/functions/test-threshold.rc 4893 4894:0 4895* ! SBCONFIG ?? Debug 4896* SPAMTAG ?? yes 4897{ LOCALTAG=yes } 4898 4899# Check fourth external IP. 4900# 4901:0 4902* LOCALTAG ?? no$ 4903* LT2 ?? yes 4904* ! THIRDEXIP ?? ^000\.000\.000\.000$ 4905* $ ! FOURTHEXIP ?? ${FIRSTEXIP} 4906* $ ! FOURTHEXIP ?? ${SECONDEXIP} 4907* $ ! FOURTHEXIP ?? ${THIRDEXIP} 4908{ 4909 LOCALDESCRIPTION="Received IP:" 4910 LOCALCHECK=${FOURTHEXIP} 4911 LOCALREVCHECK=${FOURTHEXREVIP} 4912 RDNSSERVER="dnsbl.ahbl.org" 4913 4914 :0 4915 * AHBLPROXYCHECK ?? yes 4916 { 4917 RDNSNAME2="AHBL (open proxy)" 4918 RDNSRESPONSE2="127\.0\.0\.(3|19)" 4919 RDNSSCORE2="3" 4920 } 4921 4922 :0 4923 * AHBLSPAMCHECK ?? yes 4924 { 4925 RDNSNAME3="AHBL (spam source)" 4926 RDNSRESPONSE3="127\.0\.0\.4" 4927 RDNSSCORE3="3" 4928 } 4929 4930 :0 4931 * AHBLCGICHECK ?? yes 4932 { 4933 RDNSNAME5="AHBL (formmail spam)" 4934 RDNSRESPONSE5="127\.0\.0\.6" 4935 RDNSSCORE5="2" 4936 } 4937 4938 :0 4939 * AHBLDDOSCHECK ?? yes 4940 { 4941 RDNSNAME6="AHBL (compromised host)" 4942 RDNSRESPONSE6="127\.0\.0\.1[4-8]" 4943 RDNSSCORE6="5" 4944 } 4945 4946 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4947} 4948 4949INCLUDERC=${SBDIR}/functions/test-threshold.rc 4950 4951:0 4952* ! SBCONFIG ?? Debug 4953* SPAMTAG ?? yes 4954{ LOCALTAG=yes } 4955 4956# Check X-Original-IP or variants, if one exists. 4957# 4958:0 4959* LOCALTAG ?? no$ 4960* LT2 ?? yes 4961* ! XORIGINALIP ?? ^000\.000\.000\.000$ 4962* $ ! XORIGINALIP ?? ${FIRSTEXIP} 4963* $ ! XORIGINALIP ?? ${SECONDEXIP} 4964* $ ! XORIGINALIP ?? ${THIRDEXIP} 4965* $ ! XORIGINALIP ?? ${FOURTHEXIP} 4966{ 4967 LOCALDESCRIPTION="X-Original-IP: " 4968 LOCALCHECK=${XORIGINALIP} 4969 LOCALREVCHECK=${XORIGINALREVIP} 4970 RDNSSERVER="dnsbl.ahbl.org" 4971 4972 :0 4973 * AHBLPROXYCHECK ?? yes 4974 { 4975 RDNSNAME2="AHBL (open proxy)" 4976 RDNSRESPONSE2="127\.0\.0\.(3|19)" 4977 RDNSSCORE2="3" 4978 } 4979 4980 :0 4981 * AHBLSPAMCHECK ?? yes 4982 { 4983 RDNSNAME3="AHBL (spam source)" 4984 RDNSRESPONSE3="127\.0\.0\.4" 4985 RDNSSCORE3="3" 4986 } 4987 4988 :0 4989 * AHBLDDOSCHECK ?? yes 4990 { 4991 RDNSNAME6="AHBL (compromised host)" 4992 RDNSRESPONSE6="127\.0\.0\.1[4-8]" 4993 RDNSSCORE6="5" 4994 } 4995 4996 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 4997} 4998 4999INCLUDERC=${SBDIR}/functions/test-threshold.rc 5000 5001:0 5002* ! SBCONFIG ?? Debug 5003* SPAMTAG ?? yes 5004{ LOCALTAG=yes } 5005 5006# Check first message body IP, if one exists. 5007# 5008:0 5009* LOCALTAG ?? no$ 5010* AHBLSPAMCHECK ?? yes 5011* ! FIRSTBODYIP ?? ^000\.000\.000\.000$ 5012{ 5013 LOCALDESCRIPTION="Body IP:" 5014 LOCALCHECK=${FIRSTBODYIP} 5015 LOCALREVCHECK=${FIRSTBODYREVIP} 5016 RDNSSERVER="dnsbl.ahbl.org" 5017 RDNSNAME3="AHBL (spam source)" 5018 RDNSRESPONSE3="127\.0\.0\.4" 5019 RDNSSCORE3="3" 5020 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5021} 5022 5023INCLUDERC=${SBDIR}/functions/test-threshold.rc 5024 5025:0 5026* ! SBCONFIG ?? Debug 5027* SPAMTAG ?? yes 5028{ LOCALTAG=yes } 5029 5030# Check second message body IP, if one exists. 5031# 5032:0 5033* LOCALTAG ?? no$ 5034* AHBLSPAMCHECK ?? yes 5035* ! SECONDBODYIP ?? ^000\.000\.000\.000$ 5036* $ ! SECONDBODYIP ?? ${FIRSTBODYIP} 5037{ 5038 LOCALDESCRIPTION="Body IP:" 5039 LOCALCHECK=${SECONDBODYIP} 5040 LOCALREVCHECK=${SECONDBODYREVIP} 5041 RDNSSERVER="dnsbl.ahbl.org" 5042 RDNSNAME3="AHBL (spam source)" 5043 RDNSRESPONSE3="127\.0\.0\.4" 5044 RDNSSCORE3="3" 5045 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5046} 5047 5048INCLUDERC=${SBDIR}/functions/test-threshold.rc 5049 5050:0 5051* ! SBCONFIG ?? Debug 5052* SPAMTAG ?? yes 5053{ LOCALTAG=yes } 5054 5055# Check third message body IP, if one exists. 5056# 5057:0 5058* LOCALTAG ?? no$ 5059* AHBLSPAMCHECK ?? yes 5060* ! THIRDBODYIP ?? ^000\.000\.000\.000$ 5061* $ ! THIRDBODYIP ?? ${FIRSTBODYIP} 5062* $ ! THIRDBODYIP ?? ${SECONDBODYIP} 5063{ 5064 LOCALDESCRIPTION="Body IP:" 5065 LOCALCHECK=${THIRDBODYIP} 5066 LOCALREVCHECK=${THIRDBODYREVIP} 5067 RDNSSERVER="dnsbl.ahbl.org" 5068 RDNSNAME3="AHBL (spam source)" 5069 RDNSRESPONSE3="127\.0\.0\.4" 5070 RDNSSCORE3="3" 5071 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5072} 5073 5074INCLUDERC=${SBDIR}/functions/test-threshold.rc 5075 5076:0 5077* ! SBCONFIG ?? Debug 5078* SPAMTAG ?? yes 5079{ LOCALTAG=yes } 5080 5081# Check fourth message body IP, if one exists. 5082# 5083:0 5084* LOCALTAG ?? no$ 5085* AHBLSPAMCHECK ?? yes 5086* ! FOURTHBODYIP ?? ^000\.000\.000\.000$ 5087* $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} 5088* $ ! FOURTHBODYIP ?? ${SECONDBODYIP} 5089* $ ! FOURTHBODYIP ?? ${THIRDBODYIP} 5090{ 5091 LOCALDESCRIPTION="Body IP:" 5092 LOCALCHECK=${FOURTHBODYIP} 5093 LOCALREVCHECK=${FOURTHBODYREVIP} 5094 RDNSSERVER="dnsbl.ahbl.org" 5095 RDNSNAME3="AHBL (spam source)" 5096 RDNSRESPONSE3="127\.0\.0\.4" 5097 RDNSSCORE3="3" 5098 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5099} 5100 5101INCLUDERC=${SBDIR}/functions/test-threshold.rc 5102 5103:0 5104* ! SBCONFIG ?? Debug 5105* SPAMTAG ?? yes 5106{ LOCALTAG=yes } 5107 5108# Check fifth message body IP, if one exists. 5109# 5110:0 5111* LOCALTAG ?? no$ 5112* AHBLSPAMCHECK ?? yes 5113* ! FIFTHBODYIP ?? ^000\.000\.000\.000$ 5114* $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} 5115* $ ! FIFTHBODYIP ?? ${SECONDBODYIP} 5116* $ ! FIFTHBODYIP ?? ${THIRDBODYIP} 5117* $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} 5118{ 5119 LOCALDESCRIPTION="Body IP:" 5120 LOCALCHECK=${FIFTHBODYIP} 5121 LOCALREVCHECK=${FIFTHBODYREVIP} 5122 RDNSSERVER="dnsbl.ahbl.org" 5123 RDNSNAME3="AHBL (spam source)" 5124 RDNSRESPONSE3="127\.0\.0\.4" 5125 RDNSSCORE3="3" 5126 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5127} 5128 5129INCLUDERC=${SBDIR}/functions/test-threshold.rc 5130 5131:0 5132* ! SBCONFIG ?? Debug 5133* SPAMTAG ?? yes 5134{ LOCALTAG=yes } 5135 5136# Check sixth message body IP, if one exists. 5137# 5138:0 5139* LOCALTAG ?? no$ 5140* AHBLSPAMCHECK ?? yes 5141* ! SIXTHBODYIP ?? ^000\.000\.000\.000$ 5142* $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} 5143* $ ! SIXTHBODYIP ?? ${SECONDBODYIP} 5144* $ ! SIXTHBODYIP ?? ${THIRDBODYIP} 5145* $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} 5146* $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} 5147{ 5148 LOCALDESCRIPTION="Body IP:" 5149 LOCALCHECK=${SIXTHBODYIP} 5150 LOCALREVCHECK=${SIXTHBODYREVIP} 5151 RDNSSERVER="dnsbl.ahbl.org" 5152 RDNSNAME3="AHBL (spam source)" 5153 RDNSRESPONSE3="127\.0\.0\.4" 5154 RDNSSCORE3="3" 5155 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5156} 5157 5158INCLUDERC=${SBDIR}/functions/test-threshold.rc 5159 5160:0 5161* ! SBCONFIG ?? Debug 5162* SPAMTAG ?? yes 5163{ LOCALTAG=yes } 5164 5165# Check the IP of the first message body host, if one exists. 5166# 5167:0 5168* LOCALTAG ?? no$ 5169* AHBLSPAMCHECK ?? yes 5170* ! FIRSTBODYHOSTIP ?? ^000\.000\.000\.000$ 5171{ 5172 LOCALDESCRIPTION="Body Host:" 5173 LOCALDESCRIPTION2="IP:" 5174 LOCALHOST=${FIRSTBODYHOST} 5175 LOCALCHECK=${FIRSTBODYHOSTIP} 5176 LOCALREVCHECK=${FIRSTBODYHOSTREVIP} 5177 RDNSSERVER="dnsbl.ahbl.org" 5178 RDNSNAME1="AHBL (spam source)" 5179 RDNSRESPONSE1="127\.0\.0\.4" 5180 RDNSSCORE1="3" 5181 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 5182} 5183 5184INCLUDERC=${SBDIR}/functions/test-threshold.rc 5185 5186:0 5187* ! SBCONFIG ?? Debug 5188* SPAMTAG ?? yes 5189{ LOCALTAG=yes } 5190 5191# Check the IP of the second message body host, if one exists. 5192# 5193:0 5194* LOCALTAG ?? no$ 5195* AHBLSPAMCHECK ?? yes 5196* ! SECONDBODYHOSTIP ?? ^000\.000\.000\.000$ 5197* $ ! SECONDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 5198{ 5199 LOCALDESCRIPTION="Body Host:" 5200 LOCALDESCRIPTION2="IP:" 5201 LOCALHOST=${SECONDBODYHOST} 5202 LOCALCHECK=${SECONDBODYHOSTIP} 5203 LOCALREVCHECK=${SECONDBODYHOSTREVIP} 5204 RDNSSERVER="dnsbl.ahbl.org" 5205 RDNSNAME1="AHBL (spam source)" 5206 RDNSRESPONSE1="127\.0\.0\.4" 5207 RDNSSCORE1="3" 5208 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 5209} 5210 5211INCLUDERC=${SBDIR}/functions/test-threshold.rc 5212 5213:0 5214* ! SBCONFIG ?? Debug 5215* SPAMTAG ?? yes 5216{ LOCALTAG=yes } 5217 5218# Check the IP of the third message body host, if one exists. 5219# 5220:0 5221* LOCALTAG ?? no$ 5222* AHBLSPAMCHECK ?? yes 5223* ! THIRDBODYHOSTIP ?? ^000\.000\.000\.000$ 5224* $ ! THIRDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 5225* $ ! THIRDBODYHOSTIP ?? ${SECONDBODYHOSTIP} 5226{ 5227 LOCALDESCRIPTION="Body Host:" 5228 LOCALDESCRIPTION2="IP:" 5229 LOCALHOST=${THIRDBODYHOST} 5230 LOCALCHECK=${THIRDBODYHOSTIP} 5231 LOCALREVCHECK=${THIRDBODYHOSTREVIP} 5232 RDNSSERVER="dnsbl.ahbl.org" 5233 RDNSNAME1="AHBL (spam source)" 5234 RDNSRESPONSE1="127\.0\.0\.4" 5235 RDNSSCORE1="3" 5236 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 5237} 5238 5239INCLUDERC=${SBDIR}/functions/test-threshold.rc 5240 5241:0 5242* ! SBCONFIG ?? Debug 5243* SPAMTAG ?? yes 5244{ LOCALTAG=yes } 5245 5246# Check the IP of the fourth message body host, if one exists. 5247# 5248:0 5249* LOCALTAG ?? no$ 5250* AHBLSPAMCHECK ?? yes 5251* ! FOURTHBODYHOSTIP ?? ^000\.000\.000\.000$ 5252* $ ! FOURTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 5253* $ ! FOURTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 5254* $ ! FOURTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 5255{ 5256 LOCALDESCRIPTION="Body Host:" 5257 LOCALDESCRIPTION2="IP:" 5258 LOCALHOST=${FOURTHBODYHOST} 5259 LOCALCHECK=${FOURTHBODYHOSTIP} 5260 LOCALREVCHECK=${FOURTHBODYHOSTREVIP} 5261 RDNSSERVER="dnsbl.ahbl.org" 5262 RDNSNAME1="AHBL (spam source)" 5263 RDNSRESPONSE1="127\.0\.0\.4" 5264 RDNSSCORE1="3" 5265 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 5266} 5267 5268INCLUDERC=${SBDIR}/functions/test-threshold.rc 5269 5270:0 5271* ! SBCONFIG ?? Debug 5272* SPAMTAG ?? yes 5273{ LOCALTAG=yes } 5274 5275# Check the IP of the fifth message body host, if one exists. 5276# 5277:0 5278* LOCALTAG ?? no$ 5279* AHBLSPAMCHECK ?? yes 5280* ! FIFTHBODYHOSTIP ?? ^000\.000\.000\.000$ 5281* $ ! FIFTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 5282* $ ! FIFTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 5283* $ ! FIFTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 5284* $ ! FIFTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 5285{ 5286 LOCALDESCRIPTION="Body Host:" 5287 LOCALDESCRIPTION2="IP:" 5288 LOCALHOST=${FIFTHBODYHOST} 5289 LOCALCHECK=${FIFTHBODYHOSTIP} 5290 LOCALREVCHECK=${FIFTHBODYHOSTREVIP} 5291 RDNSSERVER="dnsbl.ahbl.org" 5292 RDNSNAME1="AHBL (spam source)" 5293 RDNSRESPONSE1="127\.0\.0\.4" 5294 RDNSSCORE1="3" 5295 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 5296} 5297 5298INCLUDERC=${SBDIR}/functions/test-threshold.rc 5299 5300:0 5301* ! SBCONFIG ?? Debug 5302* SPAMTAG ?? yes 5303{ LOCALTAG=yes } 5304 5305# Check the IP of the sixth message body host, if one exists. 5306# 5307:0 5308* LOCALTAG ?? no$ 5309* AHBLSPAMCHECK ?? yes 5310* ! SIXTHBODYHOSTIP ?? ^000\.000\.000\.000$ 5311* $ ! SIXTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 5312* $ ! SIXTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 5313* $ ! SIXTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 5314* $ ! SIXTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 5315* $ ! SIXTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} 5316{ 5317 LOCALDESCRIPTION="Body Host:" 5318 LOCALDESCRIPTION2="IP:" 5319 LOCALHOST=${SIXTHBODYHOST} 5320 LOCALCHECK=${SIXTHBODYHOSTIP} 5321 LOCALREVCHECK=${SIXTHBODYHOSTREVIP} 5322 RDNSSERVER="dnsbl.ahbl.org" 5323 RDNSNAME1="AHBL (spam source)" 5324 RDNSRESPONSE1="127\.0\.0\.4" 5325 RDNSSCORE1="3" 5326 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 5327} 5328 5329INCLUDERC=${SBDIR}/functions/test-threshold.rc 5330 5331:0 5332* ! SBCONFIG ?? Debug 5333* SPAMTAG ?? yes 5334{ LOCALTAG=yes } 5335 5336 5337# AHBL Abusive Domains Blocklist 5338# 5339# Check first external domain, if one exists. 5340# 5341:0 5342* LOCALTAG ?? no$ 5343* AHBLDOMAINCHECK ?? yes 5344* ! FIRSTEXDOMAIN ?? example\.com 5345{ 5346 LOCALDESCRIPTION="Received Domain:" 5347 LOCALCHECK=${FIRSTEXDOMAIN} 5348 LOCALREVCHECK=${FIRSTEXDOMAIN} 5349 RDNSSERVER="rhsbl.ahbl.org" 5350 RDNSNAME1="AHBL (abusive domain)" 5351 RDNSRESPONSE1="127\.0\.0\.[2-3]" 5352 RDNSSCORE1="2" 5353 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5354} 5355 5356INCLUDERC=${SBDIR}/functions/test-threshold.rc 5357 5358:0 5359* ! SBCONFIG ?? Debug 5360* SPAMTAG ?? yes 5361{ LOCALTAG=yes } 5362 5363# Check second external domain, if one exists. 5364# 5365:0 5366* LOCALTAG ?? no$ 5367* AHBLDOMAINCHECK ?? yes 5368* ! SECONDEXDOMAIN ?? example\.com 5369* $ ! SECONDEXDOMAIN ?? ${FIRSTEXDOMAIN} 5370{ 5371 LOCALDESCRIPTION="Received Domain:" 5372 LOCALCHECK=${SECONDEXDOMAIN} 5373 LOCALREVCHECK=${SECONDEXDOMAIN} 5374 RDNSSERVER="rhsbl.ahbl.org" 5375 RDNSNAME1="AHBL (abusive domain)" 5376 RDNSRESPONSE1="127\.0\.0\.[2-3]" 5377 RDNSSCORE1="2" 5378 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5379} 5380 5381INCLUDERC=${SBDIR}/functions/test-threshold.rc 5382 5383:0 5384* ! SBCONFIG ?? Debug 5385* SPAMTAG ?? yes 5386{ LOCALTAG=yes } 5387 5388# Check third external domain, if one exists. 5389# 5390:0 5391* LOCALTAG ?? no$ 5392* AHBLDOMAINCHECK ?? yes 5393* ! THIRDEXDOMAIN ?? example\.com 5394* $ ! THIRDEXDOMAIN ?? ${FIRSTEXDOMAIN} 5395* $ ! THIRDEXDOMAIN ?? ${SECONDEXDOMAIN} 5396{ 5397 LOCALDESCRIPTION="Received Domain:" 5398 LOCALCHECK=${THIRDEXDOMAIN} 5399 LOCALREVCHECK=${THIRDEXDOMAIN} 5400 RDNSSERVER="rhsbl.ahbl.org" 5401 RDNSNAME1="AHBL (abusive domain)" 5402 RDNSRESPONSE1="127\.0\.0\.[2-3]" 5403 RDNSSCORE1="2" 5404 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5405} 5406 5407INCLUDERC=${SBDIR}/functions/test-threshold.rc 5408 5409:0 5410* ! SBCONFIG ?? Debug 5411* SPAMTAG ?? yes 5412{ LOCALTAG=yes } 5413 5414# Check fourth external domain, if one exists. 5415# 5416:0 5417* LOCALTAG ?? no$ 5418* AHBLDOMAINCHECK ?? yes 5419* ! FOURTHEXDOMAIN ?? example\.com 5420* $ ! FOURTHEXDOMAIN ?? ${FIRSTEXDOMAIN} 5421* $ ! FOURTHEXDOMAIN ?? ${SECONDEXDOMAIN} 5422* $ ! FOURTHEXDOMAIN ?? ${THIRDEXDOMAIN} 5423{ 5424 LOCALDESCRIPTION="Received Domain:" 5425 LOCALCHECK=${FOURTHEXDOMAIN} 5426 LOCALREVCHECK=${FOURTHEXDOMAIN} 5427 RDNSSERVER="rhsbl.ahbl.org" 5428 RDNSNAME1="AHBL (abusive domain)" 5429 RDNSRESPONSE1="127\.0\.0\.[2-3]" 5430 RDNSSCORE1="2" 5431 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5432} 5433 5434INCLUDERC=${SBDIR}/functions/test-threshold.rc 5435 5436:0 5437* ! SBCONFIG ?? Debug 5438* SPAMTAG ?? yes 5439{ LOCALTAG=yes } 5440 5441# Check first message body domain, if one exists. 5442# 5443:0 5444* LOCALTAG ?? no$ 5445* AHBLDOMAINCHECK ?? yes 5446* ! FIRSTBODYDOMAIN ?? example\.com 5447{ 5448 LOCALDESCRIPTION="Body Domain:" 5449 LOCALCHECK=${FIRSTBODYDOMAIN} 5450 LOCALREVCHECK=${FIRSTBODYDOMAIN} 5451 RDNSSERVER="rhsbl.ahbl.org" 5452 RDNSNAME1="AHBL (abusive domain)" 5453 RDNSRESPONSE1="127\.0\.0\.[2-3]" 5454 RDNSSCORE1="3" 5455 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5456} 5457 5458INCLUDERC=${SBDIR}/functions/test-threshold.rc 5459 5460:0 5461* ! SBCONFIG ?? Debug 5462* SPAMTAG ?? yes 5463{ LOCALTAG=yes } 5464 5465# Check second message body domain, if one exists. 5466# 5467:0 5468* LOCALTAG ?? no$ 5469* AHBLDOMAINCHECK ?? yes 5470* ! SECONDBODYDOMAIN ?? example\.com 5471* $ ! SECONDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 5472{ 5473 LOCALDESCRIPTION="Body Domain:" 5474 LOCALCHECK=${SECONDBODYDOMAIN} 5475 LOCALREVCHECK=${SECONDBODYDOMAIN} 5476 RDNSSERVER="rhsbl.ahbl.org" 5477 RDNSNAME1="AHBL (abusive domain)" 5478 RDNSRESPONSE1="127\.0\.0\.[2-3]" 5479 RDNSSCORE1="3" 5480 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5481} 5482 5483INCLUDERC=${SBDIR}/functions/test-threshold.rc 5484 5485:0 5486* ! SBCONFIG ?? Debug 5487* SPAMTAG ?? yes 5488{ LOCALTAG=yes } 5489 5490# Check third message body domain, if one exists. 5491# 5492:0 5493* LOCALTAG ?? no$ 5494* AHBLDOMAINCHECK ?? yes 5495* ! THIRDBODYDOMAIN ?? example\.com 5496* $ ! THIRDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 5497* $ ! THIRDBODYDOMAIN ?? ${SECONDBODYDOMAIN} 5498{ 5499 LOCALDESCRIPTION="Body Domain:" 5500 LOCALCHECK=${THIRDBODYDOMAIN} 5501 LOCALREVCHECK=${THIRDBODYDOMAIN} 5502 RDNSSERVER="rhsbl.ahbl.org" 5503 RDNSNAME1="AHBL (abusive domain)" 5504 RDNSRESPONSE1="127\.0\.0\.[2-3]" 5505 RDNSSCORE1="3" 5506 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5507} 5508 5509INCLUDERC=${SBDIR}/functions/test-threshold.rc 5510 5511:0 5512* ! SBCONFIG ?? Debug 5513* SPAMTAG ?? yes 5514{ LOCALTAG=yes } 5515 5516# Check fourth message body domain, if one exists. 5517# 5518:0 5519* LOCALTAG ?? no$ 5520* AHBLDOMAINCHECK ?? yes 5521* ! FOURTHBODYDOMAIN ?? example\.com 5522* $ ! FOURTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 5523* $ ! FOURTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 5524* $ ! FOURTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 5525{ 5526 LOCALDESCRIPTION="Body Domain:" 5527 LOCALCHECK=${FOURTHBODYDOMAIN} 5528 LOCALREVCHECK=${FOURTHBODYDOMAIN} 5529 RDNSSERVER="rhsbl.ahbl.org" 5530 RDNSNAME1="AHBL (abusive domain)" 5531 RDNSRESPONSE1="127\.0\.0\.[2-3]" 5532 RDNSSCORE1="3" 5533 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5534} 5535 5536INCLUDERC=${SBDIR}/functions/test-threshold.rc 5537 5538:0 5539* ! SBCONFIG ?? Debug 5540* SPAMTAG ?? yes 5541{ LOCALTAG=yes } 5542 5543# Check fifth message body domain, if one exists. 5544# 5545:0 5546* LOCALTAG ?? no$ 5547* AHBLDOMAINCHECK ?? yes 5548* ! FIFTHBODYDOMAIN ?? example\.com 5549* $ ! FIFTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 5550* $ ! FIFTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 5551* $ ! FIFTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 5552* $ ! FIFTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} 5553{ 5554 LOCALDESCRIPTION="Body Domain:" 5555 LOCALCHECK=${FIFTHBODYDOMAIN} 5556 LOCALREVCHECK=${FIFTHBODYDOMAIN} 5557 RDNSSERVER="rhsbl.ahbl.org" 5558 RDNSNAME1="AHBL (abusive domain)" 5559 RDNSRESPONSE1="127\.0\.0\.[2-3]" 5560 RDNSSCORE1="3" 5561 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5562} 5563 5564INCLUDERC=${SBDIR}/functions/test-threshold.rc 5565 5566:0 5567* ! SBCONFIG ?? Debug 5568* SPAMTAG ?? yes 5569{ LOCALTAG=yes } 5570 5571# Check sixth message body domain, if one exists. 5572# 5573:0 5574* LOCALTAG ?? no$ 5575* AHBLDOMAINCHECK ?? yes 5576* ! SIXTHBODYDOMAIN ?? example\.com 5577* $ ! SIXTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 5578* $ ! SIXTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 5579* $ ! SIXTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 5580* $ ! SIXTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} 5581* $ ! SIXTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN} 5582{ 5583 LOCALDESCRIPTION="Body Domain:" 5584 LOCALCHECK=${SIXTHBODYDOMAIN} 5585 LOCALREVCHECK=${SIXTHBODYDOMAIN} 5586 RDNSSERVER="rhsbl.ahbl.org" 5587 RDNSNAME1="AHBL (abusive domain)" 5588 RDNSRESPONSE1="127\.0\.0\.[2-3]" 5589 RDNSSCORE1="3" 5590 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5591} 5592 5593INCLUDERC=${SBDIR}/functions/test-threshold.rc 5594 5595:0 5596* ! SBCONFIG ?? Debug 5597* SPAMTAG ?? yes 5598{ LOCALTAG=yes } 5599 5600# Check seventh message body domain, if one exists. 5601# 5602:0 5603* LOCALTAG ?? no$ 5604* AHBLDOMAINCHECK ?? yes 5605* ! SEVENTHBODYDOMAIN ?? example\.com 5606* $ ! SEVENTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} 5607* $ ! SEVENTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} 5608* $ ! SEVENTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} 5609* $ ! SEVENTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} 5610* $ ! SEVENTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN} 5611* $ ! SEVENTHBODYDOMAIN ?? ${SIXTHBODYDOMAIN} 5612{ 5613 LOCALDESCRIPTION="Body Domain:" 5614 LOCALCHECK=${SEVENTHBODYDOMAIN} 5615 LOCALREVCHECK=${SEVENTHBODYDOMAIN} 5616 RDNSSERVER="rhsbl.ahbl.org" 5617 RDNSNAME1="AHBL (abusive domain)" 5618 RDNSRESPONSE1="127\.0\.0\.[2-3]" 5619 RDNSSCORE1="3" 5620 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5621} 5622 5623INCLUDERC=${SBDIR}/functions/test-threshold.rc 5624 5625:0 5626* ! SBCONFIG ?? Debug 5627* SPAMTAG ?? yes 5628{ LOCALTAG=yes } 5629 5630 5631# SORBS checks 5632# 5633# The Spam and Open Relay Blocking System (SORBS) has a DNSBL with 5634# several useful lists. They're all aggressive, and should be used 5635# with caution. 5636 5637LT2=no 5638 5639:0 5640* SORBSCGICHECK ?? yes 5641{ LT2=yes } 5642 5643:0 5644* SORBSDYNCHECK ?? yes 5645{ LT2=yes } 5646 5647:0 5648* SORBSPROXYCHECK ?? yes 5649{ LT2=yes } 5650 5651:0 5652* SORBSPROXY2CHECK ?? yes 5653{ LT2=yes } 5654 5655:0 5656* SORBSRELAYCHECK ?? yes 5657{ LT2=yes } 5658 5659:0 5660* SORBSSOCKSCHECK ?? yes 5661{ LT2=yes } 5662 5663:0 5664* SORBSSPAMCHECK ?? yes 5665{ LT2=yes } 5666 5667:0 5668* SORBSZOMBIECHECK ?? yes 5669{ LT2=yes } 5670 5671# Check first external IP. 5672# 5673:0 5674* LOCALTAG ?? no$ 5675* LT2 ?? yes 5676* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 5677{ 5678 LOCALDESCRIPTION="Received IP:" 5679 LOCALCHECK=${FIRSTEXIP} 5680 LOCALREVCHECK=${FIRSTEXREVIP} 5681 RDNSSERVER="dnsbl.sorbs.net" 5682 5683 :0 5684 * SORBSPROXYCHECK ?? yes 5685 { 5686 RDNSNAME1="SORBS (open HTTP proxies)" 5687 RDNSRESPONSE1="127\.0\.0\.2" 5688 RDNSSCORE1="4" 5689 } 5690 5691 :0 5692 * SORBSSOCKSCHECK ?? yes 5693 { 5694 RDNSNAME2="SORBS (open socks proxies)" 5695 RDNSRESPONSE2="127\.0\.0\.3" 5696 RDNSSCORE2="4" 5697 } 5698 5699 :0 5700 * SORBSPROXY2CHECK ?? yes 5701 { 5702 RDNSNAME3="SORBS (other open proxies)" 5703 RDNSRESPONSE3="127\.0\.0\.4" 5704 RDNSSCORE3="4" 5705 } 5706 5707 :0 5708 * SORBSRELAYCHECK ?? yes 5709 { 5710 RDNSNAME4="SORBS (open relays)" 5711 RDNSRESPONSE4="127\.0\.0\.5" 5712 RDNSSCORE4="3" 5713 } 5714 5715 :0 5716 * SORBSSPAMCHECK ?? yes 5717 { 5718 RDNSNAME5="SORBS (spam sources)" 5719 RDNSRESPONSE5="127\.0\.0\.6" 5720 RDNSSCORE5="3" 5721 } 5722 5723 :0 5724 * SORBSCGICHECK ?? yes 5725 { 5726 RDNSNAME6="SORBS (insecure web site)" 5727 RDNSRESPONSE6="127\.0\.0\.7" 5728 RDNSSCORE6="2" 5729 } 5730 5731 :0 5732 * SORBSZOMBIECHECK ?? yes 5733 { 5734 RDNSNAME7="SORBS (zombie netblock)" 5735 RDNSRESPONSE7="127\.0\.0\.9" 5736 RDNSSCORE7="1" 5737 } 5738 5739 :0 5740 * SORBSDYNCHECK ?? yes 5741 { 5742 RDNSNAME8="SORBS (dynamic IP range)" 5743 RDNSRESPONSE8="127\.0\.0\.10" 5744 RDNSSCORE8="3" 5745 } 5746 5747 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5748} 5749 5750INCLUDERC=${SBDIR}/functions/test-threshold.rc 5751 5752:0 5753* ! SBCONFIG ?? Debug 5754* SPAMTAG ?? yes 5755{ LOCALTAG=yes } 5756 5757# Check second external IP, if one exists. 5758# 5759:0 5760* LOCALTAG ?? no$ 5761* LT2 ?? yes 5762* ! SECONDEXIP ?? ^000\.000\.000\.000$ 5763* $ ! SECONDEXIP ?? ${FIRSTEXIP} 5764{ 5765 LOCALDESCRIPTION="Received IP:" 5766 LOCALCHECK=${SECONDEXIP} 5767 LOCALREVCHECK=${SECONDEXREVIP} 5768 RDNSSERVER="dnsbl.sorbs.net" 5769 5770 :0 5771 * SORBSPROXYCHECK ?? yes 5772 { 5773 RDNSNAME1="SORBS (open HTTP proxies)" 5774 RDNSRESPONSE1="127\.0\.0\.2" 5775 RDNSSCORE1="4" 5776 } 5777 5778 :0 5779 * SORBSSOCKSCHECK ?? yes 5780 { 5781 RDNSNAME2="SORBS (open socks proxies)" 5782 RDNSRESPONSE2="127\.0\.0\.3" 5783 RDNSSCORE2="4" 5784 } 5785 5786 :0 5787 * SORBSPROXY2CHECK ?? yes 5788 { 5789 RDNSNAME3="SORBS (other open proxies)" 5790 RDNSRESPONSE3="127\.0\.0\.4" 5791 RDNSSCORE3="4" 5792 } 5793 5794 :0 5795 * SORBSSPAMCHECK ?? yes 5796 { 5797 RDNSNAME5="SORBS (spam sources)" 5798 RDNSRESPONSE5="127\.0\.0\.6" 5799 RDNSSCORE5="3" 5800 } 5801 5802 :0 5803 * SORBSCGICHECK ?? yes 5804 { 5805 RDNSNAME6="SORBS (insecure web site)" 5806 RDNSRESPONSE6="127\.0\.0\.7" 5807 RDNSSCORE6="2" 5808 } 5809 5810 :0 5811 * SORBSZOMBIECHECK ?? yes 5812 { 5813 RDNSNAME7="SORBS (zombie netblock)" 5814 RDNSRESPONSE7="127\.0\.0\.9" 5815 RDNSSCORE7="1" 5816 } 5817 5818 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5819} 5820 5821INCLUDERC=${SBDIR}/functions/test-threshold.rc 5822 5823:0 5824* ! SBCONFIG ?? Debug 5825* SPAMTAG ?? yes 5826{ LOCALTAG=yes } 5827 5828# Check third external IP, if one exists. 5829# 5830:0 5831* LOCALTAG ?? no$ 5832* LT2 ?? yes 5833* ! THIRDEXIP ?? ^000\.000\.000\.000$ 5834* $ ! THIRDEXIP ?? ${FIRSTEXIP} 5835* $ ! THIRDEXIP ?? ${SECONDEXIP} 5836{ 5837 LOCALDESCRIPTION="Received IP:" 5838 LOCALCHECK=${THIRDEXIP} 5839 LOCALREVCHECK=${THIRDEXREVIP} 5840 RDNSSERVER="dnsbl.sorbs.net" 5841 5842 :0 5843 * SORBSPROXYCHECK ?? yes 5844 { 5845 RDNSNAME1="SORBS (open HTTP proxies)" 5846 RDNSRESPONSE1="127\.0\.0\.2" 5847 RDNSSCORE1="4" 5848 } 5849 5850 :0 5851 * SORBSSOCKSCHECK ?? yes 5852 { 5853 RDNSNAME2="SORBS (open socks proxies)" 5854 RDNSRESPONSE2="127\.0\.0\.3" 5855 RDNSSCORE2="4" 5856 } 5857 5858 :0 5859 * SORBSPROXY2CHECK ?? yes 5860 { 5861 RDNSNAME3="SORBS (other open proxies)" 5862 RDNSRESPONSE3="127\.0\.0\.4" 5863 RDNSSCORE3="4" 5864 } 5865 5866 :0 5867 * SORBSSPAMCHECK ?? yes 5868 { 5869 RDNSNAME5="SORBS (spam sources)" 5870 RDNSRESPONSE5="127\.0\.0\.6" 5871 RDNSSCORE5="3" 5872 } 5873 5874 :0 5875 * SORBSCGICHECK ?? yes 5876 { 5877 RDNSNAME6="SORBS (insecure web site)" 5878 RDNSRESPONSE6="127\.0\.0\.7" 5879 RDNSSCORE6="2" 5880 } 5881 5882 :0 5883 * SORBSZOMBIECHECK ?? yes 5884 { 5885 RDNSNAME7="SORBS (zombie netblock)" 5886 RDNSRESPONSE7="127\.0\.0\.9" 5887 RDNSSCORE7="1" 5888 } 5889 5890 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5891} 5892 5893INCLUDERC=${SBDIR}/functions/test-threshold.rc 5894 5895:0 5896* ! SBCONFIG ?? Debug 5897* SPAMTAG ?? yes 5898{ LOCALTAG=yes } 5899 5900# Check fourth external IP, if one exists. 5901# 5902:0 5903* LOCALTAG ?? no$ 5904* LT2 ?? yes 5905* ! FOURTHEXIP ?? ^000\.000\.000\.000$ 5906* $ ! FOURTHEXIP ?? ${FIRSTEXIP} 5907* $ ! FOURTHEXIP ?? ${SECONDEXIP} 5908* $ ! FOURTHEXIP ?? ${THIRDEXIP} 5909{ 5910 LOCALDESCRIPTION="Received IP:" 5911 LOCALCHECK=${FOURTHEXIP} 5912 LOCALREVCHECK=${FOURTHEXREVIP} 5913 RDNSSERVER="dnsbl.sorbs.net" 5914 5915 :0 5916 * SORBSPROXYCHECK ?? yes 5917 { 5918 RDNSNAME1="SORBS (open HTTP proxies)" 5919 RDNSRESPONSE1="127\.0\.0\.2" 5920 RDNSSCORE1="4" 5921 } 5922 5923 :0 5924 * SORBSSOCKSCHECK ?? yes 5925 { 5926 RDNSNAME2="SORBS (open socks proxies)" 5927 RDNSRESPONSE2="127\.0\.0\.3" 5928 RDNSSCORE2="4" 5929 } 5930 5931 :0 5932 * SORBSPROXY2CHECK ?? yes 5933 { 5934 RDNSNAME3="SORBS (other open proxies)" 5935 RDNSRESPONSE3="127\.0\.0\.4" 5936 RDNSSCORE3="4" 5937 } 5938 5939 :0 5940 * SORBSSPAMCHECK ?? yes 5941 { 5942 RDNSNAME5="SORBS (spam sources)" 5943 RDNSRESPONSE5="127\.0\.0\.6" 5944 RDNSSCORE5="3" 5945 } 5946 5947 :0 5948 * SORBSCGICHECK ?? yes 5949 { 5950 RDNSNAME6="SORBS (insecure web site)" 5951 RDNSRESPONSE6="127\.0\.0\.7" 5952 RDNSSCORE6="2" 5953 } 5954 5955 :0 5956 * SORBSZOMBIECHECK ?? yes 5957 { 5958 RDNSNAME7="SORBS (zombie netblock)" 5959 RDNSRESPONSE7="127\.0\.0\.9" 5960 RDNSSCORE7="1" 5961 } 5962 5963 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 5964} 5965 5966INCLUDERC=${SBDIR}/functions/test-threshold.rc 5967 5968:0 5969* ! SBCONFIG ?? Debug 5970* SPAMTAG ?? yes 5971{ LOCALTAG=yes } 5972 5973# Check X-Original-IP, if one exists. 5974# 5975:0 5976* LOCALTAG ?? no$ 5977* LT2 ?? yes 5978* ! XORIGINALIP ?? ^000\.000\.000\.000$ 5979* $ ! XORIGINALIP ?? ${FIRSTEXIP} 5980* $ ! XORIGINALIP ?? ${SECONDEXIP} 5981* $ ! XORIGINALIP ?? ${THIRDEXIP} 5982* $ ! XORIGINALIP ?? ${FOURTHEXIP} 5983{ 5984 LOCALDESCRIPTION="X-Original-IP:" 5985 LOCALCHECK=${XORIGINALIP} 5986 LOCALREVCHECK=${XORIGINALREVIP} 5987 RDNSSERVER="dnsbl.sorbs.net" 5988 5989 :0 5990 * SORBSPROXYCHECK ?? yes 5991 { 5992 RDNSNAME1="SORBS (open HTTP proxies)" 5993 RDNSRESPONSE1="127\.0\.0\.2" 5994 RDNSSCORE1="4" 5995 } 5996 5997 :0 5998 * SORBSSOCKSCHECK ?? yes 5999 { 6000 RDNSNAME2="SORBS (open socks proxies)" 6001 RDNSRESPONSE2="127\.0\.0\.3" 6002 RDNSSCORE2="4" 6003 } 6004 6005 :0 6006 * SORBSPROXY2CHECK ?? yes 6007 { 6008 RDNSNAME3="SORBS (other open proxies)" 6009 RDNSRESPONSE3="127\.0\.0\.4" 6010 RDNSSCORE3="4" 6011 } 6012 6013 :0 6014 * SORBSSPAMCHECK ?? yes 6015 { 6016 RDNSNAME5="SORBS (spam sources)" 6017 RDNSRESPONSE5="127\.0\.0\.6" 6018 RDNSSCORE5="3" 6019 } 6020 6021 :0 6022 * SORBSCGICHECK ?? yes 6023 { 6024 RDNSNAME6="SORBS (insecure web site)" 6025 RDNSRESPONSE6="127\.0\.0\.7" 6026 RDNSSCORE6="2" 6027 } 6028 6029 :0 6030 * SORBSZOMBIECHECK ?? yes 6031 { 6032 RDNSNAME7="SORBS (zombie netblock)" 6033 RDNSRESPONSE7="127\.0\.0\.9" 6034 RDNSSCORE7="1" 6035 } 6036 6037 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 6038} 6039 6040INCLUDERC=${SBDIR}/functions/test-threshold.rc 6041 6042:0 6043* ! SBCONFIG ?? Debug 6044* SPAMTAG ?? yes 6045{ LOCALTAG=yes } 6046 6047# Check first message body IP, if one exists. 6048# 6049:0 6050* LOCALTAG ?? no$ 6051* LT2 ?? yes 6052* ! FIRSTBODYIP ?? ^000\.000\.000\.000$ 6053{ 6054 LOCALDESCRIPTION="Body IP:" 6055 LOCALCHECK=${FIRSTBODYIP} 6056 LOCALREVCHECK=${FIRSTBODYREVIP} 6057 RDNSSERVER="dnsbl.sorbs.net" 6058 6059 :0 6060 * SORBSSPAMCHECK ?? yes 6061 { 6062 RDNSNAME5="SORBS (spam sources)" 6063 RDNSRESPONSE5="127\.0\.0\.6" 6064 RDNSSCORE5="3" 6065 } 6066 6067 :0 6068 * SORBSZOMBIECHECK ?? yes 6069 { 6070 RDNSNAME7="SORBS (zombie netblock)" 6071 RDNSRESPONSE7="127\.0\.0\.9" 6072 RDNSSCORE7="1" 6073 } 6074 6075 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 6076} 6077 6078INCLUDERC=${SBDIR}/functions/test-threshold.rc 6079 6080:0 6081* ! SBCONFIG ?? Debug 6082* SPAMTAG ?? yes 6083{ LOCALTAG=yes } 6084 6085# Check second message body IP, if one exists. 6086# 6087:0 6088* LOCALTAG ?? no$ 6089* LT2 ?? yes 6090* ! SECONDBODYIP ?? ^000\.000\.000\.000$ 6091* $ ! SECONDBODYIP ?? ${FIRSTBODYIP} 6092{ 6093 LOCALDESCRIPTION="Body IP:" 6094 LOCALCHECK=${SECONDBODYIP} 6095 LOCALREVCHECK=${SECONDBODYREVIP} 6096 RDNSSERVER="dnsbl.sorbs.net" 6097 6098 :0 6099 * SORBSSPAMCHECK ?? yes 6100 { 6101 RDNSNAME5="SORBS (spam sources)" 6102 RDNSRESPONSE5="127\.0\.0\.6" 6103 RDNSSCORE5="3" 6104 } 6105 6106 :0 6107 * SORBSZOMBIECHECK ?? yes 6108 { 6109 RDNSNAME7="SORBS (zombie netblock)" 6110 RDNSRESPONSE7="127\.0\.0\.9" 6111 RDNSSCORE7="1" 6112 } 6113 6114 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 6115} 6116 6117INCLUDERC=${SBDIR}/functions/test-threshold.rc 6118 6119:0 6120* ! SBCONFIG ?? Debug 6121* SPAMTAG ?? yes 6122{ LOCALTAG=yes } 6123 6124# Check third message body IP, if one exists. 6125# 6126:0 6127* LOCALTAG ?? no$ 6128* LT2 ?? yes 6129* ! THIRDBODYIP ?? ^000\.000\.000\.000$ 6130* $ ! THIRDBODYIP ?? ${FIRSTBODYIP} 6131* $ ! THIRDBODYIP ?? ${SECONDBODYIP} 6132{ 6133 LOCALDESCRIPTION="Body IP:" 6134 LOCALCHECK=${THIRDBODYIP} 6135 LOCALREVCHECK=${THIRDBODYREVIP} 6136 RDNSSERVER="dnsbl.sorbs.net" 6137 6138 :0 6139 * SORBSSPAMCHECK ?? yes 6140 { 6141 RDNSNAME5="SORBS (spam sources)" 6142 RDNSRESPONSE5="127\.0\.0\.6" 6143 RDNSSCORE5="3" 6144 } 6145 6146 :0 6147 * SORBSZOMBIECHECK ?? yes 6148 { 6149 RDNSNAME7="SORBS (zombie netblock)" 6150 RDNSRESPONSE7="127\.0\.0\.9" 6151 RDNSSCORE7="1" 6152 } 6153 6154 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 6155} 6156 6157INCLUDERC=${SBDIR}/functions/test-threshold.rc 6158 6159:0 6160* ! SBCONFIG ?? Debug 6161* SPAMTAG ?? yes 6162{ LOCALTAG=yes } 6163 6164# Check fourth message body IP, if one exists. 6165# 6166:0 6167* LOCALTAG ?? no$ 6168* LT2 ?? yes 6169* ! FOURTHBODYIP ?? ^000\.000\.000\.000$ 6170* $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} 6171* $ ! FOURTHBODYIP ?? ${SECONDBODYIP} 6172* $ ! FOURTHBODYIP ?? ${THIRDBODYIP} 6173{ 6174 LOCALDESCRIPTION="Body IP:" 6175 LOCALCHECK=${FOURTHBODYIP} 6176 LOCALREVCHECK=${FOURTHBODYREVIP} 6177 RDNSSERVER="dnsbl.sorbs.net" 6178 6179 :0 6180 * SORBSSPAMCHECK ?? yes 6181 { 6182 RDNSNAME5="SORBS (spam sources)" 6183 RDNSRESPONSE5="127\.0\.0\.6" 6184 RDNSSCORE5="3" 6185 } 6186 6187 :0 6188 * SORBSZOMBIECHECK ?? yes 6189 { 6190 RDNSNAME7="SORBS (zombie netblock)" 6191 RDNSRESPONSE7="127\.0\.0\.9" 6192 RDNSSCORE7="1" 6193 } 6194 6195 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 6196} 6197 6198INCLUDERC=${SBDIR}/functions/test-threshold.rc 6199 6200:0 6201* ! SBCONFIG ?? Debug 6202* SPAMTAG ?? yes 6203{ LOCALTAG=yes } 6204 6205# Check fifth message body IP, if one exists. 6206# 6207:0 6208* LOCALTAG ?? no$ 6209* LT2 ?? yes 6210* ! FIFTHBODYIP ?? ^000\.000\.000\.000$ 6211* $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} 6212* $ ! FIFTHBODYIP ?? ${SECONDBODYIP} 6213* $ ! FIFTHBODYIP ?? ${THIRDBODYIP} 6214* $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} 6215{ 6216 LOCALDESCRIPTION="Body IP:" 6217 LOCALCHECK=${FIFTHBODYIP} 6218 LOCALREVCHECK=${FIFTHBODYREVIP} 6219 RDNSSERVER="dnsbl.sorbs.net" 6220 6221 :0 6222 * SORBSSPAMCHECK ?? yes 6223 { 6224 RDNSNAME5="SORBS (spam sources)" 6225 RDNSRESPONSE5="127\.0\.0\.6" 6226 RDNSSCORE5="3" 6227 } 6228 6229 :0 6230 * SORBSZOMBIECHECK ?? yes 6231 { 6232 RDNSNAME7="SORBS (zombie netblock)" 6233 RDNSRESPONSE7="127\.0\.0\.9" 6234 RDNSSCORE7="1" 6235 } 6236 6237 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 6238} 6239 6240INCLUDERC=${SBDIR}/functions/test-threshold.rc 6241 6242:0 6243* ! SBCONFIG ?? Debug 6244* SPAMTAG ?? yes 6245{ LOCALTAG=yes } 6246 6247# Check sixth message body IP, if one exists. 6248# 6249:0 6250* LOCALTAG ?? no$ 6251* LT2 ?? yes 6252* ! SIXTHBODYIP ?? ^000\.000\.000\.000$ 6253* $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} 6254* $ ! SIXTHBODYIP ?? ${SECONDBODYIP} 6255* $ ! SIXTHBODYIP ?? ${THIRDBODYIP} 6256* $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} 6257* $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} 6258{ 6259 LOCALDESCRIPTION="Body IP:" 6260 LOCALCHECK=${SIXTHBODYIP} 6261 LOCALREVCHECK=${SIXTHBODYREVIP} 6262 RDNSSERVER="dnsbl.sorbs.net" 6263 6264 :0 6265 * SORBSSPAMCHECK ?? yes 6266 { 6267 RDNSNAME5="SORBS (spam sources)" 6268 RDNSRESPONSE5="127\.0\.0\.6" 6269 RDNSSCORE5="3" 6270 } 6271 6272 :0 6273 * SORBSZOMBIECHECK ?? yes 6274 { 6275 RDNSNAME7="SORBS (zombie netblock)" 6276 RDNSRESPONSE7="127\.0\.0\.9" 6277 RDNSSCORE7="1" 6278 } 6279 6280 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 6281} 6282 6283INCLUDERC=${SBDIR}/functions/test-threshold.rc 6284 6285:0 6286* ! SBCONFIG ?? Debug 6287* SPAMTAG ?? yes 6288{ LOCALTAG=yes } 6289 6290# Check the IP of the first message body host, if one exists. 6291# 6292:0 6293* LOCALTAG ?? no$ 6294* LT2 ?? yes 6295* ! FIRSTBODYHOSTIP ?? ^000\.000\.000\.000$ 6296{ 6297 LOCALDESCRIPTION="Body Host:" 6298 LOCALDESCRIPTION2="IP:" 6299 LOCALHOST=${FIRSTBODYHOST} 6300 LOCALCHECK=${FIRSTBODYHOSTIP} 6301 LOCALREVCHECK=${FIRSTBODYHOSTREVIP} 6302 RDNSSERVER="dnsbl.sorbs.net" 6303 6304 :0 6305 * SORBSSPAMCHECK ?? yes 6306 { 6307 RDNSNAME5="SORBS (spam sources)" 6308 RDNSRESPONSE5="127\.0\.0\.6" 6309 RDNSSCORE5="3" 6310 } 6311 6312 :0 6313 * SORBSZOMBIECHECK ?? yes 6314 { 6315 RDNSNAME7="SORBS (zombie netblock)" 6316 RDNSRESPONSE7="127\.0\.0\.9" 6317 RDNSSCORE7="2" 6318 } 6319 6320 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 6321} 6322 6323INCLUDERC=${SBDIR}/functions/test-threshold.rc 6324 6325:0 6326* ! SBCONFIG ?? Debug 6327* SPAMTAG ?? yes 6328{ LOCALTAG=yes } 6329 6330# Check the IP of the second message body host, if one exists. 6331# 6332:0 6333* LOCALTAG ?? no$ 6334* LT2 ?? yes 6335* ! SECONDBODYHOSTIP ?? ^000\.000\.000\.000$ 6336* $ ! SECONDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 6337{ 6338 LOCALDESCRIPTION="Body Host:" 6339 LOCALDESCRIPTION2="IP:" 6340 LOCALHOST=${SECONDBODYHOST} 6341 LOCALCHECK=${SECONDBODYHOSTIP} 6342 LOCALREVCHECK=${SECONDBODYHOSTREVIP} 6343 RDNSSERVER="dnsbl.sorbs.net" 6344 6345 :0 6346 * SORBSSPAMCHECK ?? yes 6347 { 6348 RDNSNAME5="SORBS (spam sources)" 6349 RDNSRESPONSE5="127\.0\.0\.6" 6350 RDNSSCORE5="3" 6351 } 6352 6353 :0 6354 * SORBSZOMBIECHECK ?? yes 6355 { 6356 RDNSNAME7="SORBS (zombie netblock)" 6357 RDNSRESPONSE7="127\.0\.0\.9" 6358 RDNSSCORE7="2" 6359 } 6360 6361 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 6362} 6363 6364INCLUDERC=${SBDIR}/functions/test-threshold.rc 6365 6366:0 6367* ! SBCONFIG ?? Debug 6368* SPAMTAG ?? yes 6369{ LOCALTAG=yes } 6370 6371# Check the IP of the third message body host, if one exists. 6372# 6373:0 6374* LOCALTAG ?? no$ 6375* LT2 ?? yes 6376* ! THIRDBODYHOSTIP ?? ^000\.000\.000\.000$ 6377* $ ! THIRDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 6378* $ ! THIRDBODYHOSTIP ?? ${SECONDBODYHOSTIP} 6379{ 6380 LOCALDESCRIPTION="Body Host:" 6381 LOCALDESCRIPTION2="IP:" 6382 LOCALHOST=${THIRDBODYHOST} 6383 LOCALCHECK=${THIRDBODYHOSTIP} 6384 LOCALREVCHECK=${THIRDBODYHOSTREVIP} 6385 RDNSSERVER="dnsbl.sorbs.net" 6386 6387 :0 6388 * SORBSSPAMCHECK ?? yes 6389 { 6390 RDNSNAME5="SORBS (spam sources)" 6391 RDNSRESPONSE5="127\.0\.0\.6" 6392 RDNSSCORE5="3" 6393 } 6394 6395 :0 6396 * SORBSZOMBIECHECK ?? yes 6397 { 6398 RDNSNAME7="SORBS (zombie netblock)" 6399 RDNSRESPONSE7="127\.0\.0\.9" 6400 RDNSSCORE7="2" 6401 } 6402 6403 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 6404} 6405 6406INCLUDERC=${SBDIR}/functions/test-threshold.rc 6407 6408:0 6409* ! SBCONFIG ?? Debug 6410* SPAMTAG ?? yes 6411{ LOCALTAG=yes } 6412 6413# Check the IP of the fourth message body host, if one exists. 6414# 6415:0 6416* LOCALTAG ?? no$ 6417* LT2 ?? yes 6418* ! FOURTHBODYHOSTIP ?? ^000\.000\.000\.000$ 6419* $ ! FOURTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 6420* $ ! FOURTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 6421* $ ! FOURTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 6422{ 6423 LOCALDESCRIPTION="Body Host:" 6424 LOCALDESCRIPTION2="IP:" 6425 LOCALHOST=${FOURTHBODYHOST} 6426 LOCALCHECK=${FOURTHBODYHOSTIP} 6427 LOCALREVCHECK=${FOURTHBODYHOSTREVIP} 6428 RDNSSERVER="dnsbl.sorbs.net" 6429 6430 :0 6431 * SORBSSPAMCHECK ?? yes 6432 { 6433 RDNSNAME5="SORBS (spam sources)" 6434 RDNSRESPONSE5="127\.0\.0\.6" 6435 RDNSSCORE5="3" 6436 } 6437 6438 :0 6439 * SORBSZOMBIECHECK ?? yes 6440 { 6441 RDNSNAME7="SORBS (zombie netblock)" 6442 RDNSRESPONSE7="127\.0\.0\.9" 6443 RDNSSCORE7="2" 6444 } 6445 6446 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 6447} 6448 6449INCLUDERC=${SBDIR}/functions/test-threshold.rc 6450 6451:0 6452* ! SBCONFIG ?? Debug 6453* SPAMTAG ?? yes 6454{ LOCALTAG=yes } 6455 6456# Check the IP of the fifth message body host, if one exists. 6457# 6458:0 6459* LOCALTAG ?? no$ 6460* LT2 ?? yes 6461* ! FIFTHBODYHOSTIP ?? ^000\.000\.000\.000$ 6462* $ ! FIFTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 6463* $ ! FIFTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 6464* $ ! FIFTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 6465* $ ! FIFTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 6466{ 6467 LOCALDESCRIPTION="Body Host:" 6468 LOCALDESCRIPTION2="IP:" 6469 LOCALHOST=${FIFTHBODYHOST} 6470 LOCALCHECK=${FIFTHBODYHOSTIP} 6471 LOCALREVCHECK=${FIFTHBODYHOSTREVIP} 6472 RDNSSERVER="dnsbl.sorbs.net" 6473 6474 :0 6475 * SORBSSPAMCHECK ?? yes 6476 { 6477 RDNSNAME5="SORBS (spam sources)" 6478 RDNSRESPONSE5="127\.0\.0\.6" 6479 RDNSSCORE5="3" 6480 } 6481 6482 :0 6483 * SORBSZOMBIECHECK ?? yes 6484 { 6485 RDNSNAME7="SORBS (zombie netblock)" 6486 RDNSRESPONSE7="127\.0\.0\.9" 6487 RDNSSCORE7="2" 6488 } 6489 6490 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 6491} 6492 6493INCLUDERC=${SBDIR}/functions/test-threshold.rc 6494 6495:0 6496* ! SBCONFIG ?? Debug 6497* SPAMTAG ?? yes 6498{ LOCALTAG=yes } 6499 6500# Check the IP of the sixth message body host, if one exists. 6501# 6502:0 6503* LOCALTAG ?? no$ 6504* LT2 ?? yes 6505* ! SIXTHBODYHOSTIP ?? ^000\.000\.000\.000$ 6506* $ ! SIXTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 6507* $ ! SIXTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 6508* $ ! SIXTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 6509* $ ! SIXTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 6510* $ ! SIXTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} 6511{ 6512 LOCALDESCRIPTION="Body Host:" 6513 LOCALDESCRIPTION2="IP:" 6514 LOCALHOST=${SIXTHBODYHOST} 6515 LOCALCHECK=${SIXTHBODYHOSTIP} 6516 LOCALREVCHECK=${SIXTHBODYHOSTREVIP} 6517 RDNSSERVER="dnsbl.sorbs.net" 6518 6519 :0 6520 * SORBSSPAMCHECK ?? yes 6521 { 6522 RDNSNAME5="SORBS (spam sources)" 6523 RDNSRESPONSE5="127\.0\.0\.6" 6524 RDNSSCORE5="3" 6525 } 6526 6527 :0 6528 * SORBSZOMBIECHECK ?? yes 6529 { 6530 RDNSNAME7="SORBS (zombie netblock)" 6531 RDNSRESPONSE7="127\.0\.0\.9" 6532 RDNSSCORE7="2" 6533 } 6534 6535 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 6536} 6537 6538INCLUDERC=${SBDIR}/functions/test-threshold.rc 6539 6540:0 6541* ! SBCONFIG ?? Debug 6542* SPAMTAG ?? yes 6543{ LOCALTAG=yes } 6544 6545# Check the IP of the seventh message body host, if one exists. 6546# 6547:0 6548* LOCALTAG ?? no$ 6549* LT2 ?? yes 6550* ! SEVENTHBODYHOSTIP ?? ^000\.000\.000\.000$ 6551* $ ! SEVENTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} 6552* $ ! SEVENTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} 6553* $ ! SEVENTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} 6554* $ ! SEVENTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} 6555* $ ! SEVENTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} 6556* $ ! SEVENTHBODYHOSTIP ?? ${SIXTHBODYHOSTIP} 6557{ 6558 LOCALDESCRIPTION="Body Host:" 6559 LOCALDESCRIPTION2="IP:" 6560 LOCALHOST=${SEVENTHBODYHOST} 6561 LOCALCHECK=${SEVENTHBODYHOSTIP} 6562 LOCALREVCHECK=${SEVENTHBODYHOSTREVIP} 6563 RDNSSERVER="dnsbl.sorbs.net" 6564 6565 :0 6566 * SORBSSPAMCHECK ?? yes 6567 { 6568 RDNSNAME5="SORBS (spam sources)" 6569 RDNSRESPONSE5="127\.0\.0\.6" 6570 RDNSSCORE5="3" 6571 } 6572 6573 :0 6574 * SORBSZOMBIECHECK ?? yes 6575 { 6576 RDNSNAME7="SORBS (zombie netblock)" 6577 RDNSRESPONSE7="127\.0\.0\.9" 6578 RDNSSCORE7="2" 6579 } 6580 6581 INCLUDERC=${SBDIR}/functions/rdnslookup2.rc 6582} 6583 6584INCLUDERC=${SBDIR}/functions/test-threshold.rc 6585 6586:0 6587* ! SBCONFIG ?? Debug 6588* SPAMTAG ?? yes 6589{ LOCALTAG=yes } 6590 6591 6592# Spamcop.net Check 6593# 6594:0 6595* LOCALTAG ?? no$ 6596* SPAMCOPCHECK ?? yes 6597* ! FIRSTEXIP ?? ^000\.000\.000\.000$ 6598{ 6599 LOCALDESCRIPTION="Received IP:" 6600 LOCALCHECK=${FIRSTEXIP} 6601 LOCALREVCHECK=${FIRSTEXREVIP} 6602 RDNSSERVER="bl.spamcop.net" 6603 RDNSNAME1="SpamCop" 6604 RDNSRESPONSE1="127\.0\.0\.2" 6605 RDNSSCORE1="5" 6606 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 6607} 6608 6609INCLUDERC=${SBDIR}/functions/test-threshold.rc 6610 6611:0 6612* ! SBCONFIG ?? Debug 6613* SPAMTAG ?? yes 6614{ LOCALTAG=yes } 6615 6616:0 6617* LOCALTAG ?? no$ 6618* SPAMCOPCHECK ?? yes 6619* ! SECONDEXIP ?? ^000\.000\.000\.000$ 6620* $ ! SECONDEXIP ?? ${FIRSTEXIP} 6621{ 6622 LOCALDESCRIPTION="Received IP:" 6623 LOCALCHECK=${SECONDEXIP} 6624 LOCALREVCHECK=${SECONDEXREVIP} 6625 RDNSSERVER="bl.spamcop.net" 6626 RDNSNAME1="SpamCop" 6627 RDNSRESPONSE1="127\.0\.0\.2" 6628 RDNSSCORE1="2" 6629 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 6630} 6631 6632INCLUDERC=${SBDIR}/functions/test-threshold.rc 6633 6634:0 6635* ! SBCONFIG ?? Debug 6636* SPAMTAG ?? yes 6637{ LOCALTAG=yes } 6638 6639:0 6640* LOCALTAG ?? no$ 6641* SPAMCOPCHECK ?? yes 6642* ! THIRDEXIP ?? ^000\.000\.000\.000$ 6643* $ ! THIRDEXIP ?? ${FIRSTEXIP} 6644* $ ! THIRDEXIP ?? ${SECONDEXIP} 6645{ 6646 LOCALDESCRIPTION="Received IP:" 6647 LOCALCHECK=${THIRDEXIP} 6648 LOCALREVCHECK=${THIRDEXREVIP} 6649 RDNSSERVER="bl.spamcop.net" 6650 RDNSNAME1="SpamCop" 6651 RDNSRESPONSE1="127\.0\.0\.2" 6652 RDNSSCORE1="2" 6653 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 6654} 6655 6656INCLUDERC=${SBDIR}/functions/test-threshold.rc 6657 6658:0 6659* ! SBCONFIG ?? Debug 6660* SPAMTAG ?? yes 6661{ LOCALTAG=yes } 6662 6663:0 6664* LOCALTAG ?? no$ 6665* SPAMCOPCHECK ?? yes 6666* ! FOURTHEXIP ?? ^000\.000\.000\.000$ 6667* $ ! FOURTHEXIP ?? ${FIRSTEXIP} 6668* $ ! FOURTHEXIP ?? ${SECONDEXIP} 6669* $ ! FOURTHEXIP ?? ${THIRDEXIP} 6670{ 6671 LOCALDESCRIPTION="Received IP:" 6672 LOCALCHECK=${FOURTHEXIP} 6673 LOCALREVCHECK=${FOURTHEXREVIP} 6674 RDNSSERVER="bl.spamcop.net" 6675 RDNSNAME1="SpamCop" 6676 RDNSRESPONSE1="127\.0\.0\.2" 6677 RDNSSCORE1="2" 6678 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 6679} 6680 6681INCLUDERC=${SBDIR}/functions/test-threshold.rc 6682 6683:0 6684* ! SBCONFIG ?? Debug 6685* SPAMTAG ?? yes 6686{ LOCALTAG=yes } 6687 6688:0 6689* LOCALTAG ?? no$ 6690* SPAMCOPCHECK ?? yes 6691* ! XORIGINALIP ?? ^000\.000\.000\.000$ 6692* $ ! XORIGINALIP ?? ${FIRSTEXIP} 6693* $ ! XORIGINALIP ?? ${SECONDEXIP} 6694* $ ! XORIGINALIP ?? ${THIRDEXIP} 6695* $ ! XORIGINALIP ?? ${FOURTHEXIP} 6696{ 6697 LOCALDESCRIPTION="Received IP:" 6698 LOCALCHECK=${XORIGINALIP} 6699 LOCALREVCHECK=${XORIGINALREVIP} 6700 RDNSSERVER="bl.spamcop.net" 6701 RDNSNAME1="SpamCop" 6702 RDNSRESPONSE1="127\.0\.0\.2" 6703 RDNSSCORE1="2" 6704 INCLUDERC=${SBDIR}/functions/rdnslookup.rc 6705} 6706 6707INCLUDERC=${SBDIR}/functions/test-threshold.rc 6708 6709:0 6710* ! SBCONFIG ?? Debug 6711* SPAMTAG ?? yes 6712{ LOCALTAG=yes } 6713 6714