# SpamBouncer Blocklist Checks # # This series of recipes checks various IPs and/or domains associated with # a particular email message against assorted blacklists. LOCALTAG=no # XBL (Exploits BlockList) Check # # Originally a SpamHaus clone of the CBL (Composite BlockList) at # cbl.abuseat.org, now contains the data of the OPM (Open Proxy Monitor) # and may contain information from other sources of open proxies, # exploited and trojaned machines. # :0 * LOCALTAG ?? no * XBLCHECK ?? yes * ! CBLCHECK ?? yes * ! FIRSTEXIP ?? 000.000.000.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="xbl.spamhaus.org" RDNSNAME1="the XBL" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="10" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * XBLCHECK ?? yes * ! CBLCHECK ?? yes * ! SECONDEXIP ?? 000.000.000.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="xbl.spamhaus.org" RDNSNAME1="the XBL" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * XBLCHECK ?? yes * ! CBLCHECK ?? yes * ! THIRDEXIP ?? 000.000.000.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="xbl.spamhaus.org" RDNSNAME1="the XBL" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * XBLCHECK ?? yes * ! CBLCHECK ?? yes * ! FOURTHEXIP ?? 000.000.000.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="xbl.spamhaus.org" RDNSNAME1="the XBL" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * XBLCHECK ?? yes * ! CBLCHECK ?? yes * ! XORIGINALIP ?? 000.000.000.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="xbl.spamhaus.org" RDNSNAME1="the XBL" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # CBL (Composite BlockList) Check # # The CBL checks for a range of things, but excels primarily in # catching compromised or trojaned systems that spew open proxy # spam. I've seen almost no false positives from using this # list. The folks at SpamHaus.org were so impressed that they # created the SpamHaus XBL as a mirror of the CBL. # :0 * CBLCHECK ?? yes * XBLCHECK ?? no * ! FIRSTEXIP ?? 000.000.000.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="cbl.abuseat.org" RDNSNAME1="the CBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="10" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * CBLCHECK ?? yes * XBLCHECK ?? no * ! SECONDEXIP ?? 000.000.000.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="cbl.abuseat.org" RDNSNAME1="the CBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * CBLCHECK ?? yes * XBLCHECK ?? no * ! THIRDEXIP ?? 000.000.000.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="cbl.abuseat.org" RDNSNAME1="the CBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * CBLCHECK ?? yes * XBLCHECK ?? no * ! FOURTHEXIP ?? 000.000.000.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="cbl.abuseat.org" RDNSNAME1="the CBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * CBLCHECK ?? yes * XBLCHECK ?? no * ! XORIGINALIP ?? 000.000.000.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="cbl.abuseat.org" RDNSNAME1="the CBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check the Open Proxy Monitor at opm.blitzed.org. # :0 * LOCALTAG ?? no * OPMBLITZEDCHECK ?? yes * XBLCHECK ?? no * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="opm.blitzed.org" RDNSNAME1="the Open Proxy Monitor" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="10" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * OPMBLITZEDCHECK ?? yes * XBLCHECK ?? no * ! SECONDEXIP ?? 000\.000\.000\.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="opm.blitzed.org" RDNSNAME1="the Open Proxy Monitor" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * OPMBLITZEDCHECK ?? yes * XBLCHECK ?? no * ! THIRDEXIP ?? 000\.000\.000\.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="opm.blitzed.org" RDNSNAME1="the Open Proxy Monitor" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * OPMBLITZEDCHECK ?? yes * XBLCHECK ?? no * ! FOURTHEXIP ?? 000\.000\.000\.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="opm.blitzed.org" RDNSNAME1="the Open Proxy Monitor" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * OPMBLITZEDCHECK ?? yes * ! XORIGINALIP ?? 000\.000\.000\.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="opm.blitzed.org" RDNSNAME1="the Open Proxy Monitor" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # DSBL Check :0 * LOCALTAG ?? no * DSBLCHECK ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="list.dsbl.org" RDNSNAME1="DSBL (open relay/open proxy)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="10" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # SpamHaus.org SBL Check # # The SBL is perhaps the most widely respected anti-spam # blocklist at present. It is enabled by default in the # SpamBouncer. The SBL ROKSO list of known spam gangs # is also a major source of data for filters that catch # and complain about spam from specific known spammers. # # :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="10" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! SECONDEXIP ?? 000\.000\.000\.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! THIRDEXIP ?? 000\.000\.000\.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? NO * SPAMHAUSORGCHECK ?? yes * ! FOURTHEXIP ?? 000\.000\.000\.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! XORIGINALIP ?? 000\.000\.000\.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check Body IPs, if any. :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! FIRSTBODYIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FIRSTBODYIP} LOCALREVCHECK=${FIRSTBODYREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! SECONDBODYIP ?? 000\.000\.000\.000 * $ ! SECONDBODYIP ?? ${FIRSTBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${SECONDBODYIP} LOCALREVCHECK=${SECONDBODYREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! THIRDBODYIP ?? 000\.000\.000\.000 * $ ! THIRDBODYIP ?? ${FIRSTBODYIP} * $ ! THIRDBODYIP ?? ${SECONDBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${THIRDBODYIP} LOCALREVCHECK=${THIRDBODYREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! FOURTHBODYIP ?? 000\.000\.000\.000 * $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} * $ ! FOURTHBODYIP ?? ${SECONDBODYIP} * $ ! FOURTHBODYIP ?? ${THIRDBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FOURTHBODYIP} LOCALREVCHECK=${FOURTHBODYREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! FIFTHBODYIP ?? 000\.000\.000\.000 * $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} * $ ! FIFTHBODYIP ?? ${SECONDBODYIP} * $ ! FIFTHBODYIP ?? ${THIRDBODYIP} * $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FIFTHBODYIP} LOCALREVCHECK=${FIFTHBODYREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! SIXTHBODYIP ?? 000\.000\.000\.000 * $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} * $ ! SIXTHBODYIP ?? ${SECONDBODYIP} * $ ! SIXTHBODYIP ?? ${THIRDBODYIP} * $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} * $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${SIXTHBODYIP} LOCALREVCHECK=${SIXTHBODYREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check IPs of message body hosts, if any. :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! FIRSTBODYHOSTIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FIRSTBODYHOST} LOCALCHECK=${FIRSTBODYHOSTIP} LOCALREVCHECK=${FIRSTBODYHOSTREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! SECONDBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SECONDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SECONDBODYHOST} LOCALCHECK=${SECONDBODYHOSTIP} LOCALREVCHECK=${SECONDBODYHOSTREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! THIRDBODYHOSTIP ?? 000\.000\.000\.000 * $ ! THIRDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! THIRDBODYHOSTIP ?? ${SECONDBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${THIRDBODYHOST} LOCALCHECK=${THIRDBODYHOSTIP} LOCALREVCHECK=${THIRDBODYHOSTREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! FOURTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! FOURTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! FOURTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! FOURTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FOURTHBODYHOST} LOCALCHECK=${FOURTHBODYHOSTIP} LOCALREVCHECK=${FOURTHBODYHOSTREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! FIFTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! FIFTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FIFTHBODYHOST} LOCALCHECK=${FIFTHBODYHOSTIP} LOCALREVCHECK=${FIFTHBODYHOSTREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! SIXTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SIXTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SIXTHBODYHOST} LOCALCHECK=${SIXTHBODYHOSTIP} LOCALREVCHECK=${SIXTHBODYHOSTREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMHAUSORGCHECK ?? yes * ! SEVENTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SEVENTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${SIXTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SEVENTHBODYHOST} LOCALCHECK=${SEVENTHBODYHOSTIP} LOCALREVCHECK=${SEVENTHBODYHOSTREVIP} RDNSSERVER="sbl.spamhaus.org" RDNSNAME1="the SBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # SURBL (Spam URI Realtime Blocklist) # # The SURBL is designed to be used to check the domains and IPs # actually found in the message bodies of spam, not the IPs in # headers or the rDNS IPs of the URL hosts in the message bodies. # Using it therefore generates less "overhead" on your system # than many of the other blocklists. It's also extremely # effective. # LT2=no # AbuseButler URI data :0 * SURBLABCHECK ?? yes { LT2=yes } # Outblaze URI data :0 * SURBLOBCHECK ?? yes { LT2=yes } # URI data from Phishing spams :0 * SURBLPHCHECK ?? yes { LT2=yes } # Wein/Dijkxhoorn URI data :0 * SURBLPJCHECK ?? yes { LT2=yes } # Spamcop URI data :0 * SURBLSCCHECK ?? yes { LT2=yes } # William Stearn's blacklist data :0 * SURBLWSCHECK ?? yes { LT2=yes } # Check first message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FIRSTBODYIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FIRSTBODYIP} LOCALREVCHECK=${FIRSTBODYREVIP} RDNSSERVER="multi.surbl.org" :0 * SURBLABCHECK ?? yes { RDNSNAME1="SURBL (Abuse Butler)" RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE1="5" } :0 * SURBLOBCHECK ?? yes { RDNSNAME2="SURBL (OutBlaze)" RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 88|90|92|94|112|114|116|118|120|122|124|126)" RDNSSCORE2="5" } :0 * SURBLPHCHECK ?? yes { RDNSNAME3="SURBL (Phishing)" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 88|90|92|94|104|106|108|110|120|122|124|126)" RDNSSCORE3="5" } :0 * SURBLWSCHECK ?? yes { RDNSNAME4="SURBL (William Stearns)" RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 84|86|92|94|100|102|108|110|116|118|124|126)" RDNSSCORE4="5" } :0 * SURBLSCCHECK ?? yes { RDNSNAME5="SURBL (Spamcop)" RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 82|86|90|94|98|102|106|110|114|118|122|126)" RDNSSCORE5="5" } :0 * SURBLPJCHECK ?? yes { RDNSNAME6="SURBL (Wein/Dijkxhoorn)" RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check second message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SECONDBODYIP ?? 000\.000\.000\.000 * $ ! SECONDBODYIP ?? ${FIRSTBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${SECONDBODYIP} LOCALREVCHECK=${SECONDBODYREVIP} RDNSSERVER="multi.surbl.org" :0 * SURBLABCHECK ?? yes { RDNSNAME1="SURBL (Abuse Butler)" RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE1="5" } :0 * SURBLOBCHECK ?? yes { RDNSNAME2="SURBL (OutBlaze)" RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 88|90|92|94|112|114|116|118|120|122|124|126)" RDNSSCORE2="5" } :0 * SURBLPHCHECK ?? yes { RDNSNAME3="SURBL (Phishing)" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 88|90|92|94|104|106|108|110|120|122|124|126)" RDNSSCORE3="5" } :0 * SURBLWSCHECK ?? yes { RDNSNAME4="SURBL (William Stearns)" RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 84|86|92|94|100|102|108|110|116|118|124|126)" RDNSSCORE4="5" } :0 * SURBLSCCHECK ?? yes { RDNSNAME5="SURBL (Spamcop)" RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 82|86|90|94|98|102|106|110|114|118|122|126)" RDNSSCORE5="5" } :0 * SURBLPJCHECK ?? yes { RDNSNAME6="SURBL (Wein/Dijkxhoorn)" RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check third message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! THIRDBODYIP ?? 000\.000\.000\.000 * $ ! THIRDBODYIP ?? ${FIRSTBODYIP} * $ ! THIRDBODYIP ?? ${SECONDBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${THIRDBODYIP} LOCALREVCHECK=${THIRDBODYREVIP} RDNSSERVER="multi.surbl.org" :0 * SURBLABCHECK ?? yes { RDNSNAME1="SURBL (Abuse Butler)" RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE1="5" } :0 * SURBLOBCHECK ?? yes { RDNSNAME2="SURBL (OutBlaze)" RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 88|90|92|94|112|114|116|118|120|122|124|126)" RDNSSCORE2="5" } :0 * SURBLPHCHECK ?? yes { RDNSNAME3="SURBL (Phishing)" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 88|90|92|94|104|106|108|110|120|122|124|126)" RDNSSCORE3="5" } :0 * SURBLWSCHECK ?? yes { RDNSNAME4="SURBL (William Stearns)" RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 84|86|92|94|100|102|108|110|116|118|124|126)" RDNSSCORE4="5" } :0 * SURBLSCCHECK ?? yes { RDNSNAME5="SURBL (Spamcop)" RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 82|86|90|94|98|102|106|110|114|118|122|126)" RDNSSCORE5="5" } :0 * SURBLPJCHECK ?? yes { RDNSNAME6="SURBL (Wein/Dijkxhoorn)" RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fourth message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FOURTHBODYIP ?? 000\.000\.000\.000 * $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} * $ ! FOURTHBODYIP ?? ${SECONDBODYIP} * $ ! FOURTHBODYIP ?? ${THIRDBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FOURTHBODYIP} LOCALREVCHECK=${FOURTHBODYREVIP} RDNSSERVER="multi.surbl.org" :0 * SURBLABCHECK ?? yes { RDNSNAME1="SURBL (Abuse Butler)" RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE1="5" } :0 * SURBLOBCHECK ?? yes { RDNSNAME2="SURBL (OutBlaze)" RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 88|90|92|94|112|114|116|118|120|122|124|126)" RDNSSCORE2="5" } :0 * SURBLPHCHECK ?? yes { RDNSNAME3="SURBL (Phishing)" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 88|90|92|94|104|106|108|110|120|122|124|126)" RDNSSCORE3="5" } :0 * SURBLWSCHECK ?? yes { RDNSNAME4="SURBL (William Stearns)" RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 84|86|92|94|100|102|108|110|116|118|124|126)" RDNSSCORE4="5" } :0 * SURBLSCCHECK ?? yes { RDNSNAME5="SURBL (Spamcop)" RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 82|86|90|94|98|102|106|110|114|118|122|126)" RDNSSCORE5="5" } :0 * SURBLPJCHECK ?? yes { RDNSNAME6="SURBL (Wein/Dijkxhoorn)" RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fifth message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FIFTHBODYIP ?? 000\.000\.000\.000 * $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} * $ ! FIFTHBODYIP ?? ${SECONDBODYIP} * $ ! FIFTHBODYIP ?? ${THIRDBODYIP} * $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FIFTHBODYIP} LOCALREVCHECK=${FIFTHBODYREVIP} RDNSSERVER="multi.surbl.org" :0 * SURBLABCHECK ?? yes { RDNSNAME1="SURBL (Abuse Butler)" RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE1="5" } :0 * SURBLOBCHECK ?? yes { RDNSNAME2="SURBL (OutBlaze)" RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 88|90|92|94|112|114|116|118|120|122|124|126)" RDNSSCORE2="5" } :0 * SURBLPHCHECK ?? yes { RDNSNAME3="SURBL (Phishing)" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 88|90|92|94|104|106|108|110|120|122|124|126)" RDNSSCORE3="5" } :0 * SURBLWSCHECK ?? yes { RDNSNAME4="SURBL (William Stearns)" RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 84|86|92|94|100|102|108|110|116|118|124|126)" RDNSSCORE4="5" } :0 * SURBLSCCHECK ?? yes { RDNSNAME5="SURBL (Spamcop)" RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 82|86|90|94|98|102|106|110|114|118|122|126)" RDNSSCORE5="5" } :0 * SURBLPJCHECK ?? yes { RDNSNAME6="SURBL (Wein/Dijkxhoorn)" RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check sixth message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SIXTHBODYIP ?? 000\.000\.000\.000 * $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} * $ ! SIXTHBODYIP ?? ${SECONDBODYIP} * $ ! SIXTHBODYIP ?? ${THIRDBODYIP} * $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} * $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${SIXTHBODYIP} LOCALREVCHECK=${SIXTHBODYREVIP} RDNSSERVER="multi.surbl.org" :0 * SURBLABCHECK ?? yes { RDNSNAME1="SURBL (Abuse Butler)" RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE1="5" } :0 * SURBLOBCHECK ?? yes { RDNSNAME2="SURBL (OutBlaze)" RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 88|90|92|94|112|114|116|118|120|122|124|126)" RDNSSCORE2="5" } :0 * SURBLPHCHECK ?? yes { RDNSNAME3="SURBL (Phishing)" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 88|90|92|94|104|106|108|110|120|122|124|126)" RDNSSCORE3="5" } :0 * SURBLWSCHECK ?? yes { RDNSNAME4="SURBL (William Stearns)" RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 84|86|92|94|100|102|108|110|116|118|124|126)" RDNSSCORE4="5" } :0 * SURBLSCCHECK ?? yes { RDNSNAME5="SURBL (Spamcop)" RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 82|86|90|94|98|102|106|110|114|118|122|126)" RDNSSCORE5="5" } :0 * SURBLPJCHECK ?? yes { RDNSNAME6="SURBL (Wein/Dijkxhoorn)" RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check first message body domain, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FIRSTBODYDOMAIN ?? example\.com { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${FIRSTBODYDOMAIN} LOCALREVCHECK=${FIRSTBODYDOMAIN} RDNSSERVER="multi.surbl.org" :0 * SURBLABCHECK ?? yes { RDNSNAME1="SURBL (Abuse Butler)" RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE1="5" } :0 * SURBLOBCHECK ?? yes { RDNSNAME2="SURBL (OutBlaze)" RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 88|90|92|94|112|114|116|118|120|122|124|126)" RDNSSCORE2="5" } :0 * SURBLPHCHECK ?? yes { RDNSNAME3="SURBL (Phishing)" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 88|90|92|94|104|106|108|110|120|122|124|126)" RDNSSCORE3="5" } :0 * SURBLWSCHECK ?? yes { RDNSNAME4="SURBL (William Stearns)" RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 84|86|92|94|100|102|108|110|116|118|124|126)" RDNSSCORE4="5" } :0 * SURBLSCCHECK ?? yes { RDNSNAME5="SURBL (Spamcop)" RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 82|86|90|94|98|102|106|110|114|118|122|126)" RDNSSCORE5="5" } :0 * SURBLPJCHECK ?? yes { RDNSNAME6="SURBL (Wein/Dijkxhoorn)" RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check second message body domain, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SECONDBODYDOMAIN ?? example\.com * $ ! SECONDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${SECONDBODYDOMAIN} LOCALREVCHECK=${SECONDBODYDOMAIN} RDNSSERVER="multi.surbl.org" :0 * SURBLABCHECK ?? yes { RDNSNAME1="SURBL (Abuse Butler)" RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE1="5" } :0 * SURBLOBCHECK ?? yes { RDNSNAME2="SURBL (OutBlaze)" RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 88|90|92|94|112|114|116|118|120|122|124|126)" RDNSSCORE2="5" } :0 * SURBLPHCHECK ?? yes { RDNSNAME3="SURBL (Phishing)" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 88|90|92|94|104|106|108|110|120|122|124|126)" RDNSSCORE3="5" } :0 * SURBLWSCHECK ?? yes { RDNSNAME4="SURBL (William Stearns)" RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 84|86|92|94|100|102|108|110|116|118|124|126)" RDNSSCORE4="5" } :0 * SURBLSCCHECK ?? yes { RDNSNAME5="SURBL (Spamcop)" RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 82|86|90|94|98|102|106|110|114|118|122|126)" RDNSSCORE5="5" } :0 * SURBLPJCHECK ?? yes { RDNSNAME6="SURBL (Wein/Dijkxhoorn)" RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check third message body domain, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! THIRDBODYDOMAIN ?? example\.com * $ ! THIRDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} * $ ! THIRDBODYDOMAIN ?? ${SECONDBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${THIRDBODYDOMAIN} LOCALREVCHECK=${THIRDBODYDOMAIN} RDNSSERVER="multi.surbl.org" :0 * SURBLABCHECK ?? yes { RDNSNAME1="SURBL (Abuse Butler)" RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE1="5" } :0 * SURBLOBCHECK ?? yes { RDNSNAME2="SURBL (OutBlaze)" RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 88|90|92|94|112|114|116|118|120|122|124|126)" RDNSSCORE2="5" } :0 * SURBLPHCHECK ?? yes { RDNSNAME3="SURBL (Phishing)" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 88|90|92|94|104|106|108|110|120|122|124|126)" RDNSSCORE3="5" } :0 * SURBLWSCHECK ?? yes { RDNSNAME4="SURBL (William Stearns)" RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 84|86|92|94|100|102|108|110|116|118|124|126)" RDNSSCORE4="5" } :0 * SURBLSCCHECK ?? yes { RDNSNAME5="SURBL (Spamcop)" RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 82|86|90|94|98|102|106|110|114|118|122|126)" RDNSSCORE5="5" } :0 * SURBLPJCHECK ?? yes { RDNSNAME6="SURBL (Wein/Dijkxhoorn)" RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fourth message body domain, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FOURTHBODYDOMAIN ?? example\.com * $ ! FOURTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} * $ ! FOURTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} * $ ! FOURTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${FOURTHBODYDOMAIN} LOCALREVCHECK=${FOURTHBODYDOMAIN} RDNSSERVER="multi.surbl.org" :0 * SURBLABCHECK ?? yes { RDNSNAME1="SURBL (Abuse Butler)" RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE1="5" } :0 * SURBLOBCHECK ?? yes { RDNSNAME2="SURBL (OutBlaze)" RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 88|90|92|94|112|114|116|118|120|122|124|126)" RDNSSCORE2="5" } :0 * SURBLPHCHECK ?? yes { RDNSNAME3="SURBL (Phishing)" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 88|90|92|94|104|106|108|110|120|122|124|126)" RDNSSCORE3="5" } :0 * SURBLWSCHECK ?? yes { RDNSNAME4="SURBL (William Stearns)" RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 84|86|92|94|100|102|108|110|116|118|124|126)" RDNSSCORE4="5" } :0 * SURBLSCCHECK ?? yes { RDNSNAME5="SURBL (Spamcop)" RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 82|86|90|94|98|102|106|110|114|118|122|126)" RDNSSCORE5="5" } :0 * SURBLPJCHECK ?? yes { RDNSNAME6="SURBL (Wein/Dijkxhoorn)" RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fifth message body domain, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FIFTHBODYDOMAIN ?? example\.com * $ ! FIFTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} * $ ! FIFTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} * $ ! FIFTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} * $ ! FIFTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${FIFTHBODYDOMAIN} LOCALREVCHECK=${FIFTHBODYDOMAIN} RDNSSERVER="multi.surbl.org" :0 * SURBLABCHECK ?? yes { RDNSNAME1="SURBL (Abuse Butler)" RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE1="5" } :0 * SURBLOBCHECK ?? yes { RDNSNAME2="SURBL (OutBlaze)" RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 88|90|92|94|112|114|116|118|120|122|124|126)" RDNSSCORE2="5" } :0 * SURBLPHCHECK ?? yes { RDNSNAME3="SURBL (Phishing)" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 88|90|92|94|104|106|108|110|120|122|124|126)" RDNSSCORE3="5" } :0 * SURBLWSCHECK ?? yes { RDNSNAME4="SURBL (William Stearns)" RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 84|86|92|94|100|102|108|110|116|118|124|126)" RDNSSCORE4="5" } :0 * SURBLSCCHECK ?? yes { RDNSNAME5="SURBL (Spamcop)" RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 82|86|90|94|98|102|106|110|114|118|122|126)" RDNSSCORE5="5" } :0 * SURBLPJCHECK ?? yes { RDNSNAME6="SURBL (Wein/Dijkxhoorn)" RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check sixth message body domain, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SIXTHBODYDOMAIN ?? example\.com * $ ! SIXTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} * $ ! SIXTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} * $ ! SIXTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} * $ ! SIXTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} * $ ! SIXTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${SIXTHBODYDOMAIN} LOCALREVCHECK=${SIXTHBODYDOMAIN} RDNSSERVER="multi.surbl.org" :0 * SURBLABCHECK ?? yes { RDNSNAME1="SURBL (Abuse Butler)" RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE1="5" } :0 * SURBLOBCHECK ?? yes { RDNSNAME2="SURBL (OutBlaze)" RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 88|90|92|94|112|114|116|118|120|122|124|126)" RDNSSCORE2="5" } :0 * SURBLPHCHECK ?? yes { RDNSNAME3="SURBL (Phishing)" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 88|90|92|94|104|106|108|110|120|122|124|126)" RDNSSCORE3="5" } :0 * SURBLWSCHECK ?? yes { RDNSNAME4="SURBL (William Stearns)" RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 84|86|92|94|100|102|108|110|116|118|124|126)" RDNSSCORE4="5" } :0 * SURBLSCCHECK ?? yes { RDNSNAME5="SURBL (Spamcop)" RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 82|86|90|94|98|102|106|110|114|118|122|126)" RDNSSCORE5="5" } :0 * SURBLPJCHECK ?? yes { RDNSNAME6="SURBL (Wein/Dijkxhoorn)" RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check seventh message body domain, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SEVENTHBODYDOMAIN ?? example\.com * $ ! SEVENTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} * $ ! SEVENTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} * $ ! SEVENTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} * $ ! SEVENTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} * $ ! SEVENTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN} * $ ! SEVENTHBODYDOMAIN ?? ${SIXTHBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${SEVENTHBODYDOMAIN} LOCALREVCHECK=${SEVENTHBODYDOMAIN} RDNSSERVER="multi.surbl.org" :0 * SURBLABCHECK ?? yes { RDNSNAME1="SURBL (Abuse Butler)" RDNSRESPONSE1="127\.0\.0\.(32|34|36|38|40|42|44|46|48|50|52|54|56|58|60|62|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE1="5" } :0 * SURBLOBCHECK ?? yes { RDNSNAME2="SURBL (OutBlaze)" RDNSRESPONSE2="127\.0\.0\.(16|18|20|22|24|26|28|30|48|50|52|54|56|58|60|62|80|82|84|86|\ 88|90|92|94|112|114|116|118|120|122|124|126)" RDNSSCORE2="5" } :0 * SURBLPHCHECK ?? yes { RDNSNAME3="SURBL (Phishing)" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14|24|26|28|30|40|42|44|46|56|58|60|72|74|76|78|\ 88|90|92|94|104|106|108|110|120|122|124|126)" RDNSSCORE3="5" } :0 * SURBLWSCHECK ?? yes { RDNSNAME4="SURBL (William Stearns)" RDNSRESPONSE4="127\.0\.0\.(4|6|12|14|20|22|28|30|36|38|44|46|52|54|60|62|68|70|76|78|\ 84|86|92|94|100|102|108|110|116|118|124|126)" RDNSSCORE4="5" } :0 * SURBLSCCHECK ?? yes { RDNSNAME5="SURBL (Spamcop)" RDNSRESPONSE5="127\.0\.0\.(2|6|10|14|18|22|26|30|34|38|42|46|50|54|58|62|66|70|74|78|\ 82|86|90|94|98|102|106|110|114|118|122|126)" RDNSSCORE5="5" } :0 * SURBLPJCHECK ?? yes { RDNSNAME6="SURBL (Wein/Dijkxhoorn)" RDNSRESPONSE6="127\.0\.0\.(64|66|68|70|72|74|76|78|80|82|84|86|88|90|92|94|96|98|100|\ 102|104|106|108|110|112|114|116|118|120|122|124|126)" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # URIBL Blocklists # # Blocklists of URI domains and IPs. "Black" should # have no false positives. (It sometimes does, but they're # delisted quickly.) "Grey" lists domains and IPs that send # spam, but also send a significant amount of non-spam email. # "Red" lists domains that share nameservers with one or more # domains listed in "Black". "Red" is experimental and could # lead to significant false positives, so is scored very lightly. # LT2=no :0 * URIBLCHECK ?? yes { LT2=yes } :0 * URIBLGREYCHECK ?? yes { LT2=yes } :0 * URIBLREDCHECK ?? yes { LT2=yes } # Check first message body domain, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FIRSTBODYDOMAIN ?? ^example\.com$ { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${FIRSTBODYDOMAIN} LOCALREVCHECK=${FIRSTBODYDOMAIN} RDNSSERVER="multi.uribl.com" :0 * URIBLCHECK ?? yes { RDNSNAME1="URIBL Black" RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" RDNSSCORE1="4" } :0 * URIBLGREYCHECK ?? yes { RDNSNAME2="URIBL Grey" RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" RDNSSCORE2="2" } :0 * URIBLREDCHECK ?? yes { RDNSNAME3="URIBL Red" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" RDNSSCORE3="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc # Check second message body domain, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SECONDBODYDOMAIN ?? ^example\.com$ * $ ! SECONDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${SECONDBODYDOMAIN} LOCALREVCHECK=${SECONDBODYDOMAIN} RDNSSERVER="multi.uribl.com" :0 * URIBLCHECK ?? yes { RDNSNAME1="URIBL Black" RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" RDNSSCORE1="4" } :0 * URIBLGREYCHECK ?? yes { RDNSNAME2="URIBL Grey" RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" RDNSSCORE2="2" } :0 * URIBLREDCHECK ?? yes { RDNSNAME3="URIBL Red" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" RDNSSCORE3="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc # Check third message body domain, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! THIRDBODYDOMAIN ?? ^example\.com$ * $ ! THIRDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} * $ ! THIRDBODYDOMAIN ?? ${SECONDBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${THIRDBODYDOMAIN} LOCALREVCHECK=${THIRDBODYDOMAIN} RDNSSERVER="multi.uribl.com" :0 * URIBLCHECK ?? yes { RDNSNAME1="URIBL Black" RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" RDNSSCORE1="4" } :0 * URIBLGREYCHECK ?? yes { RDNSNAME2="URIBL Grey" RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" RDNSSCORE2="2" } :0 * URIBLREDCHECK ?? yes { RDNSNAME3="URIBL Red" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" RDNSSCORE3="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc # Check fourth message body domain, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FOURTHBODYDOMAIN ?? ^example\.com$ * $ ! FOURTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} * $ ! FOURTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} * $ ! FOURTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${FOURTHBODYDOMAIN} LOCALREVCHECK=${FOURTHBODYDOMAIN} RDNSSERVER="multi.uribl.com" :0 * URIBLCHECK ?? yes { RDNSNAME1="URIBL Black" RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" RDNSSCORE1="4" } :0 * URIBLGREYCHECK ?? yes { RDNSNAME2="URIBL Grey" RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" RDNSSCORE2="2" } :0 * URIBLREDCHECK ?? yes { RDNSNAME3="URIBL Red" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" RDNSSCORE3="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc # Check fifth message body domain, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FIFTHBODYDOMAIN ?? ^example\.com$ * $ ! FIFTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} * $ ! FIFTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} * $ ! FIFTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} * $ ! FIFTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${FIFTHBODYDOMAIN} LOCALREVCHECK=${FIFTHBODYDOMAIN} RDNSSERVER="multi.uribl.com" :0 * URIBLCHECK ?? yes { RDNSNAME1="URIBL Black" RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" RDNSSCORE1="4" } :0 * URIBLGREYCHECK ?? yes { RDNSNAME2="URIBL Grey" RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" RDNSSCORE2="2" } :0 * URIBLREDCHECK ?? yes { RDNSNAME3="URIBL Red" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" RDNSSCORE3="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc # Check sixth message body domain, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SIXTHBODYDOMAIN ?? ^example\.com$ * $ ! SIXTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} * $ ! SIXTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} * $ ! SIXTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} * $ ! SIXTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} * $ ! SIXTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${SIXTHBODYDOMAIN} LOCALREVCHECK=${SIXTHBODYDOMAIN} RDNSSERVER="multi.uribl.com" :0 * URIBLCHECK ?? yes { RDNSNAME1="URIBL Black" RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" RDNSSCORE1="4" } :0 * URIBLGREYCHECK ?? yes { RDNSNAME2="URIBL Grey" RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" RDNSSCORE2="2" } :0 * URIBLREDCHECK ?? yes { RDNSNAME3="URIBL Red" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" RDNSSCORE3="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc # Check seventh message body domain, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SEVENTHBODYDOMAIN ?? ^example\.com$ * $ ! SEVENTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} * $ ! SEVENTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} * $ ! SEVENTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} * $ ! SEVENTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} * $ ! SEVENTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN} * $ ! SEVENTHBODYDOMAIN ?? ${SIXTHBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${SEVENTHBODYDOMAIN} LOCALREVCHECK=${SEVENTHBODYDOMAIN} RDNSSERVER="multi.uribl.com" :0 * URIBLCHECK ?? yes { RDNSNAME1="URIBL Black" RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" RDNSSCORE1="4" } :0 * URIBLGREYCHECK ?? yes { RDNSNAME2="URIBL Grey" RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" RDNSSCORE2="2" } :0 * URIBLREDCHECK ?? yes { RDNSNAME3="URIBL Red" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" RDNSSCORE3="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc # Check first message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FIRSTBODYIP ?? ^000\.000\.000\.000$ { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FIRSTBODYIP} LOCALREVCHECK=${FIRSTBODYREVIP} RDNSSERVER="multi.uribl.com" :0 * URIBLCHECK ?? yes { RDNSNAME1="URIBL Black" RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" RDNSSCORE1="4" } :0 * URIBLGREYCHECK ?? yes { RDNSNAME2="URIBL Grey" RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" RDNSSCORE2="2" } :0 * URIBLREDCHECK ?? yes { RDNSNAME3="URIBL Red" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" RDNSSCORE3="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc # Check second message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SECONDBODYIP ?? ^000\.000\.000\.000$ * $ ! SECONDBODYIP ?? ${FIRSTBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${SECONDBODYIP} LOCALREVCHECK=${SECONDBODYREVIP} RDNSSERVER="multi.uribl.com" :0 * URIBLCHECK ?? yes { RDNSNAME1="URIBL Black" RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" RDNSSCORE1="4" } :0 * URIBLGREYCHECK ?? yes { RDNSNAME2="URIBL Grey" RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" RDNSSCORE2="2" } :0 * URIBLREDCHECK ?? yes { RDNSNAME3="URIBL Red" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" RDNSSCORE3="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc # Check third message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! THIRDBODYIP ?? ^000\.000\.000\.000$ * $ ! THIRDBODYIP ?? ${FIRSTBODYIP} * $ ! THIRDBODYIP ?? ${SECONDBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${THIRDBODYIP} LOCALREVCHECK=${THIRDBODYREVIP} RDNSSERVER="multi.uribl.com" :0 * URIBLCHECK ?? yes { RDNSNAME1="URIBL Black" RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" RDNSSCORE1="4" } :0 * URIBLGREYCHECK ?? yes { RDNSNAME2="URIBL Grey" RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" RDNSSCORE2="2" } :0 * URIBLREDCHECK ?? yes { RDNSNAME3="URIBL Red" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" RDNSSCORE3="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc # Check fourth message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FOURTHBODYIP ?? ^000\.000\.000\.000$ * $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} * $ ! FOURTHBODYIP ?? ${SECONDBODYIP} * $ ! FOURTHBODYIP ?? ${THIRDBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FOURTHBODYIP} LOCALREVCHECK=${FOURTHBODYREVIP} RDNSSERVER="multi.uribl.com" :0 * URIBLCHECK ?? yes { RDNSNAME1="URIBL Black" RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" RDNSSCORE1="4" } :0 * URIBLGREYCHECK ?? yes { RDNSNAME2="URIBL Grey" RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" RDNSSCORE2="2" } :0 * URIBLREDCHECK ?? yes { RDNSNAME3="URIBL Red" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" RDNSSCORE3="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc # Check fifth message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FIFTHBODYIP ?? ^000\.000\.000\.000$ * $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} * $ ! FIFTHBODYIP ?? ${SECONDBODYIP} * $ ! FIFTHBODYIP ?? ${THIRDBODYIP} * $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FIFTHBODYIP} LOCALREVCHECK=${FIFTHBODYREVIP} RDNSSERVER="multi.uribl.com" :0 * URIBLCHECK ?? yes { RDNSNAME1="URIBL Black" RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" RDNSSCORE1="4" } :0 * URIBLGREYCHECK ?? yes { RDNSNAME2="URIBL Grey" RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" RDNSSCORE2="2" } :0 * URIBLREDCHECK ?? yes { RDNSNAME3="URIBL Red" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" RDNSSCORE3="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc # Check sixth message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SIXTHBODYIP ?? ^000\.000\.000\.000$ * $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} * $ ! SIXTHBODYIP ?? ${SECONDBODYIP} * $ ! SIXTHBODYIP ?? ${THIRDBODYIP} * $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} * $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${SIXTHBODYIP} LOCALREVCHECK=${SIXTHBODYREVIP} RDNSSERVER="multi.uribl.com" :0 * URIBLCHECK ?? yes { RDNSNAME1="URIBL Black" RDNSRESPONSE1="127\.0\.0\.(2|6|10|14)" RDNSSCORE1="5" } :0 * URIBLGREYCHECK ?? yes { RDNSNAME2="URIBL Grey" RDNSRESPONSE2="127\.0\.0\.(4|6|12|14)" RDNSSCORE2="2" } :0 * URIBLREDCHECK ?? yes { RDNSNAME3="URIBL Red" RDNSRESPONSE3="127\.0\.0\.(8|10|12|14)" RDNSSCORE3="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # NJABL Blocklist Checks # # LT2=no :0 * NJABLRSSCHECK ?? yes { LT2=yes } :0 * NJABLDULCHECK ?? yes { LT2=yes } :0 * NJABLSRCCHECK ?? yes { LT2=yes } :0 * NJABLMULTICHECK ?? yes { LT2=yes } :0 * NJABLCGICHECK ?? yes { LT2=yes } :0 * NJABLPROXYCHECK ?? yes { LT2=yes } # Check first external IP. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="combined.njabl.org" :0 * NJABLRSSCHECK ?? yes { RDNSNAME1="NJABL (open relays)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" } :0 * NJABLDULCHECK ?? yes { RDNSNAME2="NJABL (dial-up/dynamic IP range)" RDNSRESPONSE2="127\.0\.0\.3" RDNSSCORE2="5" } :0 * NJABLSRCCHECK ?? yes { RDNSNAME3="NJABL (spam sources)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="10" } :0 * NJABLMULTICHECK ?? yes { RDNSNAME4="NJABL (multi-stage open relays)" RDNSRESPONSE4="127\.0\.0\.5" RDNSSCORE4="2" } :0 * NJABLCGICHECK ?? yes { RDNSNAME5="NJABL (insecure web forms)" RDNSRESPONSE5="127\.0\.0\.8" RDNSSCORE5="3" } :0 * NJABLPROXYCHECK ?? yes { RDNSNAME6="NJABL (open proxies)" RDNSRESPONSE6="127\.0\.0\.9" RDNSSCORE6="10" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check second external IP. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SECONDEXIP ?? 000\.000\.000\.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="combined.njabl.org" :0 * NJABLSRCCHECK ?? yes { RDNSNAME3="NJABL (spam sources)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="5" } :0 * NJABLCGICHECK ?? yes { RDNSNAME5="NJABL (insecure web forms)" RDNSRESPONSE5="127\.0\.0\.8" RDNSSCORE5="3" } :0 * NJABLPROXYCHECK ?? yes { RDNSNAME6="NJABL (open proxies)" RDNSRESPONSE6="127\.0\.0\.9" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check third external IP. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! THIRDEXIP ?? 000\.000\.000\.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="combined.njabl.org" :0 * NJABLSRCCHECK ?? yes { RDNSNAME3="NJABL (spam sources)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="5" } :0 * NJABLCGICHECK ?? yes { RDNSNAME5="NJABL (insecure web forms)" RDNSRESPONSE5="127\.0\.0\.8" RDNSSCORE5="3" } :0 * NJABLPROXYCHECK ?? yes { RDNSNAME6="NJABL (open proxies)" RDNSRESPONSE6="127\.0\.0\.9" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fourth external IP. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FOURTHEXIP ?? 000\.000\.000\.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="combined.njabl.org" :0 * NJABLSRCCHECK ?? yes { RDNSNAME3="NJABL (spam sources)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="5" } :0 * NJABLCGICHECK ?? yes { RDNSNAME5="NJABL (insecure web forms)" RDNSRESPONSE5="127\.0\.0\.8" RDNSSCORE5="3" } :0 * NJABLPROXYCHECK ?? yes { RDNSNAME6="NJABL (open proxies)" RDNSRESPONSE6="127\.0\.0\.9" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check X-Original-IP, if exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! XORIGINALIP ?? 000\.000\.000\.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="combined.njabl.org" :0 * NJABLSRCCHECK ?? yes { RDNSNAME3="NJABL (spam sources)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="5" } :0 * NJABLCGICHECK ?? yes { RDNSNAME5="NJABL (insecure web forms)" RDNSRESPONSE5="127\.0\.0\.8" RDNSSCORE5="3" } :0 * NJABLPROXYCHECK ?? yes { RDNSNAME6="NJABL (open proxies)" RDNSRESPONSE6="127\.0\.0\.9" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check first message body IP, if exists. :0 * LOCALTAG ?? no * NJABLSRCCHECK ?? yes * ! FIRSTBODYIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FIRSTBODYIP} LOCALREVCHECK=${FIRSTBODYREVIP} RDNSSERVER="combined.njabl.org" RDNSNAME1="NJABL (spam sources)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check second message body IP, if exists. :0 * LOCALTAG ?? no * NJABLSRCCHECK ?? yes * ! SECONDBODYIP ?? 000\.000\.000\.000 * $ ! SECONDBODYIP ?? ${FIRSTBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${SECONDBODYIP} LOCALREVCHECK=${SECONDBODYREVIP} RDNSSERVER="combined.njabl.org" RDNSNAME1="NJABL (spam sources)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check third message body IP, if exists. :0 * LOCALTAG ?? no * NJABLSRCCHECK ?? yes * ! THIRDBODYIP ?? 000\.000\.000\.000 * $ ! THIRDBODYIP ?? ${FIRSTBODYIP} * $ ! THIRDBODYIP ?? ${SECONDBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${THIRDBODYIP} LOCALREVCHECK=${THIRDBODYREVIP} RDNSSERVER="combined.njabl.org" RDNSNAME1="NJABL (spam sources)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fourth message body IP, if exists. :0 * LOCALTAG ?? no * NJABLSRCCHECK ?? yes * ! FOURTHBODYIP ?? 000\.000\.000\.000 * $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} * $ ! FOURTHBODYIP ?? ${SECONDBODYIP} * $ ! FOURTHBODYIP ?? ${THIRDBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FOURTHBODYIP} LOCALREVCHECK=${FOURTHBODYREVIP} RDNSSERVER="combined.njabl.org" RDNSNAME1="NJABL (spam sources)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fifth message body IP, if exists. :0 * LOCALTAG ?? no * NJABLSRCCHECK ?? yes * ! FIFTHBODYIP ?? 000\.000\.000\.000 * $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} * $ ! FIFTHBODYIP ?? ${SECONDBODYIP} * $ ! FIFTHBODYIP ?? ${THIRDBODYIP} * $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FIFTHBODYIP} LOCALREVCHECK=${FIFTHBODYREVIP} RDNSSERVER="combined.njabl.org" RDNSNAME1="NJABL (spam sources)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check sixth message body IP, if exists. :0 * LOCALTAG ?? no * NJABLSRCCHECK ?? yes * ! SIXTHBODYIP ?? 000\.000\.000\.000 * $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} * $ ! SIXTHBODYIP ?? ${SECONDBODYIP} * $ ! SIXTHBODYIP ?? ${THIRDBODYIP} * $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} * $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${SIXTHBODYIP} LOCALREVCHECK=${SIXTHBODYREVIP} RDNSSERVER="combined.njabl.org" RDNSNAME1="NJABL (spam sources)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check IP of first message body host, if exists. :0 * LOCALTAG ?? no * NJABLSRCCHECK ?? yes * ! FIRSTBODYHOSTIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FIRSTBODYHOST} LOCALCHECK=${FIRSTBODYHOSTIP} LOCALREVCHECK=${FIRSTBODYHOSTREVIP} RDNSSERVER="combined.njabl.org" RDNSNAME1="NJABL (spam sources)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check IP of second message body host, if exists. :0 * LOCALTAG ?? no * NJABLSRCCHECK ?? yes * ! SECONDBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SECONDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SECONDBODYHOST} LOCALCHECK=${SECONDBODYHOSTIP} LOCALREVCHECK=${SECONDBODYHOSTREVIP} RDNSSERVER="combined.njabl.org" RDNSNAME1="NJABL (spam sources)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check IP of third message body host, if exists. :0 * LOCALTAG ?? no * NJABLSRCCHECK ?? yes * ! THIRDBODYHOSTIP ?? 000\.000\.000\.000 * $ ! THIRDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! THIRDBODYHOSTIP ?? ${SECONDBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${THIRDBODYHOST} LOCALCHECK=${THIRDBODYHOSTIP} LOCALREVCHECK=${THIRDBODYHOSTREVIP} RDNSSERVER="combined.njabl.org" RDNSNAME1="NJABL (spam sources)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check IP of fourth message body host, if exists. :0 * LOCALTAG ?? no * NJABLSRCCHECK ?? yes * ! FOURTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! FOURTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! FOURTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! FOURTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FOURTHBODYHOST} LOCALCHECK=${FOURTHBODYHOSTIP} LOCALREVCHECK=${FOURTHBODYHOSTREVIP} RDNSSERVER="combined.njabl.org" RDNSNAME1="NJABL (spam sources)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check IP of fifth message body host, if exists. :0 * LOCALTAG ?? no * NJABLSRCCHECK ?? yes * ! FIFTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! FIFTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FIFTHBODYHOST} LOCALCHECK=${FIFTHBODYHOSTIP} LOCALREVCHECK=${FIFTHBODYHOSTREVIP} RDNSSERVER="combined.njabl.org" RDNSNAME1="NJABL (spam sources)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check IP of sixth message body host, if exists. :0 * LOCALTAG ?? no * NJABLSRCCHECK ?? yes * ! SIXTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SIXTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SIXTHBODYHOST} LOCALCHECK=${SIXTHBODYHOSTIP} LOCALREVCHECK=${SIXTHBODYHOSTREVIP} RDNSSERVER="combined.njabl.org" RDNSNAME1="NJABL (spam sources)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check IP of seventh message body host, if exists. :0 * LOCALTAG ?? no * NJABLSRCCHECK ?? yes * ! SEVENTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SEVENTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${SIXTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SEVENTHBODYHOST} LOCALCHECK=${SEVENTHBODYHOSTIP} LOCALREVCHECK=${SEVENTHBODYHOSTREVIP} RDNSSERVER="combined.njabl.org" RDNSNAME1="NJABL (spam sources)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # AHBL (Abusive Hosts Blocking List) # # There are three AHBL lists. The main blocklist lists IPs of almost every # kind of abusive server, returning a different response code or codes # for different issues. The supplementary rhsbl.ahbl.org blocklist lists # domains. There is also a whitelist, exemptions.ahbl.org, which is # located in the whitelists section of the SpamBouncer. LT2=no :0 * AHBLRELAYCHECK ?? yes { LT2=yes } :0 * AHBLPROXYCHECK ?? yes { LT2=yes } :0 * AHBLSPAMCHECK ?? yes { LT2=yes } :0 * AHBLPSSLCHECK ?? yes { LT2=yes } :0 * AHBLCGICHECK ?? yes { LT2=yes } :0 * AHBLDDOSCHECK ?? yes { LT2=yes } # Check first external IP. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="dnsbl.ahbl.org" :0 * AHBLRELAYCHECK ?? yes { RDNSNAME1="AHBL (open relay)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" } :0 * AHBLPROXYCHECK ?? yes { RDNSNAME2="AHBL (open proxy)" RDNSRESPONSE2="127\.0\.0\.(3|19)" RDNSSCORE2="8" } :0 * AHBLSPAMCHECK ?? yes { RDNSNAME3="AHBL (spam source)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="3" } :0 * AHBLPSSLCHECK ?? yes { RDNSNAME4="AHBL (current spam flood)" RDNSRESPONSE4="127\.0\.0\.5" RDNSSCORE4="5" } :0 * AHBLCGICHECK ?? yes { RDNSNAME5="AHBL (formmail spam)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="2" } :0 * AHBLDDOSCHECK ?? yes { RDNSNAME6="AHBL (compromised host)" RDNSRESPONSE6="127\.0\.0\.1[4-8]" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check second external IP. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SECONDEXIP ?? 000\.000\.000\.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="dnsbl.ahbl.org" :0 * AHBLPROXYCHECK ?? yes { RDNSNAME2="AHBL (open proxy)" RDNSRESPONSE2="127\.0\.0\.(3|19)" RDNSSCORE2="5" } :0 * AHBLSPAMCHECK ?? yes { RDNSNAME3="AHBL (spam source)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="3" } :0 * AHBLCGICHECK ?? yes { RDNSNAME5="AHBL (formmail spam)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="2" } :0 * AHBLDDOSCHECK ?? yes { RDNSNAME6="AHBL (compromised host)" RDNSRESPONSE6="127\.0\.0\.1[4-8]" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check third external IP. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! THIRDEXIP ?? 000\.000\.000\.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="dnsbl.ahbl.org" :0 * AHBLPROXYCHECK ?? yes { RDNSNAME2="AHBL (open proxy)" RDNSRESPONSE2="127\.0\.0\.(3|19)" RDNSSCORE2="3" } :0 * AHBLSPAMCHECK ?? yes { RDNSNAME3="AHBL (spam source)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="3" } :0 * AHBLCGICHECK ?? yes { RDNSNAME5="AHBL (formmail spam)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="2" } :0 * AHBLDDOSCHECK ?? yes { RDNSNAME6="AHBL (compromised host)" RDNSRESPONSE6="127\.0\.0\.1[4-8]" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fourth external IP. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! THIRDEXIP ?? 000\.000\.000\.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="dnsbl.ahbl.org" :0 * AHBLPROXYCHECK ?? yes { RDNSNAME2="AHBL (open proxy)" RDNSRESPONSE2="127\.0\.0\.(3|19)" RDNSSCORE2="3" } :0 * AHBLSPAMCHECK ?? yes { RDNSNAME3="AHBL (spam source)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="3" } :0 * AHBLCGICHECK ?? yes { RDNSNAME5="AHBL (formmail spam)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="2" } :0 * AHBLDDOSCHECK ?? yes { RDNSNAME6="AHBL (compromised host)" RDNSRESPONSE6="127\.0\.0\.1[4-8]" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check X-Original-IP or variants, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! XORIGINALIP ?? 000\.000\.000\.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP: " LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="dnsbl.ahbl.org" :0 * AHBLPROXYCHECK ?? yes { RDNSNAME2="AHBL (open proxy)" RDNSRESPONSE2="127\.0\.0\.(3|19)" RDNSSCORE2="3" } :0 * AHBLSPAMCHECK ?? yes { RDNSNAME3="AHBL (spam source)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="3" } :0 * AHBLDDOSCHECK ?? yes { RDNSNAME6="AHBL (compromised host)" RDNSRESPONSE6="127\.0\.0\.1[4-8]" RDNSSCORE6="5" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check first message body IP, if one exists. # :0 * LOCALTAG ?? no * AHBLSPAMCHECK ?? yes * ! FIRSTBODYIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FIRSTBODYIP} LOCALREVCHECK=${FIRSTBODYREVIP} RDNSSERVER="dnsbl.ahbl.org" RDNSNAME3="AHBL (spam source)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check second message body IP, if one exists. # :0 * LOCALTAG ?? no * AHBLSPAMCHECK ?? yes * ! SECONDBODYIP ?? 000\.000\.000\.000 * $ ! SECONDBODYIP ?? ${FIRSTBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${SECONDBODYIP} LOCALREVCHECK=${SECONDBODYREVIP} RDNSSERVER="dnsbl.ahbl.org" RDNSNAME3="AHBL (spam source)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check third message body IP, if one exists. # :0 * LOCALTAG ?? no * AHBLSPAMCHECK ?? yes * ! THIRDBODYIP ?? 000\.000\.000\.000 * $ ! THIRDBODYIP ?? ${FIRSTBODYIP} * $ ! THIRDBODYIP ?? ${SECONDBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${THIRDBODYIP} LOCALREVCHECK=${THIRDBODYREVIP} RDNSSERVER="dnsbl.ahbl.org" RDNSNAME3="AHBL (spam source)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fourth message body IP, if one exists. # :0 * LOCALTAG ?? no * AHBLSPAMCHECK ?? yes * ! FOURTHBODYIP ?? 000\.000\.000\.000 * $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} * $ ! FOURTHBODYIP ?? ${SECONDBODYIP} * $ ! FOURTHBODYIP ?? ${THIRDBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FOURTHBODYIP} LOCALREVCHECK=${FOURTHBODYREVIP} RDNSSERVER="dnsbl.ahbl.org" RDNSNAME3="AHBL (spam source)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fifth message body IP, if one exists. # :0 * LOCALTAG ?? no * AHBLSPAMCHECK ?? yes * ! FIFTHBODYIP ?? 000\.000\.000\.000 * $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} * $ ! FIFTHBODYIP ?? ${SECONDBODYIP} * $ ! FIFTHBODYIP ?? ${THIRDBODYIP} * $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FIFTHBODYIP} LOCALREVCHECK=${FIFTHBODYREVIP} RDNSSERVER="dnsbl.ahbl.org" RDNSNAME3="AHBL (spam source)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check sixth message body IP, if one exists. # :0 * LOCALTAG ?? no * AHBLSPAMCHECK ?? yes * ! SIXTHBODYIP ?? 000\.000\.000\.000 * $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} * $ ! SIXTHBODYIP ?? ${SECONDBODYIP} * $ ! SIXTHBODYIP ?? ${THIRDBODYIP} * $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} * $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${SIXTHBODYIP} LOCALREVCHECK=${SIXTHBODYREVIP} RDNSSERVER="dnsbl.ahbl.org" RDNSNAME3="AHBL (spam source)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check the IP of the first message body host, if one exists. # :0 * LOCALTAG ?? no * AHBLSPAMCHECK ?? yes * ! FIRSTBODYHOSTIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FIRSTBODYHOST} LOCALCHECK=${FIRSTBODYHOSTIP} LOCALREVCHECK=${FIRSTBODYHOSTREVIP} RDNSSERVER="dnsbl.ahbl.org" RDNSNAME1="AHBL (spam source)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check the IP of the second message body host, if one exists. # :0 * LOCALTAG ?? no * AHBLSPAMCHECK ?? yes * ! SECONDBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SECONDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SECONDBODYHOST} LOCALCHECK=${SECONDBODYHOSTIP} LOCALREVCHECK=${SECONDBODYHOSTREVIP} RDNSSERVER="dnsbl.ahbl.org" RDNSNAME1="AHBL (spam source)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check the IP of the third message body host, if one exists. # :0 * LOCALTAG ?? no * AHBLSPAMCHECK ?? yes * ! THIRDBODYHOSTIP ?? 000\.000\.000\.000 * $ ! THIRDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! THIRDBODYHOSTIP ?? ${SECONDBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${THIRDBODYHOST} LOCALCHECK=${THIRDBODYHOSTIP} LOCALREVCHECK=${THIRDBODYHOSTREVIP} RDNSSERVER="dnsbl.ahbl.org" RDNSNAME1="AHBL (spam source)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check the IP of the fourth message body host, if one exists. # :0 * LOCALTAG ?? no * AHBLSPAMCHECK ?? yes * ! FOURTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! FOURTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! FOURTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! FOURTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FOURTHBODYHOST} LOCALCHECK=${FOURTHBODYHOSTIP} LOCALREVCHECK=${FOURTHBODYHOSTREVIP} RDNSSERVER="dnsbl.ahbl.org" RDNSNAME1="AHBL (spam source)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check the IP of the fifth message body host, if one exists. # :0 * LOCALTAG ?? no * AHBLSPAMCHECK ?? yes * ! FIFTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! FIFTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FIFTHBODYHOST} LOCALCHECK=${FIFTHBODYHOSTIP} LOCALREVCHECK=${FIFTHBODYHOSTREVIP} RDNSSERVER="dnsbl.ahbl.org" RDNSNAME1="AHBL (spam source)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check the IP of the sixth message body host, if one exists. # :0 * LOCALTAG ?? no * AHBLSPAMCHECK ?? yes * ! SIXTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SIXTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SIXTHBODYHOST} LOCALCHECK=${SIXTHBODYHOSTIP} LOCALREVCHECK=${SIXTHBODYHOSTREVIP} RDNSSERVER="dnsbl.ahbl.org" RDNSNAME1="AHBL (spam source)" RDNSRESPONSE1="127\.0\.0\.4" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # AHBL Abusive Domains Blocklist # # Check first external domain, if one exists. # :0 * LOCALTAG ?? no * AHBLDOMAINCHECK ?? yes * ! FIRSTEXDOMAIN ?? example\.com { LOCALDESCRIPTION="Received Domain:" LOCALCHECK=${FIRSTEXDOMAIN} LOCALREVCHECK=${FIRSTEXDOMAIN} RDNSSERVER="rhsbl.ahbl.org" RDNSNAME1="AHBL (abusive domain)" RDNSRESPONSE1="127\.0\.0\.[2-3]" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check second external domain, if one exists. # :0 * LOCALTAG ?? no * AHBLDOMAINCHECK ?? yes * ! SECONDEXDOMAIN ?? example\.com * $ ! SECONDEXDOMAIN ?? ${FIRSTEXDOMAIN} { LOCALDESCRIPTION="Received Domain:" LOCALCHECK=${SECONDEXDOMAIN} LOCALREVCHECK=${SECONDEXDOMAIN} RDNSSERVER="rhsbl.ahbl.org" RDNSNAME1="AHBL (abusive domain)" RDNSRESPONSE1="127\.0\.0\.[2-3]" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check third external domain, if one exists. # :0 * LOCALTAG ?? no * AHBLDOMAINCHECK ?? yes * ! THIRDEXDOMAIN ?? example\.com * $ ! THIRDEXDOMAIN ?? ${FIRSTEXDOMAIN} * $ ! THIRDEXDOMAIN ?? ${SECONDEXDOMAIN} { LOCALDESCRIPTION="Received Domain:" LOCALCHECK=${THIRDEXDOMAIN} LOCALREVCHECK=${THIRDEXDOMAIN} RDNSSERVER="rhsbl.ahbl.org" RDNSNAME1="AHBL (abusive domain)" RDNSRESPONSE1="127\.0\.0\.[2-3]" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fourth external domain, if one exists. # :0 * LOCALTAG ?? no * AHBLDOMAINCHECK ?? yes * ! FOURTHEXDOMAIN ?? example\.com * $ ! FOURTHEXDOMAIN ?? ${FIRSTEXDOMAIN} * $ ! FOURTHEXDOMAIN ?? ${SECONDEXDOMAIN} * $ ! FOURTHEXDOMAIN ?? ${THIRDEXDOMAIN} { LOCALDESCRIPTION="Received Domain:" LOCALCHECK=${FOURTHEXDOMAIN} LOCALREVCHECK=${FOURTHEXDOMAIN} RDNSSERVER="rhsbl.ahbl.org" RDNSNAME1="AHBL (abusive domain)" RDNSRESPONSE1="127\.0\.0\.[2-3]" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check first message body domain, if one exists. # :0 * LOCALTAG ?? no * AHBLDOMAINCHECK ?? yes * ! FIRSTBODYDOMAIN ?? example\.com { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${FIRSTBODYDOMAIN} LOCALREVCHECK=${FIRSTBODYDOMAIN} RDNSSERVER="rhsbl.ahbl.org" RDNSNAME1="AHBL (abusive domain)" RDNSRESPONSE1="127\.0\.0\.[2-3]" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check second message body domain, if one exists. # :0 * LOCALTAG ?? no * AHBLDOMAINCHECK ?? yes * ! SECONDBODYDOMAIN ?? example\.com * $ ! SECONDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${SECONDBODYDOMAIN} LOCALREVCHECK=${SECONDBODYDOMAIN} RDNSSERVER="rhsbl.ahbl.org" RDNSNAME1="AHBL (abusive domain)" RDNSRESPONSE1="127\.0\.0\.[2-3]" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check third message body domain, if one exists. # :0 * LOCALTAG ?? no * AHBLDOMAINCHECK ?? yes * ! THIRDBODYDOMAIN ?? example\.com * $ ! THIRDBODYDOMAIN ?? ${FIRSTBODYDOMAIN} * $ ! THIRDBODYDOMAIN ?? ${SECONDBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${THIRDBODYDOMAIN} LOCALREVCHECK=${THIRDBODYDOMAIN} RDNSSERVER="rhsbl.ahbl.org" RDNSNAME1="AHBL (abusive domain)" RDNSRESPONSE1="127\.0\.0\.[2-3]" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fourth message body domain, if one exists. # :0 * LOCALTAG ?? no * AHBLDOMAINCHECK ?? yes * ! FOURTHBODYDOMAIN ?? example\.com * $ ! FOURTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} * $ ! FOURTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} * $ ! FOURTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${FOURTHBODYDOMAIN} LOCALREVCHECK=${FOURTHBODYDOMAIN} RDNSSERVER="rhsbl.ahbl.org" RDNSNAME1="AHBL (abusive domain)" RDNSRESPONSE1="127\.0\.0\.[2-3]" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fifth message body domain, if one exists. # :0 * LOCALTAG ?? no * AHBLDOMAINCHECK ?? yes * ! FIFTHBODYDOMAIN ?? example\.com * $ ! FIFTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} * $ ! FIFTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} * $ ! FIFTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} * $ ! FIFTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${FIFTHBODYDOMAIN} LOCALREVCHECK=${FIFTHBODYDOMAIN} RDNSSERVER="rhsbl.ahbl.org" RDNSNAME1="AHBL (abusive domain)" RDNSRESPONSE1="127\.0\.0\.[2-3]" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check sixth message body domain, if one exists. # :0 * LOCALTAG ?? no * AHBLDOMAINCHECK ?? yes * ! SIXTHBODYDOMAIN ?? example\.com * $ ! SIXTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} * $ ! SIXTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} * $ ! SIXTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} * $ ! SIXTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} * $ ! SIXTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${SIXTHBODYDOMAIN} LOCALREVCHECK=${SIXTHBODYDOMAIN} RDNSSERVER="rhsbl.ahbl.org" RDNSNAME1="AHBL (abusive domain)" RDNSRESPONSE1="127\.0\.0\.[2-3]" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check seventh message body domain, if one exists. # :0 * LOCALTAG ?? no * AHBLDOMAINCHECK ?? yes * ! SEVENTHBODYDOMAIN ?? example\.com * $ ! SEVENTHBODYDOMAIN ?? ${FIRSTBODYDOMAIN} * $ ! SEVENTHBODYDOMAIN ?? ${SECONDBODYDOMAIN} * $ ! SEVENTHBODYDOMAIN ?? ${THIRDBODYDOMAIN} * $ ! SEVENTHBODYDOMAIN ?? ${FOURTHBODYDOMAIN} * $ ! SEVENTHBODYDOMAIN ?? ${FIFTHBODYDOMAIN} * $ ! SEVENTHBODYDOMAIN ?? ${SIXTHBODYDOMAIN} { LOCALDESCRIPTION="Body Domain:" LOCALCHECK=${SEVENTHBODYDOMAIN} LOCALREVCHECK=${SEVENTHBODYDOMAIN} RDNSSERVER="rhsbl.ahbl.org" RDNSNAME1="AHBL (abusive domain)" RDNSRESPONSE1="127\.0\.0\.[2-3]" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Completewhois Bogon Blocklist # # Checks the IP addresses in your headers against the Bogons DNS # list at completewhois.com. A bogon is an unallocated or reserved # IP address that should never appear in email headers for any # reason whatsoever. :0 * LOCALTAG ?? no * CWHOISBOGONCHECK ?? yes * ! FIRSTEXIP ?? 000.000.000.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="bogons.dnsiplists.completewhois.com" RDNSNAME1="Completewhois (Bogons)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * CWHOISBOGONCHECK ?? yes * ! SECONDEXIP ?? 000.000.000.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="bogons.dnsiplists.completewhois.com" RDNSNAME1="Completewhois (Bogons)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * CWHOISBOGONCHECK ?? yes * ! THIRDEXIP ?? 000.000.000.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="bogons.dnsiplists.completewhois.com" RDNSNAME1="Completewhois (Bogons)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * CWHOISBOGONCHECK ?? yes * ! FOURTHEXIP ?? 000.000.000.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="bogons.dnsiplists.completewhois.com" RDNSNAME1="Completewhois (Bogons)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * CWHOISBOGONCHECK ?? yes * ! XORIGINALIP ?? 000.000.000.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="bogons.dnsiplists.completewhois.com" RDNSNAME1="Completewhois (Bogons)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Completewhois Hijacked Netblocks Blocklist # # Checks the IP addresses in your headers against the Hijacked Netblocks # list at completewhois.com. A hijacked netblock is an IP block that is # is no longer controlled by its registered owner. Most email from such # netblocks is spam. :0 * LOCALTAG ?? no * CWHOISHIJACKCHECK ?? yes * ! FIRSTEXIP ?? 000.000.000.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="hijacked.dnsiplists.completewhois.com" RDNSNAME1="Completewhois (Hijacked Netblocks)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * CWHOISHIJACKCHECK ?? yes * ! SECONDEXIP ?? 000.000.000.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="hijacked.dnsiplists.completewhois.com" RDNSNAME1="Completewhois (Hijacked Netblocks)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * CWHOISHIJACKCHECK ?? yes * ! THIRDEXIP ?? 000.000.000.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="hijacked.dnsiplists.completewhois.com" RDNSNAME1="Completewhois (Hijacked Netblocks)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * CWHOISHIJACKCHECK ?? yes * ! FOURTHEXIP ?? 000.000.000.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="hijacked.dnsiplists.completewhois.com" RDNSNAME1="Completewhois (Hijacked Netblocks)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * CWHOISHIJACKCHECK ?? yes * ! XORIGINALIP ?? 000.000.000.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="hijacked.dnsiplists.completewhois.com" RDNSNAME1="Completewhois (Hijacked Netblocks)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # DSBL Multi-Stage Open Relay Check :0 * LOCALTAG ?? no * DSBLMULTICHECK ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="multihop.dsbl.org" RDNSNAME1="DSBL (multi-stage open relay)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Five-Ten Software Group Blacklist Checks # # The Five-Ten Software Group has a bunch of different blacklists, # and the SpamBouncer can be configured to check any of them. # These lists are quite aggressive, so they are scored relatively # lightly if you enable them, but they also contain useful # information. LT2=no :0 * FTSGIGNORECHECK ?? yes { LT2=yes } :0 * FTSGMULTICHECK ?? yes { LT2=yes } :0 * FTSGOPTOUTCHECK ?? yes { LT2=yes } :0 * FTSGRSSCHECK ?? yes { LT2=yes } :0 * FTSGSRCCHECK ?? yes { LT2=yes } :0 * FTSGWEBFORMCHECK ?? yes { LT2=yes } # Check first external IP. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="blackholes.five-ten-sg.com" :0 * FTSGSRCCHECK ?? yes { RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" } :0 * FTSGOPTOUTCHECK ?? yes { RDNSNAME3="Five-Ten-SG (opt-out bulk mailer)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="1" } :0 * FTSGMULTICHECK ?? yes { RDNSNAME4="Five-Ten-SG (multi-stage open relay)" RDNSRESPONSE4="127\.0\.0\.5" RDNSSCORE4="1" } :0 * FTSGRSSCHECK ?? yes { RDNSNAME5="Five-Ten-SG (open relays)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="2" } :0 * FTSGIGNORECHECK ?? yes { RDNSNAME6="Five-Ten-SG (spam support)" RDNSRESPONSE6="127\.0\.0\.7" RDNSSCORE6="1" } :0 * FTSGWEBFORMCHECK ?? yes { RDNSNAME7="Five-Ten-SG (insecure web form)" RDNSRESPONSE7="127\.0\.0\.8" RDNSSCORE7="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check second external IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SECONDEXIP ?? 000\.000\.000\.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="blackholes.five-ten-sg.com" :0 * FTSGSRCCHECK ?? yes { RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" } :0 * FTSGOPTOUTCHECK ?? yes { RDNSNAME3="Five-Ten-SG (opt-out bulk mailer)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="1" } :0 * FTSGIGNORECHECK ?? yes { RDNSNAME6="Five-Ten-SG (spam support)" RDNSRESPONSE6="127\.0\.0\.7" RDNSSCORE6="1" } :0 * FTSGWEBFORMCHECK ?? yes { RDNSNAME7="Five-Ten-SG (insecure web form)" RDNSRESPONSE7="127\.0\.0\.8" RDNSSCORE7="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check third external IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! THIRDEXIP ?? 000\.000\.000\.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="blackholes.five-ten-sg.com" :0 * FTSGSRCCHECK ?? yes { RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" } :0 * FTSGOPTOUTCHECK ?? yes { RDNSNAME3="Five-Ten-SG (opt-out bulk mailer)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="1" } :0 * FTSGIGNORECHECK ?? yes { RDNSNAME6="Five-Ten-SG (spam support)" RDNSRESPONSE6="127\.0\.0\.7" RDNSSCORE6="1" } :0 * FTSGWEBFORMCHECK ?? yes { RDNSNAME7="Five-Ten-SG (insecure web form)" RDNSRESPONSE7="127\.0\.0\.8" RDNSSCORE7="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fourth external IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FOURTHEXIP ?? 000\.000\.000\.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="blackholes.five-ten-sg.com" :0 * FTSGSRCCHECK ?? yes { RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" } :0 * FTSGOPTOUTCHECK ?? yes { RDNSNAME3="Five-Ten-SG (opt-out bulk mailer)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="1" } :0 * FTSGIGNORECHECK ?? yes { RDNSNAME6="Five-Ten-SG (spam support)" RDNSRESPONSE6="127\.0\.0\.7" RDNSSCORE6="1" } :0 * FTSGWEBFORMCHECK ?? yes { RDNSNAME7="Five-Ten-SG (insecure web form)" RDNSRESPONSE7="127\.0\.0\.8" RDNSSCORE7="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check X-Original-IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! XORIGINALIP ?? 000\.000\.000\.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="blackholes.five-ten-sg.com" :0 * FTSGSRCCHECK ?? yes { RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" } :0 * FTSGOPTOUTCHECK ?? yes { RDNSNAME3="Five-Ten-SG (opt-out bulk mailer)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="1" } :0 * FTSGIGNORECHECK ?? yes { RDNSNAME6="Five-Ten-SG (spam support)" RDNSRESPONSE6="127\.0\.0\.7" RDNSSCORE6="1" } :0 * FTSGWEBFORMCHECK ?? yes { RDNSNAME7="Five-Ten-SG (insecure web form)" RDNSRESPONSE7="127\.0\.0\.8" RDNSSCORE7="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check First Body IP, if one exists. # :0 * LOCALTAG ?? no * FTSGSRCCHECK ?? yes * ! FIRSTBODYIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FIRSTBODYIP} LOCALREVCHECK=${FIRSTBODYREVIP} RDNSSERVER="blackholes.five-ten-sg.com" RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check Second Body IP, if one exists. # :0 * LOCALTAG ?? no * FTSGSRCCHECK ?? yes * ! SECONDBODYIP ?? 000\.000\.000\.000 * $ ! SECONDBODYIP ?? ${FIRSTBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${SECONDBODYIP} LOCALREVCHECK=${SECONDBODYREVIP} RDNSSERVER="blackholes.five-ten-sg.com" RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check Third Body IP, if one exists. # :0 * LOCALTAG ?? no * FTSGSRCCHECK ?? yes * ! THIRDBODYIP ?? 000\.000\.000\.000 * $ ! THIRDBODYIP ?? ${FIRSTBODYIP} * $ ! THIRDBODYIP ?? ${SECONDBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${THIRDBODYIP} LOCALREVCHECK=${THIRDBODYREVIP} RDNSSERVER="blackholes.five-ten-sg.com" RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check Fourth Body IP, if one exists. # :0 * LOCALTAG ?? no * FTSGSRCCHECK ?? yes * ! FOURTHBODYIP ?? 000\.000\.000\.000 * $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} * $ ! FOURTHBODYIP ?? ${SECONDBODYIP} * $ ! FOURTHBODYIP ?? ${THIRDBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FOURTHBODYIP} LOCALREVCHECK=${FOURTHBODYREVIP} RDNSSERVER="blackholes.five-ten-sg.com" RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check Fifth Body IP, if one exists. # :0 * LOCALTAG ?? no * FTSGSRCCHECK ?? yes * ! FIFTHBODYIP ?? 000\.000\.000\.000 * $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} * $ ! FIFTHBODYIP ?? ${SECONDBODYIP} * $ ! FIFTHBODYIP ?? ${THIRDBODYIP} * $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FIFTHBODYIP} LOCALREVCHECK=${FIFTHBODYREVIP} RDNSSERVER="blackholes.five-ten-sg.com" RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check Sixth Body IP, if one exists. # :0 * LOCALTAG ?? no * FTSGSRCCHECK ?? yes * ! SIXTHBODYIP ?? 000\.000\.000\.000 * $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} * $ ! SIXTHBODYIP ?? ${SECONDBODYIP} * $ ! SIXTHBODYIP ?? ${THIRDBODYIP} * $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${SIXTHBODYIP} LOCALREVCHECK=${SIXTHBODYREVIP} RDNSSERVER="blackholes.five-ten-sg.com" RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check IP of first Body Host, if one exists. # :0 * LOCALTAG ?? no * FTSGSRCCHECK ?? yes * ! FIRSTBODYHOSTIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FIRSTBODYHOST} LOCALCHECK=${FIRSTBODYHOSTIP} LOCALREVCHECK=${FIRSTBODYHOSTREVIP} RDNSSERVER="blackholes.five-ten-sg.com" RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check IP of second Body Host, if one exists. # :0 * LOCALTAG ?? no * FTSGSRCCHECK ?? yes * ! SECONDBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SECONDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SECONDBODYHOST} LOCALCHECK=${SECONDBODYHOSTIP} LOCALREVCHECK=${SECONDBODYHOSTREVIP} RDNSSERVER="blackholes.five-ten-sg.com" RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check IP of third Body Host, if one exists. # :0 * LOCALTAG ?? no * FTSGSRCCHECK ?? yes * ! THIRDBODYHOSTIP ?? 000\.000\.000\.000 * $ ! THIRDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! THIRDBODYHOSTIP ?? ${SECONDBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${THIRDBODYHOST} LOCALCHECK=${THIRDBODYHOSTIP} LOCALREVCHECK=${THIRDBODYHOSTREVIP} RDNSSERVER="blackholes.five-ten-sg.com" RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check IP of fourth Body Host, if one exists. # :0 * LOCALTAG ?? no * FTSGSRCCHECK ?? yes * ! FOURTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! FOURTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! FOURTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! FOURTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FOURTHBODYHOST} LOCALCHECK=${FOURTHBODYHOSTIP} LOCALREVCHECK=${FOURTHBODYHOSTREVIP} RDNSSERVER="blackholes.five-ten-sg.com" RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check IP of fifth Body Host, if one exists. # :0 * LOCALTAG ?? no * FTSGSRCCHECK ?? yes * ! FIFTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! FIFTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FIFTHBODYHOST} LOCALCHECK=${FIFTHBODYHOSTIP} LOCALREVCHECK=${FIFTHBODYHOSTREVIP} RDNSSERVER="blackholes.five-ten-sg.com" RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check IP of sixth Body Host, if one exists. # :0 * LOCALTAG ?? no * FTSGSRCCHECK ?? yes * ! SIXTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SIXTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SIXTHBODYHOST} LOCALCHECK=${SIXTHBODYHOSTIP} LOCALREVCHECK=${SIXTHBODYHOSTREVIP} RDNSSERVER="blackholes.five-ten-sg.com" RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check IP of seventh Body Host, if one exists. # :0 * LOCALTAG ?? no * FTSGSRCCHECK ?? yes * ! SEVENTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SEVENTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${SIXTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SEVENTHBODYHOST} LOCALCHECK=${SEVENTHBODYHOSTIP} LOCALREVCHECK=${SEVENTHBODYHOSTREVIP} RDNSSERVER="blackholes.five-ten-sg.com" RDNSNAME1="Five-Ten-SG (spam sources)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # MAPS Dial-Up List Check :0 * LOCALTAG ?? no * DULCHECK ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="dialups.mail-abuse.org" RDNSNAME1="the MAPS Dial-Up List" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="5" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # MAPS Realtime Blackhole List Check :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! SECONDEXIP ?? 000\.000\.000\.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! THIRDEXIP ?? 000\.000\.000\.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! FOURTHEXIP ?? 000\.000\.000\.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! XORIGINALIP ?? 000\.000\.000\.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! FIRSTBODYIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FIRSTBODYIP} LOCALREVCHECK=${FIRSTBODYREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! SECONDBODYIP ?? 000\.000\.000\.000 * $ ! SECONDBODYIP ?? ${FIRSTBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${SECONDBODYIP} LOCALREVCHECK=${SECONDBODYREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! THIRDBODYIP ?? 000\.000\.000\.000 * $ ! THIRDBODYIP ?? ${FIRSTBODYIP} * $ ! THIRDBODYIP ?? ${SECONDBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${THIRDBODYIP} LOCALREVCHECK=${THIRDBODYREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! FOURTHBODYIP ?? 000\.000\.000\.000 * $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} * $ ! FOURTHBODYIP ?? ${SECONDBODYIP} * $ ! FOURTHBODYIP ?? ${THIRDBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FOURTHBODYIP} LOCALREVCHECK=${FOURTHBODYREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! FIFTHBODYIP ?? 000\.000\.000\.000 * $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} * $ ! FIFTHBODYIP ?? ${SECONDBODYIP} * $ ! FIFTHBODYIP ?? ${THIRDBODYIP} * $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FIFTHBODYIP} LOCALREVCHECK=${FIFTHBODYREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! SIXTHBODYIP ?? 000\.000\.000\.000 * $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} * $ ! SIXTHBODYIP ?? ${SECONDBODYIP} * $ ! SIXTHBODYIP ?? ${THIRDBODYIP} * $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} * $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${SIXTHBODYIP} LOCALREVCHECK=${SIXTHBODYREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! FIRSTBODYHOSTIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FIRSTBODYHOST} LOCALCHECK=${FIRSTBODYHOSTIP} LOCALREVCHECK=${FIRSTBODYHOSTREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! SECONDBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SECONDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SECONDBODYHOST} LOCALCHECK=${SECONDBODYHOSTIP} LOCALREVCHECK=${SECONDBODYHOSTREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! THIRDBODYHOSTIP ?? 000\.000\.000\.000 * $ ! THIRDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! THIRDBODYHOSTIP ?? ${SECONDBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${THIRDBODYHOST} LOCALCHECK=${THIRDBODYHOSTIP} LOCALREVCHECK=${THIRDBODYHOSTREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! FOURTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! FOURTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! FOURTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! FOURTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FOURTHBODYHOST} LOCALCHECK=${FOURTHBODYHOSTIP} LOCALREVCHECK=${FOURTHBODYHOSTREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! FIFTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! FIFTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FIFTHBODYHOST} LOCALCHECK=${FIFTHBODYHOSTIP} LOCALREVCHECK=${FIFTHBODYHOSTREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! SIXTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SIXTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SIXTHBODYHOST} LOCALCHECK=${SIXTHBODYHOSTIP} LOCALREVCHECK=${SIXTHBODYHOSTREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RBLCHECK ?? yes * ! SEVENTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SEVENTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${SIXTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SEVENTHBODYHOST} LOCALCHECK=${SEVENTHBODYHOSTIP} LOCALREVCHECK=${SEVENTHBODYHOSTREVIP} RDNSSERVER="blackholes.mail-abuse.org" RDNSNAME1="the MAPS RBL" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # MAPS Relay Spam Stopper List Check :0 * LOCALTAG ?? no * RSSCHECK ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="relays.mail-abuse.org" RDNSNAME1="the MAPS RSS" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # ORDB (Open Relay DataBase) check :0 * LOCALTAG ?? no * ORDBCHECK ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="relays.ordb.org" RDNSNAME1="the ORDB" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="3" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # rfc-ignorant.org -- no abuse@ address :0 * LOCALTAG ?? no * RFCABUSECHECK ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="abuse.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (no abuse@ address)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCABUSECHECK ?? yes * ! SECONDEXIP ?? 000\.000\.000\.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="abuse.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (no abuse@ address)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCABUSECHECK ?? yes * ! THIRDEXIP ?? 000\.000\.000\.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="abuse.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (no abuse@ address)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCABUSECHECK ?? yes * ! FOURTHEXIP ?? 000\.000\.000\.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="abuse.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (no abuse@ address)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCABUSECHECK ?? yes * ! XORIGINALIP ?? 000\.000\.000\.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="abuse.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (no abuse@ address)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # rfc-ignorant.org -- Rejects bounces/Mail-From <> :0 * LOCALTAG ?? no * RFCDSNCHECK ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="dsn.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (rejects bounces)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCDSNCHECK ?? yes * ! SECONDEXIP ?? 000\.000\.000\.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="dsn.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (rejects bounces)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCDSNCHECK ?? yes * ! THIRDEXIP ?? 000\.000\.000\.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="dsn.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (rejects bounces)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCDSNCHECK ?? yes * ! FOURTHEXIP ?? 000\.000\.000\.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="dsn.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (rejects bounces)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCDSNCHECK ?? yes * ! XORIGINALIP ?? 000\.000\.000\.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="dsn.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (rejects bounces)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # rfc-ignorant.org -- Invalid Whois information for iP block. :0 * LOCALTAG ?? no * RFCIPWHOISCHECK ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="ipwhois.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (invalid IP whois)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCIPWHOISCHECK ?? yes * ! SECONDEXIP ?? 000\.000\.000\.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="ipwhois.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (invalid IP whois)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCIPWHOISCHECK ?? yes * ! THIRDEXIP ?? 000\.000\.000\.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="ipwhois.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (invalid IP whois)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCIPWHOISCHECK ?? yes * ! FOURTHEXIP ?? 000\.000\.000\.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="ipwhois.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (invalid IP whois)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCIPWHOISCHECK ?? yes * ! XORIGINALIP ?? 000\.000\.000\.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="ipwhois.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (invalid IP whois)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # rfc-ignorant.org -- no postmaster@ address :0 * LOCALTAG ?? no * RFCPOSTMASTERCHECK ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="postmaster.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (no postmaster@ address)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCPOSTMASTERCHECK ?? yes * ! SECONDEXIP ?? 000\.000\.000\.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="postmaster.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (no postmaster@ address)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCPOSTMASTERCHECK ?? yes * ! THIRDEXIP ?? 000\.000\.000\.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="postmaster.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (no postmaster@ address)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCPOSTMASTERCHECK ?? yes * ! FOURTHEXIP ?? 000\.000\.000\.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="postmaster.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (no postmaster@ address)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCPOSTMASTERCHECK ?? yes * ! XORIGINALIP ?? 000\.000\.000\.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="postmaster.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (no postmaster@ address)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # rfc-ignorant.org -- Invalid Whois information for domain. :0 * LOCALTAG ?? no * RFCWHOISCHECK ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="whois.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (invalid domain whois)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCWHOISCHECK ?? yes * ! SECONDEXIP ?? 000\.000\.000\.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="whois.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (invalid domain whois)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCWHOISCHECK ?? yes * ! THIRDEXIP ?? 000\.000\.000\.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="whois.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (invalid domain whois)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCWHOISCHECK ?? yes * ! FOURTHEXIP ?? 000\.000\.000\.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="whois.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (invalid domain whois)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * RFCWHOISCHECK ?? yes * ! XORIGINALIP ?? 000\.000\.000\.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="whois.rfc-ignorant.org" RDNSNAME1="RFC Ignorant (invalid domain whois)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # SORBS checks # # The Spam and Open Relay Blocking System (SORBS) has a DNSBL with # several useful lists. They're all aggressive, and should be used # with caution. LT2=no :0 * SORBSCGICHECK ?? yes { LT2=yes } :0 * SORBSDYNCHECK ?? yes { LT2=yes } :0 * SORBSPROXYCHECK ?? yes { LT2=yes } :0 * SORBSPROXY2CHECK ?? yes { LT2=yes } :0 * SORBSRELAYCHECK ?? yes { LT2=yes } :0 * SORBSSOCKSCHECK ?? yes { LT2=yes } :0 * SORBSSPAMCHECK ?? yes { LT2=yes } :0 * SORBSZOMBIECHECK ?? yes { LT2=yes } # Check first external IP. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSPROXYCHECK ?? yes { RDNSNAME1="SORBS (open HTTP proxies)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" } :0 * SORBSSOCKSCHECK ?? yes { RDNSNAME2="SORBS (open socks proxies)" RDNSRESPONSE2="127\.0\.0\.3" RDNSSCORE2="4" } :0 * SORBSPROXY2CHECK ?? yes { RDNSNAME3="SORBS (other open proxies)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="4" } :0 * SORBSRELAYCHECK ?? yes { RDNSNAME4="SORBS (open relays)" RDNSRESPONSE4="127\.0\.0\.5" RDNSSCORE4="3" } :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSCGICHECK ?? yes { RDNSNAME6="SORBS (insecure web site)" RDNSRESPONSE6="127\.0\.0\.7" RDNSSCORE6="2" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="1" } :0 * SORBSDYNCHECK ?? yes { RDNSNAME8="SORBS (dynamic IP range)" RDNSRESPONSE8="127\.0\.0\.10" RDNSSCORE8="3" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check second external IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SECONDEXIP ?? 000\.000\.000\.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSPROXYCHECK ?? yes { RDNSNAME1="SORBS (open HTTP proxies)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" } :0 * SORBSSOCKSCHECK ?? yes { RDNSNAME2="SORBS (open socks proxies)" RDNSRESPONSE2="127\.0\.0\.3" RDNSSCORE2="4" } :0 * SORBSPROXY2CHECK ?? yes { RDNSNAME3="SORBS (other open proxies)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="4" } :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSCGICHECK ?? yes { RDNSNAME6="SORBS (insecure web site)" RDNSRESPONSE6="127\.0\.0\.7" RDNSSCORE6="2" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check third external IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! THIRDEXIP ?? 000\.000\.000\.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSPROXYCHECK ?? yes { RDNSNAME1="SORBS (open HTTP proxies)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" } :0 * SORBSSOCKSCHECK ?? yes { RDNSNAME2="SORBS (open socks proxies)" RDNSRESPONSE2="127\.0\.0\.3" RDNSSCORE2="4" } :0 * SORBSPROXY2CHECK ?? yes { RDNSNAME3="SORBS (other open proxies)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="4" } :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSCGICHECK ?? yes { RDNSNAME6="SORBS (insecure web site)" RDNSRESPONSE6="127\.0\.0\.7" RDNSSCORE6="2" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fourth external IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FOURTHEXIP ?? 000\.000\.000\.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSPROXYCHECK ?? yes { RDNSNAME1="SORBS (open HTTP proxies)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" } :0 * SORBSSOCKSCHECK ?? yes { RDNSNAME2="SORBS (open socks proxies)" RDNSRESPONSE2="127\.0\.0\.3" RDNSSCORE2="4" } :0 * SORBSPROXY2CHECK ?? yes { RDNSNAME3="SORBS (other open proxies)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="4" } :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSCGICHECK ?? yes { RDNSNAME6="SORBS (insecure web site)" RDNSRESPONSE6="127\.0\.0\.7" RDNSSCORE6="2" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check X-Original-IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! XORIGINALIP ?? 000\.000\.000\.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSPROXYCHECK ?? yes { RDNSNAME1="SORBS (open HTTP proxies)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="4" } :0 * SORBSSOCKSCHECK ?? yes { RDNSNAME2="SORBS (open socks proxies)" RDNSRESPONSE2="127\.0\.0\.3" RDNSSCORE2="4" } :0 * SORBSPROXY2CHECK ?? yes { RDNSNAME3="SORBS (other open proxies)" RDNSRESPONSE3="127\.0\.0\.4" RDNSSCORE3="4" } :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSCGICHECK ?? yes { RDNSNAME6="SORBS (insecure web site)" RDNSRESPONSE6="127\.0\.0\.7" RDNSSCORE6="2" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check first message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FIRSTBODYIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FIRSTBODYIP} LOCALREVCHECK=${FIRSTBODYREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check second message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SECONDBODYIP ?? 000\.000\.000\.000 * $ ! SECONDBODYIP ?? ${FIRSTBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${SECONDBODYIP} LOCALREVCHECK=${SECONDBODYREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check third message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! THIRDBODYIP ?? 000\.000\.000\.000 * $ ! THIRDBODYIP ?? ${FIRSTBODYIP} * $ ! THIRDBODYIP ?? ${SECONDBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${THIRDBODYIP} LOCALREVCHECK=${THIRDBODYREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fourth message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FOURTHBODYIP ?? 000\.000\.000\.000 * $ ! FOURTHBODYIP ?? ${FIRSTBODYIP} * $ ! FOURTHBODYIP ?? ${SECONDBODYIP} * $ ! FOURTHBODYIP ?? ${THIRDBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FOURTHBODYIP} LOCALREVCHECK=${FOURTHBODYREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check fifth message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FIFTHBODYIP ?? 000\.000\.000\.000 * $ ! FIFTHBODYIP ?? ${FIRSTBODYIP} * $ ! FIFTHBODYIP ?? ${SECONDBODYIP} * $ ! FIFTHBODYIP ?? ${THIRDBODYIP} * $ ! FIFTHBODYIP ?? ${FOURTHBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${FIFTHBODYIP} LOCALREVCHECK=${FIFTHBODYREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check sixth message body IP, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SIXTHBODYIP ?? 000\.000\.000\.000 * $ ! SIXTHBODYIP ?? ${FIRSTBODYIP} * $ ! SIXTHBODYIP ?? ${SECONDBODYIP} * $ ! SIXTHBODYIP ?? ${THIRDBODYIP} * $ ! SIXTHBODYIP ?? ${FOURTHBODYIP} * $ ! SIXTHBODYIP ?? ${FIFTHBODYIP} { LOCALDESCRIPTION="Body IP:" LOCALCHECK=${SIXTHBODYIP} LOCALREVCHECK=${SIXTHBODYREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="1" } INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check the IP of the first message body host, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FIRSTBODYHOSTIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FIRSTBODYHOST} LOCALCHECK=${FIRSTBODYHOSTIP} LOCALREVCHECK=${FIRSTBODYHOSTREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="2" } INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check the IP of the second message body host, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SECONDBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SECONDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SECONDBODYHOST} LOCALCHECK=${SECONDBODYHOSTIP} LOCALREVCHECK=${SECONDBODYHOSTREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="2" } INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check the IP of the third message body host, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! THIRDBODYHOSTIP ?? 000\.000\.000\.000 * $ ! THIRDBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! THIRDBODYHOSTIP ?? ${SECONDBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${THIRDBODYHOST} LOCALCHECK=${THIRDBODYHOSTIP} LOCALREVCHECK=${THIRDBODYHOSTREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="2" } INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check the IP of the fourth message body host, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FOURTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! FOURTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! FOURTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! FOURTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FOURTHBODYHOST} LOCALCHECK=${FOURTHBODYHOSTIP} LOCALREVCHECK=${FOURTHBODYHOSTREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="2" } INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check the IP of the fifth message body host, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! FIFTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! FIFTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! FIFTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${FIFTHBODYHOST} LOCALCHECK=${FIFTHBODYHOSTIP} LOCALREVCHECK=${FIFTHBODYHOSTREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="2" } INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check the IP of the sixth message body host, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SIXTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SIXTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} * $ ! SIXTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SIXTHBODYHOST} LOCALCHECK=${SIXTHBODYHOSTIP} LOCALREVCHECK=${SIXTHBODYHOSTREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="2" } INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check the IP of the seventh message body host, if one exists. # :0 * LOCALTAG ?? no * LT2 ?? yes * ! SEVENTHBODYHOSTIP ?? 000\.000\.000\.000 * $ ! SEVENTHBODYHOSTIP ?? ${FIRSTBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${SECONDBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${THIRDBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${FOURTHBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${FIFTHBODYHOSTIP} * $ ! SEVENTHBODYHOSTIP ?? ${SIXTHBODYHOSTIP} { LOCALDESCRIPTION="Body Host:" LOCALDESCRIPTION2="IP:" LOCALHOST=${SEVENTHBODYHOST} LOCALCHECK=${SEVENTHBODYHOSTIP} LOCALREVCHECK=${SEVENTHBODYHOSTREVIP} RDNSSERVER="dnsbl.sorbs.net" :0 * SORBSSPAMCHECK ?? yes { RDNSNAME5="SORBS (spam sources)" RDNSRESPONSE5="127\.0\.0\.6" RDNSSCORE5="3" } :0 * SORBSZOMBIECHECK ?? yes { RDNSNAME7="SORBS (zombie netblock)" RDNSRESPONSE7="127\.0\.0\.9" RDNSSCORE7="2" } INCLUDERC=${SBDIR}/functions/rdnslookup2.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Spamcop.net Check # :0 * LOCALTAG ?? no * SPAMCOPCHECK ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="bl.spamcop.net" RDNSNAME1="SpamCop" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMCOPCHECK ?? yes * ! SECONDEXIP ?? 000\.000\.000\.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="bl.spamcop.net" RDNSNAME1="SpamCop" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMCOPCHECK ?? yes * ! THIRDEXIP ?? 000\.000\.000\.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="bl.spamcop.net" RDNSNAME1="SpamCop" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMCOPCHECK ?? yes * ! FOURTHEXIP ?? 000\.000\.000\.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="bl.spamcop.net" RDNSNAME1="SpamCop" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPAMCOPCHECK ?? yes * ! XORIGINALIP ?? 000\.000\.000\.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="bl.spamcop.net" RDNSNAME1="SpamCop" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # SPEWS (Spam Prevention Early Warning List) Check # # An aggressive, "all in one" list. Use with caution, but I've # found it often lists spammers before the other lists do. There # are two SPEWS blocklists -- Level 1, which lists only spammers # and sites totally controlled by spammers, and Level 2, which # also lists "spam friendly" sites that contain non-spamming # users as well. # :0 * LOCALTAG ?? no * SPEWSCHECK ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="l1.spews.dnsbl.sorbs.net" RDNSNAME1="SPEWS (Level 1)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPEWSCHECK ?? yes * ! SECONDEXIP ?? 000\.000\.000\.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="l1.spews.dnsbl.sorbs.net" RDNSNAME1="SPEWS (Level 1)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPEWSCHECK ?? yes * ! THIRDEXIP ?? 000\.000\.000\.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="l1.spews.dnsbl.sorbs.net" RDNSNAME1="SPEWS (Level 1)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPEWSCHECK ?? yes * ! FOURTHEXIP ?? 000\.000\.000\.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="l1.spews.dnsbl.sorbs.net" RDNSNAME1="SPEWS (Level 1)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPEWSCHECK ?? yes * ! XORIGINALIP ?? 000\.000\.000\.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="l1.spews.dnsbl.sorbs.net" RDNSNAME1="SPEWS (Level 1)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="2" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } # Check SPEWS Level 2, if you dare.... ;> # :0 * LOCALTAG ?? no * SPEWSL2CHECK ?? yes * ! FIRSTEXIP ?? 000\.000\.000\.000 { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="l2.spews.dnsbl.sorbs.net" RDNSNAME1="SPEWS (Level 2)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPEWSL2CHECK ?? yes * ! SECONDEXIP ?? 000\.000\.000\.000 * $ ! SECONDEXIP ?? ${FIRSTEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${SECONDEXIP} LOCALREVCHECK=${SECONDEXREVIP} RDNSSERVER="12.spews.dnsbl.sorbs.net" RDNSNAME1="SPEWS (Level 2)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPEWSL2CHECK ?? yes * ! THIRDEXIP ?? 000\.000\.000\.000 * $ ! THIRDEXIP ?? ${FIRSTEXIP} * $ ! THIRDEXIP ?? ${SECONDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${THIRDEXIP} LOCALREVCHECK=${THIRDEXREVIP} RDNSSERVER="12.spews.dnsbl.sorbs.net" RDNSNAME1="SPEWS (Level 2)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPEWSL2CHECK ?? yes * ! FOURTHEXIP ?? 000\.000\.000\.000 * $ ! FOURTHEXIP ?? ${FIRSTEXIP} * $ ! FOURTHEXIP ?? ${SECONDEXIP} * $ ! FOURTHEXIP ?? ${THIRDEXIP} { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FOURTHEXIP} LOCALREVCHECK=${FOURTHEXREVIP} RDNSSERVER="12.spews.dnsbl.sorbs.net" RDNSNAME1="SPEWS (Level 2)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes } :0 * LOCALTAG ?? no * SPEWSL2CHECK ?? yes * ! XORIGINALIP ?? 000\.000\.000\.000 * $ ! XORIGINALIP ?? ${FIRSTEXIP} * $ ! XORIGINALIP ?? ${SECONDEXIP} * $ ! XORIGINALIP ?? ${THIRDEXIP} * $ ! XORIGINALIP ?? ${FOURTHEXIP} { LOCALDESCRIPTION="X-Original-IP:" LOCALCHECK=${XORIGINALIP} LOCALREVCHECK=${XORIGINALREVIP} RDNSSERVER="12.spews.dnsbl.sorbs.net" RDNSNAME1="SPEWS (Level 2)" RDNSRESPONSE1="127\.0\.0\.2" RDNSSCORE1="1" INCLUDERC=${SBDIR}/functions/rdnslookup.rc } INCLUDERC=${SBDIR}/functions/test-threshold.rc :0 * ! SBCONFIG ?? Debug * SPAMTAG ?? yes { LOCALTAG=yes }