# WHITELISTING OF YOUR OWN EMAIL # # This whitelists carbon copies of email you send to others. # :0 * WHITELISTMYEMAIL ?? yes * FIRSTEXIP ?? ^000\.000\.000\.000$ * ? ${TEST} -f ${MYEMAIL} { LOCALTAG=no :0 * ? ${GREP} -i -x "${FROMEMAIL}" ${MYEMAIL} { LOCALTAG=yes } :0 * LOCALTAG ?? no * ? ${GREP} -i -x "${REPLYTOEMAIL}" ${MYEMAIL} { LOCALTAG=yes } :0 * LOCALTAG ?? yes { SBLOG="A1R-Email From Me" INCLUDERC=${SBDIR}/functions/loglevel.rc :0 { WHITELIST=yes } } } # LOCAL WHITELISTING # # This allows you to whitelist email from users that send from # the servers listed in your LOCALHOSTFILE. If you own/operate # your own hosts, or are on a small server with only a few users, # this is a useful way to speed mail delivery. # :0 * WHITELISTLOCAL ?? yes { :0 * FIRSTEXIP ?? ^000\.000\.000\.000$ { SBLOG="A1R-Local Email" INCLUDERC=${SBDIR}/functions/loglevel.rc :0 { WHITELIST=yes } } } # PGP-ENCRYPTED EMAIL # # Almost never spam -- would be *WAAAYYYY* too much work. :> # LOCALTAG=no # Generic PGP-encrypted email. # :0 B * ^-----BEGIN PGP MESSAGE-----$\ Version:( ).*$($)?$\ ([^ ]+$)+-----END PGP MESSAGE-----$ { LOCALTAG=yes } # Generic PGP-signed email. # :0 B * LOCALTAG ?? no * ^-----BEGIN PGP SIGNED MESSAGE-----$ * ^-----BEGIN PGP SIGNATURE-----$\ Version:( ).*$($)?$\ (.*$)+-----END PGP SIGNATURE-----$ { LOCALTAG=yes } # Generic PGP-MIME PGP-encrypted or PGP-signed email. # :0 * LOCALTAG ?? no * ^Content-Type: (multipart/signed;.*$?.*protocol=\"application/pgp-signature\";|\ multipart/encrypted;.*$?.*protocol=\"application/pgp-encrypted\";) { LOCALTAG=yes } # Outlook-generated PGP-encrypted/signed email. # :0 BH * LOCALTAG ?? no * ^X-MimeOLE: Produced By Microsoft Exchange[^0-9a-z] * ^Thread-Topic: Inline Signed Message$ * ^Thread-Index: [^ ]+$ * ^(- )?--[_-0-9a-z.=]+$Content-Type: text/plain;$[^0-9a-z]*charset=\"[-_0-9a-z.]+\"$\ Content-Transfer-Encoding: quoted-printable$$$-----BEGIN PGP SIGNED MESSAGE-----$Hash: SHA1$ * ^-----BEGIN PGP SIGNATURE-----$Version: PGP [0-9.]+$$(.*$)+-----END PGP SIGNATURE-----$ * ^(- )?--[_-0-9a-z.=]+$Content-Type: application/octet-stream;$[^0-9a-z]*name=\"PGPexch\.htm\.asc\"$\ Content-Transfer-Encoding: base64$Content-Description: PGPexch\.htm\.asc$\ Content-Disposition: attachment;$[^0-9a-z]*filename=\"PGPexch\.htm\.asc\"$$(.*$)+\ (- )?--[_-0-9a-z.=]+$ { LOCALTAG=yes } :0 * LOCALTAG ?? yes { SBLOG="A1R-PGP Encrypted/Signed" INCLUDERC=${SBDIR}/functions/loglevel.rc :0 { WHITELIST=yes } } # SPAMBOUNCER WHITELISTS # Known Legitimate Personal eMail Sources # # This section whitelists email from known legitimate sources, and # particularly order information coming from legitimate businesses # and email from legitimate non-profit organizations that may # get service from less-than-whitehat ISPs. # # I also whitelist specific order information coming from # businesses that do mainsleaze spamming and are otherwise # blocked by the SpamBouncer. # # Anything whitelisted in this section will not be filtered # further, so I whitelist narrowly. That means that, unless a # company or non-profit has a strict non-spamming policy that # it enforces, I will only whitelist specific email addresses # that are used for non-spam purposes. # # I will, however, whitelist entire domains when their policies # and behavior show them to be good guys. :) INCLUDERC=${SBDIR}/white/whitelists.rc # Known Legitimate Bulk eMail Sources # # This section whitelists email from known legitimate mailing lists, # lists that do not spam, and that properly confirm subscriptions. # If your mailing list or ISP are listed here, don't worry. You # aren't being labeled a spammer -- quite the contrary. # INCLUDERC=${SBDIR}/white/whitelists-bulk.rc # AHBL Exemptions Whitelist # # Email from servers on the AHBL Exemptions whitelist can be whitelisted, # just as if you'd listed the domain in your NOBOUNCE or LEGITLISTS files. # :0 * AHBLEXEMPTCHECK ?? yes * ! FIRSTEXIP ?? ^000\.000\.000\.000$ { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="exemptions.ahbl.org" RDNSNAME1="AHBL (exemptions whitelist)" RDNSRESPONSE1="127\.0\.0\.2" INCLUDERC=${SBDIR}/functions/rdnslookup3.rc } # HABEAS -- The Habeas Safelist (Formerly the Habeas Whitelist, # Habeas User's List (HUL)) # # Email from servers on the Habeas Safelist with a response code # of 127.0.0.30 or lower is whitelisted by default, unless you # specifically turn it off. # :0 * HABEASVERIFIED ?? ^COI$ * ^Accreditor: Habeas$ * ! FIRSTEXIP ?? ^000\.000\.000\.000$ { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="sohul.habeas.com" RDNSNAME1="Habeas Whitelist (COI)" RDNSRESPONSE1="127\.0\.0\.([0-9]|[1-2][0-9]|30)" INCLUDERC=${SBDIR}/functions/rdnslookup3.rc } # If you want, you can relax the Habeas settings # to allow all opt-in email, not just confirmed # opt-in, you can do so by setting HABEASVERIFIED=OI # in the variables section of your .procmailrc file. # :0 * HABEASVERIFIED ?? ^OI$ * ^Accreditor: Habeas$ * ! FIRSTEXIP ?? ^000\.000\.000\.000$ { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="sohul.habeas.com" RDNSNAME1="Habeas Whitelist (OI)" RDNSRESPONSE1="127\.0\.0\.([0-9]|[1-4][0-9]|50)" INCLUDERC=${SBDIR}/functions/rdnslookup3.rc } # IADB # # Bulk email from servers on the ISIPP's IADB that comes from # servers that use closed-loop confirmed opt-in (COI) only # ("double opt-in", for you marketers) is whitelisted by # default. # :0 * IADBCHECK ?? ^COI$ * ! FIRSTEXIP ?? ^000\.000\.000\.000$ { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="iadb.isipp.com" RDNSNAME1="IADB (COI)" RDNSRESPONSE1="127\.3\.100\.100?" INCLUDERC=${SBDIR}/functions/rdnslookup3.rc } :0 * IADBCHECK ?? ^OI$ * ! FIRSTEXIP ?? ^000\.000\.000\.000$ { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="iadb.isipp.com" RDNSNAME1="IADB (OI)" RDNSRESPONSE1="127\.3\.100\.([7-9]|10|100)" INCLUDERC=${SBDIR}/functions/rdnslookup3.rc } # IADB2 # # Response: 127.0.0.20 means vouched # Response: 127.0.0.30 means vouched and has SPF and/or MS Caller Id records. # with the isipp # Email from servers on the ISIPP's IADB2 can be whitelisted, # just as if you'd listed the domain in your NOBOUNCE or # LEGITLISTS files. # :0 * IADB2CHECK ?? HIGH * ! FIRSTEXIP ?? ^000\.000\.000\.000$ { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="iadb2.isipp.com" RDNSNAME1="IADB2 (High)" RDNSRESPONSE1="127\.0\.0\.([6-9]0|[1-9][0-9]+0)" INCLUDERC=${SBDIR}/functions/rdnslookup3.rc } :0 * IADB2CHECK ?? MEDIUM * ! FIRSTEXIP ?? ^000\.000\.000\.000$ { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="iadb2.isipp.com" RDNSNAME1="IADB2 (Medium)" RDNSRESPONSE1="127\.0\.0\.([4-9]0|[1-9][0-9]+0)" INCLUDERC=${SBDIR}/functions/rdnslookup3.rc } :0 * IADB2CHECK ?? LOW * ! FIRSTEXIP ?? ^000\.000\.000\.000$ { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="iadb2.isipp.com" RDNSNAME1="IADB2 (Low)" RDNSRESPONSE1="127\.0\.0\.([2-9]0|[1-9][0-9]+0)" INCLUDERC=${SBDIR}/functions/rdnslookup3.rc } # Bonded Sender (IBS) Whitelist # # Email from servers on the Bonded Sender list can be whitelisted, # just as if you'd listed the domain in your NOBOUNCE or # LEGITLISTS files. # :0 * IBSCHECK ?? yes * ! FIRSTEXIP ?? ^000\.000\.000\.000$ { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="query.bondedsender.org" RDNSNAME1="IBS" RDNSRESPONSE1="127\.0\.0\.10" INCLUDERC=${SBDIR}/functions/rdnslookup3.rc } # Bonded Sender Plus (BSP) Whitelist # # Email on the Bonded Sender Plus whitelist is whitelisted # by default. You can disable this whitelist. It is also # disabled if you enable the Bonded Sender whitelist, # since any server listed on the BSP is by definition listed # on the IBS -- no need to check twice. # :0 * BSPCHECK ?? yes * IBSCHECK ?? no * ! FIRSTEXIP ?? ^000\.000\.000\.000$ { LOCALDESCRIPTION="Received IP:" LOCALCHECK=${FIRSTEXIP} LOCALREVCHECK=${FIRSTEXREVIP} RDNSSERVER="plus.bondedsender.org" RDNSNAME1="BSP" RDNSRESPONSE1="127\.0\.0\.10" INCLUDERC=${SBDIR}/functions/rdnslookup3.rc }