# sb3.rc
#
#  Called by sb2.rc, if email is not classified as a bounce or
#  from MAILER-DAEMON or suchlike.
#

# GET HEADER INFORMATION
#
#  This script extracts the domains and IPs from the message's
#  header.
#

INCLUDERC=${SBDIR}/functions/getheaderinfo.rc

# EMAIL VIRUS FILTERS
#
# Filters to catch common email viruses, many of them set up to spam themselves
# without the sender's knowledge.  Since you are considerably =MORE= likely
# to get these viruses from people you normally correspond with than from
# strangers, this recipe alone is put outside of the NOBOUNCE filters, and
# is run on all email the SpamBouncer processes.
#
# The SpamBouncer's internal virus checking can be turned off, however, by
# setting VIRUSCHECKING=no in your .procmailrc file.  You may want to do this
# if you use another, presumably more powerful, antivirus program on your
# mail server and don't want to waste CPU cycles.

DANGEROUS=no

:0
* VIRUSCHECKING ?? yes
* LEANTAG ?? no
* H ?? ^Content-Type: multipart/(alternative|mixed|related)
* B ?? ^(- )?--[^ ]+$\
        ([^0-9a-z]*[a-z][-_0-9a-z]+[:=].*$)*\
        Content-Type: (application/[^ ;]*|\
                       audio/x-wav);$\
        ([^0-9a-z]*[a-z][-_0-9a-z]+[:=].*$)*$\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]+$\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]+$\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\
        [^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]+$
{
 INCLUDERC=${SBDIR}/dangerous/virus-patterns.rc
}

:0
* DANGEROUSCHECKING ?? yes
* DANGEROUS ?? no
{
 INCLUDERC=${SBDIR}/dangerous/dangerous-content-patterns.rc
}

:0
* DANGEROUS ?? no
{
 INCLUDERC=${SBDIR}/black/viruscruft-patterns.rc
}

# If you're running with SBCONFIG=Debug, this makes sure that
# a "hit" on the virus or dangerous content checks doesn't stop
# filtering.  Otherwise, anything detected as a virus, virus remnant or
# dangerous content is not filtered further.
#
:0
* SBCONFIG ?? Debug
{ DANGEROUS=no }

# Start of "else" wrapper so that dangerous content matches skip remaining
# filters.
:0
* DANGEROUS ?? no
{
 INCLUDERC=${SBDIR}/sb4.rc
}

# End of :0 E wrapper around Virus Filter/DANGEROUS

# Tag the email with the SpamBouncer Score
#
SBLOGFLAGS="ALWAYS 1 SCORE"
SBLOG="${SBSCORE} (Spam Threshold: ${SPAMLEVEL}) (Block Threshold: ${BLOCKLEVEL})"
#SBLOG="A1O-${SBSCORE} (Spam Threshold: ${SPAMLEVEL}) (Block Threshold: ${BLOCKLEVEL})"
INCLUDERC=${SBDIR}/functions/loglevel.rc

# SPAM REPORTING

# SpamCop
#
# Report messages identifed as spam to spamcop.net if the user specifies
# that as the reporting method when spambouncer is running in filter mode.
#
# Updated 3/14/2005 -GE
#
#  Re-wrote this section based on discussion with Julian Haight
#  Also implemented the spamcop.net handshake before handoff of the
#  spam emails.
#
#  Reference URL: http://spamcop.net/
#
#  See the notes in functions/report-sc.rc for more information

:0
* SPAMCOPREPORT ?? ^(QUICK|NORMAL|MIXED)$
* 1^0 SPAMTAG ?? yes
* 1^0 BLOCKTAG ?? yes
* 1^0 VIRUSTAG ?? yes
* 1^0 DANGEROUS ?? yes
* ! FIRSTEXIP ?? ^000\.000\.000\.000$
{
 :0
 {
  SBSPAMCOPHANDSHAKE=`${SBHOST} ${FIRSTEXREVIP}.sb.spamcop.net`
  SPAMCOPQUALIFY=20
 }

 :0
 * SBSPAMCOPHANDSHAKE ?? 127\.0\.[0-9][0-9]?[0-9]?\.[0-9][0-9]?[0-9]?$
 {
  :0
  * ! SBSPAMCOPHANDSHAKE ?? 127\.0\.0\.1$
  * SBSPAMCOPHANDSHAKE ?? 127\.0\.\/[0-9][0-9]?[0-9]?
  {
   SPAMCOPQUALIFY=${MATCH}
   SBLOG="L5-Spamcop Handshake: Spamcop is accepting quick spam reports for IP ${FIRSTEXIP} with SpamBouncer scores at or above ${SPAMCOPQUALIFY}"
   INCLUDERC=${SBDIR}/functions/loglevel.rc
  }

  :0
  * SBSPAMCOPHANDSHAKE ?? 127\.0\.0\.1$
  {
   SPAMCOPREPORT=NONE
   SBLOG="L5-Spamcop Handshake: Spamcop is not accepting automated spam submissions for IP ${FIRSTEXIP} at this time."
   INCLUDERC=${SBDIR}/functions/loglevel.rc
  }
 }

 :0 E
 {
  SPAMCOPREPORT=NONE
  SBLOG="L5-Spamcop Handshake: Handshake timeout. Servers may be down or lagged. No automated report will be sent."
  INCLUDERC=${SBDIR}/functions/loglevel.rc
 }

 :0
 * DANGEROUS ?? yes
 * ! SPAMCOPREPORT ?? NONE
 {
  SBLOG="L5-Spamcop quick report mode. Dangerous Content Detected."
  INCLUDERC=${SBDIR}/functions/loglevel.rc
  SPAMCOPEMAIL=spambouncer@spam.spamcop.net
  INCLUDERC=${SBDIR}/functions/report-sc.rc
  SPAMCOPREPORT=NONE
 }

 :0 E
 * H ?? ^X-SBRule: .* is in SpamCop$
 * SPAMCOPREPORT ?? QUICK
 {
  SBLOG="L5-Spamcop quick report mode. Blacklisted by Spamcop."
  INCLUDERC=${SBDIR}/functions/loglevel.rc
  SPAMCOPEMAIL=spambouncer@spam.spamcop.net
  INCLUDERC=${SBDIR}/functions/report-sc.rc
  SPAMCOPREPORT=NONE
 }

 :0 E
 * 1^0
 * $ -${SPAMCOPQUALIFY}^0
 * $ ${SBSCORE}^0
 * SPAMCOPREPORT ?? QUICK
 {
  SBLOG="L5-Spamcop quick report mode. SpamBouncer Qualified."
  INCLUDERC=${SBDIR}/functions/loglevel.rc
  SPAMCOPEMAIL=spambouncer@spam.spamcop.net
  INCLUDERC=${SBDIR}/functions/report-sc.rc
  SPAMCOPREPORT=NONE
 }

 :0
 * SPAMCOPREPORT ?? NORMAL
 * ! SPAMCOPEMAIL ?? spambouncer@spam.spamcop.net
 * ! SPAMCOPEMAIL ?? noemail@example.com
 {
  SBLOG="L5-Spamcop normal report mode. Spambouncer Qualified."
  INCLUDERC=${SBDIR}/functions/loglevel.rc
  INCLUDERC=${SBDIR}/functions/report-sc.rc
  SPAMCOPREPORT=NONE
 }

 :0
 * SPAMCOPREPORT ?? MIXED
 {
  :0
  * H ?? ^X-SBRule: .* is in SpamCop
  {
   SBLOG="L5-Spamcop mixed quick/normal reporting mode set to quick. Blacklisted by Spamcop."
   INCLUDERC=${SBDIR}/functions/loglevel.rc
   SPAMCOPEMAIL=spambouncer@spam.spamcop.net
  }

  :0 E
  * 1^0
  * $ -${SPAMCOPQUALIFY}^0
  * $ ${SBSCORE}^0
  {
   SBLOG="L5-Spamcop mixed quick/normal reporting mode set to quick. SpamBouncer Qualified."
   INCLUDERC=${SBDIR}/functions/loglevel.rc
   SPAMCOPEMAIL=spambouncer@spam.spamcop.net
  }

  :0
  * ! SPAMCOPEMAIL ?? noemail@example.com
  {
   :0
   * ! SPAMCOPEMAIL ?? spambouncer@spam.spamcop.net
   {
    SBLOG="L5-Spamcop mixed quick/normal reporting mode set to normal. SpamBouncer Qualified."
    INCLUDERC=${SBDIR}/functions/loglevel.rc
   }
   INCLUDERC=${SBDIR}/functions/report-sc.rc
  }
  SPAMCOPREPORT=NONE
 }
}

# BLOCKED EMAIL NOTIFICATION ROUTINE
:0
* BLOCKTAG ?? yes
* BLOCKREPLY ?? NOTIFY
* ! ADMINTAG ?? yes
* ! BULKTAG ?? yes
* ! SPAMTAG ?? yes
{
 :0
 { BLOCKPID=`${ECHO} $$` }

 :0 c:
 blocktemp.${BLOCKPID}

 :0 c: blocktemp.${BLOCKPID}.lock
 | (${FORMAIL} -rt \
    -I"From: ${ALTFROM}" \
    -I"Subject: Blocked Email Notification" \
    -A"X-Loop: ${NOLOOP}";\
    ${CAT} ${SBDIR}/text/notify.txt;\
    ${ECHO} " ********** The password is ${BYPASSWD}. **********";\
    ${ECHO} " ";\
    ${ECHO} "=-=-=-=-=-=-=-=-=-=";\
    ${ECHO} " ";\
    ${CAT} blocktemp.${BLOCKPID};\
    ${RM} -f blocktemp.${BLOCKPID}) \
    | ${SENDMAIL} -oi -t
}