# # vim: set filetype=procmail : # # $Id: dnsbl,v 1.4 2003/01/07 22:30:51 adicvs Exp $ # # This procmail include file is intended to fight spam. It determines the # ip address of the last host prior to reaching on of our trusted hosts. # If the untrusted host is found in any of the various blackhole lists, # a variety of actions can be taken, direct to /dev/null, store in a # special mailbox or just add a special header (good for system wide # installation). # # The hosts we trust not to be open mail relays TRUSTED_HOSTS="([a-z]+.example.com|[a-z]+.example.ca)" # Change to 'yes' or 'no' do ad additional debug headers or logging DNSBL_DEBUG="no" DNSBL_LOG="yes" # The program we use for DNS lookups (5 second timeout) NSLOOKUP="/usr/bin/host" SED="/bin/sed" # The newline for logging purposes NL=" " # Insert a header announcing our presence :0 fhw | formail -A "X-Spam-Info: Checked for SPAM by procmail-dnsbl" # Various patterns we use for matching the Received: header lines PATTERN_RCVD="()\/Received: from.*\[.*[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+.*\].*" PATTERN_PRE="Received: from.*\[.*[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+.*\](.*$)+" PATTERN_IP="Received: from.*\[.*\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" PATTERN_TRUSTED="Received: from.*${TRUSTED_HOSTS}.*\[.*\].*" # Set the ip string to a dummy value IP_STR="xx" IP_REV="xx" # Initialize our Received: header matching variable RECEIVED_HEADERS=${PATTERN_RCVD} INCLUDERC=$DNSBL_DIR/dnsbl_ip # If the IP_STR is unchanged we didn't find Received: lines or didn't # find any untrusted hosts in the header :0 * ! IP_STR ?? xx { # Split the ip string into individual octets and build # the reverse ip string :0 * IP_STR ?? ()\/[0-9]+ { IP_A=${MATCH} :0 * IP_STR ?? [0-9]+\.\/[0-9]+ { IP_B=${MATCH} :0 * IP_STR ?? [0-9]+\.[0-9]+\.\/[0-9]+ { IP_C=${MATCH} :0 * IP_STR ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+ { IP_D=${MATCH} IP_REV=${IP_D}.${IP_C}.${IP_B}.${IP_A} } } } } } # Lookup the untrusted host in the various blacklists if we have a valid # IP_REV # # Note: We could eliminate this condition. Broke out of the deep nesting # for clarity of the script :0 * ! IP_REV ?? xx { # Log the untrusted host :0 * DNSBL_LOG ?? yes { LOG="Checking untrusted host ${IP_STR} against dns blacklists.${NL}" } # Check against relays.ordb.org DNSBL_NS="relays.ordb.org" DNSBL_URI="http://www.ordb.org" INCLUDERC=$DNSBL_DIR/dnsbl_test # Check against bl.spamcop.net DNSBL_NS="bl.spamcop.net" DNSBL_URI="http://www.spamcop.net" INCLUDERC=$DNSBL_DIR/dnsbl_test # Check agains sbl.spamhaus.org DNSBL_NS="sbl.spamhaus.org" DNSBL_URI="http://www.spamhaus.org/SBL" INCLUDERC=$DNSBL_DIR/dnsbl_test # Check against dorkslayers #DNSBL_NS="ztl.dorkslayers.com" #DNSBL_URI="http://www.dorkslayers.com/ztl/" #INCLUDERC=$DNSBL_DIR/dnsbl_test # Check against Wirehub! Internet Blackholes DNSBL_NS="blackholes.wirehub.net" DNSBL_URI="http://basic.wirehub.nl/blackholes.html" INCLUDERC=$DNSBL_DIR/dnsbl_test # Check against DNSRBL-DUN DNSBL_NS="dun.dnsrbl.net" DNSBL_URI="http://www.dnsrbl.com" INCLUDERC=$DNSBL_DIR/dnsbl_test # Check against DNSRBL-SPAM DNSBL_NS="spam.dnsrbl.net" DNSBL_URI="http://www.dnsrbl.com" INCLUDERC=$DNSBL_DIR/dnsbl_test # Check against spamhaus.relays.osirusoft.com #DNSBL_NS="spamhaus.relays.osirusoft.com" #DNSBL_URI=" http://relays.osirusoft.com" #INCLUDERC=$DNSBL_DIR/dnsbl_test # Check against DSBL #DNSBL_NS="list.dsbl.org" #DNSBL_URI="http://www.dsbl.org" #INCLUDERC=$DNSBL_DIR/dnsbl_test } # end