#################################################################### # # FLT_spamhaus # #################################################################### SUB1=`formail -zxSubject:` DATE1=`date +"%d/%m/%Y %T"` #################################################################### # Open Relay check from uses sbl-xbl lists # and others #################################################################### LOG="($TDPID) FLT_spamhaus : begin first IP (`date '+%Y-%m-%d %H:%M:%S'`) " ########## first IP ########## :0 H * Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ { RECEIVIP=${MATCH} :0 * ! RECEIVIP ?? 127.0.0.1 { :0 * RECEIVIP ?? ()\/[0-9]+ { QUAD1=${MATCH} :0 * RECEIVIP ?? [0-9]+\.\/[0-9]+ { QUAD2=${MATCH} :0 * RECEIVIP ?? [0-9]+\.[0-9]+\.\/[0-9]+ { QUAD3=${MATCH} :0 * RECEIVIP ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+ { RECEIVIPREV="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}" } } } ################ sbl-xbl.spamhaus.org ############################## LOG="($TDPID) FLT_spamhaus : 1 : sbl-xbl.spamhaus.org " :0 { REVCHECKIP=`host ${RECEIVIPREV}.sbl-xbl.spamhaus.org 2>&1 | grep -v 'not found.'` } :0 * $ REVCHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****sbl-xbl.spamhaus.org***** $SUB1" :0 * ^Subject:.*(*****sbl-xbl.spamhaus.org*****) .ATTENTION.HOST_sbl-xbl.spamhaus.org/ } ################ cbl.abuseat.org ################################### LOG="($TDPID) FLT_spamhaus : 1 : cbl.abuseat.org " :0 { REVCHECKIP=`host ${RECEIVIPREV}.cbl.abuseat.org 2>&1 | grep -v 'not found.'` } :0 * $ REVCHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****cbl.abuseat.org***** $SUB1" :0 * ^Subject:.*(*****cbl.abuseat.org*****) .ATTENTION.HOST_cbl.abuseat.org/ } ################ relays.ordb.org ################################### LOG="($TDPID) FLT_spamhaus : 1 : relays.ordb.org " :0 { REVCHECKIP=`host ${RECEIVIPREV}.relays.ordb.org 2>&1 | grep -v 'not found.'` } :0 * $ REVCHECKIP ?? 127\.0\.0\.(2|4) { :0 fhw | formail -i "Subject: *****relays.ordb.org***** $SUB1" :0 * ^Subject:.*(*****relays.ordb.org*****) .ATTENTION.HOST_relays.ordb.org/ } ################ opm.blitzed.org ################################### LOG="($TDPID) FLT_spamhaus : 1 : opm.blitzed.org " :0 { REVCHECKIP=`host ${RECEIVIPREV}.opm.blitzed.org 2>&1 | grep -v 'not found.'` } :0 * $ REVCHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****opm.blitzed.org***** $SUB1" :0 * ^Subject:.*(*****opm.blitzed.org*****) .ATTENTION.HOST_opm.blitzed.org/ } ################ list.dsbl.org ##################################### LOG="($TDPID) FLT_spamhaus : 1 : list.dsbl.org " :0 { REVCHECKIP=`host ${RECEIVIPREV}.list.dsbl.org 2>&1 | grep -v 'not found.'` } :0 * $ REVCHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****list.dsbl.org***** $SUB1" :0 * ^Subject:.*(*****list.dsbl.org*****) .ATTENTION.HOST_list.dsbl.org/ } ################ dul.dnsbl.sorbs.org ############################### LOG="($TDPID) FLT_spamhaus : 1 : dul.dnsbl.sorbs.org " :0 { REVCHECKIP=`host ${RECEIVIPREV}.dul.dnsbl.sorbs.org 2>&1 | grep -v 'not found.'` } :0 * $ REVCHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****dul.dnsbl.sorbs.org***** $SUB1" :0 * ^Subject:.*(*****dul.dnsbl.sorbs.org*****) .ATTENTION.HOST_dul.dnsbl.sorbs.org/ } ################ blackholes.mail-abuse.org ######################### LOG="($TDPID) FLT_spamhaus : 1 : blackholes.mail-abuse.org " :0 { REVCHECKIP=`host ${RECEIVIPREV}.blackholes.mail-abuse.org 2>&1 | grep -v 'not found.'` } :0 * $ REVCHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****blackholes.mail-abuse.org***** $SUB1" :0 * ^Subject:.*(*****blackholes.mail-abuse.org*****) .ATTENTION.HOST_blackholes.mail-abuse.org/ } ################ dialups.mail-abuse.org ######################### LOG="($TDPID) FLT_spamhaus : 1 : dialups.mail-abuse.org " :0 { REVCHECKIP=`host ${RECEIVIPREV}.dialups.mail-abuse.org 2>&1 | grep -v 'not found.'` } :0 * $ REVCHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****dialups.mail-abuse.org***** $SUB1" :0 * ^Subject:.*(*****dialups.mail-abuse.org*****) .ATTENTION.HOST_dialups.mail-abuse.org/ } } } } ########## second IP ########## LOG="($TDPID) FLT_spamhaus : begin second IP " :0 H * Received: from.*\[.*\](.*$)+Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ { RECEIVIP2=${MATCH} :0 * ! RECEIVIP2 ?? 127.0.0.1 { :0 * RECEIVIP2 ?? ()\/[0-9]+ { QUAD1=${MATCH} :0 * RECEIVIP2 ?? [0-9]+\.\/[0-9]+ { QUAD2=${MATCH} :0 * RECEIVIP2 ?? [0-9]+\.[0-9]+\.\/[0-9]+ { QUAD3=${MATCH} :0 * RECEIVIP2 ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+ { RECEIVIP2REV="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}" } } } ################ sbl-xbl.spamhaus.org ################################### LOG="($TDPID) FLT_spamhaus : 2 : sbl-xbl.spamhaus.org " :0 { REV2CHECKIP=`host ${RECEIVIP2REV}.sbl-xbl.spamhaus.org 2>&1 | grep -v 'not found.'` } :0 * $ REV2CHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****sbl-xbl.spamhaus.org***** $SUB1" :0 * ^Subject:.*(*****sbl-xbl.spamhaus.org*****) .ATTENTION.HOST_sbl-xbl.spamhaus.org/ } ################ cbl.abuseat.org ################################### LOG="($TDPID) FLT_spamhaus : 2 : cbl.abuseat.org " :0 { REV2CHECKIP=`host ${RECEIVIP2REV}.cbl.abuseat.org 2>&1 | grep -v 'not found.'` } :0 * $ REV2CHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****cbl.abuseat.org***** $SUB1" :0 * ^Subject:.*(*****cbl.abuseat.org*****) .ATTENTION.HOST_cbl.abuseat.org/ } ################ relays.ordb.org ################################### LOG="($TDPID) FLT_spamhaus : 2 : relays.ordb.org " :0 { REV2CHECKIP=`host ${RECEIVIP2REV}.relays.ordb.org 2>&1 | grep -v 'not found.'` } :0 * $ REV2CHECKIP ?? 127\.0\.0\.(2|4) { :0 fhw | formail -i "Subject: *****relays.ordb.org***** $SUB1" :0 * ^Subject:.*(*****relays.ordb.org*****) .ATTENTION.HOST_relays.ordb.org/ } ################ opm.blitzed.org ################################### LOG="($TDPID) FLT_spamhaus : 2 : opm.blitzed.org " :0 { REV2CHECKIP=`host ${RECEIVIP2REV}.opm.blitzed.org 2>&1 | grep -v 'not found.'` } :0 * $ REV2CHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****opm.blitzed.org***** $SUB1" :0 * ^Subject:.*(*****opm.blitzed.org*****) .ATTENTION.HOST_opm.blitzed.org/ } ################ list.dsbl.org ################################### LOG="($TDPID) FLT_spamhaus : 2 : list.dsbl.org " :0 { REV2CHECKIP=`host ${RECEIVIP2REV}.list.dsbl.org 2>&1 | grep -v 'not found.'` } :0 * $ REV2CHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****list.dsbl.org***** $SUB1" :0 * ^Subject:.*(*****list.dsbl.org*****) .ATTENTION.HOST_list.dsbl.org/ } ################ dul.dnsbl.sorbs.org ############################### LOG="($TDPID) FLT_spamhaus : 2 : dul.dnsbl.sorbs.org " :0 { REV2CHECKIP=`host ${RECEIVIP2REV}.dul.dnsbl.sorbs.org 2>&1 | grep -v 'not found.'` } :0 * $ REV2CHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****dul.dnsbl.sorbs.org***** $SUB1" :0 * ^Subject:.*(*****dul.dnsbl.sorbs.org*****) .ATTENTION.HOST_dul.dnsbl.sorbs.org/ } ################ blackholes.mail-abuse.org ######################### LOG="($TDPID) FLT_spamhaus : 2 : blackholes.mail-abuse.org " :0 { REV2CHECKIP=`host ${RECEIVIP2REV}.blackholes.mail-abuse.org 2>&1 | grep -v 'not found.'` } :0 * $ REV2CHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****blackholes.mail-abuse.org***** $SUB1" :0 * ^Subject:.*(*****blackholes.mail-abuse.org*****) .ATTENTION.HOST_blackholes.mail-abuse.org/ } ################ dialups.mail-abuse.org ############################ LOG="($TDPID) FLT_spamhaus : 2 : dialups.mail-abuse.org " :0 { REV2CHECKIP=`host ${RECEIVIP2REV}.dialups.mail-abuse.org 2>&1 | grep -v 'not found.'` } :0 * $ REV2CHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****dialups.mail-abuse.org***** $SUB1" :0 * ^Subject:.*(*****dialups.mail-abuse.org*****) .ATTENTION.HOST_dialups.mail-abuse.org/ } } } } ########################################### END-OF-SPAMHAUS ######## LOG="($TDPID) FLT_spamhaus : End (`date '+%Y-%m-%d %H:%M:%S'`) " # LOG="($TDPID) FLT_spamhaus : Save sender "IP" and "From" to logfile # " # :0c # | $HOME/bin/tdmail_send $RECEIVIP2