# From http://cell.sick.ru/~glebius/sendmail/COMMON_RULESETS # Common rulesets for antispam filtering # $Id: COMMON_RULESETS,v 1.1.1.1 2002/05/15 04:58:43 glebius Exp $ LOCAL_CONFIG # Pattern for normal E-mail address. Used in CheckFrom Kfrompat regex -n -a@MATCH ^[0-9a-zA-Z._-][0-9a-zA-Z.+%_!:*=?-]*[0-9a-zA-Z._*=?-]*$ # Pattern for domain. Used in CheckFrom Kdompat regex -n -a@MATCH ^[0-9a-zA-Z-]+[0-9a-zA-Z.-]*$ # Pattern for OR-mailers HELO. Used in CheckReceived Kbadhelopat regex -a@MATCH ^[^_]+_\[[^]]+\]$ LOCAL_RULESETS SLocal_check_mail # check whether HELO is accepted R$* $: $1 | $&s R$* | Localhost $#error $@ 5.5.4 $: "554 Untrusted HELO string rejected" R$* | $* $: <@> <$1> $| $>SearchList $| <> R<@> <$*> $| <$*> $: <$2> <$1> R <$*> $: @ $1 mark address as no match R<$={Accept}> <$*> $: @ $2 mark address as no match R $* $#error $@ 5.5.4 $: "554 Untrusted HELO string rejected" R $* $#discard $: discard R $* $#error $@ $1.$2.$3 $: $4 R $* $#error $: $1 R<$+> $* $#error $: $1 error from access db R@ $* $1 remove mark # spam check HReceived: $>+CheckReceived HFrom: $>CheckFrom HTo: $>CheckTo HMessage-Id: $>CheckMessageId HX-Mailer: $>+CheckMailer HX-Server: $>CheckMailer HX-Bulkmail: $>BanBulk # virus check HContent-Type: $>CheckCType HContent-disposition: $>CheckSircam HX-Unsent: $>CheckNimda SCheckReceived # check whether HELOs in the trace are accepted R( qmail $- invoked $+ ) ; $* $@ OK handle stupid qmail formats Rfrom $+ by $+ with HTTP id $* $@ OK handle webmails R( $+ @ $+ ) by $* $@ OK handle local deliveries R$+ with $- id $* $1 strip trailing garbage R( apparently ) $+ $1 strip stupid comments Rfrom $* ( HELO ) ( 127 $+ ) $* $@ OK local Qmail deliverers Rfrom $* ( HELO ) $* $#error $@ 5.0.0 $: "501 Empty HELO in Received" Rfrom $* ( HELO $+ ) $* $: from $2 $3 more stupid qmail formats R$* $: $1 | $1 R$* | $- $* ( $* $: <@> <$1> $| $>SearchList $| <> R<@> <$*> $| <$*> $: <$2> <$1> R <$*> $: @ $1 mark token as no match R<$={Accept}> <$*> $: @ $2 mark token as no match R $* $#error $@ 5.5.4 $: "554 Bad HELO in Received rejected" R $* $#discard $: discard R $* $#error $@ $1.$2.$3 $: $4 R $* $#error $: $1 R<$+> $* $#error $: $1 error from access db R@ $* $1 remove mark R$- $* ( $* $: $(badhelopat $2 $: $1 $2 ( $3 $) R@MATCH $#error $@ 5.7.1 $: "554 Blacklisted HELO in Received" R$* $@ OK SCheckFrom # kills mails with russian characters in From: R$* < $+ @ $+ > $: $(frompat $2 $: $1 < $2 @ $3 > $) R@MATCH $#error $@ 5.7.1 $: "553 Illegal characters in SMTP input" R$* < $+ @ $+ > $: $(dompat $3 $: $1 < $2 @ $3 > $) R@MATCH $#error $@ 5.7.1 $: "553 Illegal characters in SMTP input" # Kills unresolvable domains in From: R$* < $+ @ $+ > $: $) > $1 < $2 @ $3 > R> $* < $+ @ $+ > $: <$2> $3 < $4 @ $5 > R $* < $+ @ $+ > $#error $@ 4.1.8 $: "451 Domain of sender address " $3 " does not resolve" R $* < $+ @ $+ > $#error $@ 5.1.8 $: "553 Domain of sender address " $3 " does not exist" R$* $@ OK SCheckTo # Kills To: with empty e-mail R$* <> $#error $@ 5.7.1 $: "553 Header Error" R$* $@ OK SCheckMessageId # Kills invalid Message-Ids R< $+ @ $+ > $@ OK R$* $#error $@ 5.7.1 $: "553 Illegal Message-Id" SBanBulk R$* $#error $@ 5.7.1 $: "554 Spam is blocked" SCheckMailer # Known spam warez database # Давно пора уже через access.db рулить ими :) RAdvanced Direct Remailer $* $#error $@ 5.7.1 $: "554 Spam is blocked" RAdvanced Mass Sender $* $#error $@ 5.7.1 $: "554 Spam is blocked" R$* Bomber $* $#error $@ 5.7.1 $: "554 Spam is blocked" RMega-Mailer $* $#error $@ 5.7.1 $: "554 Spam is blocked" RMMailer $* $#error $@ 5.7.1 $: "554 Spam is blocked" RMailer $* $#error $@ 5.7.1 $: "554 Spam is blocked" RLigra Mailer $* $#error $@ 5.7.1 $: "554 Spam is blocked" RDynamic Opt-In Emailer $* $#error $@ 5.7.1 $: "554 Spam is blocked" R$* Group Spamer $#error $@ 5.7.1 $: "554 Spam is blocked" RMail Sender $* $#error $@ 5.7.1 $: "554 Spam is blocked" RMail Service $* $#error $@ 5.7.1 $: "554 Spam is blocked" RMailloop $* $#error $@ 5.7.1 $: "554 Spam is blocked" RPersMail $* $#error $@ 5.7.1 $: "554 Spam is blocked" RLK SendIt $* $#error $@ 5.7.1 $: "554 Spam is blocked" RWC Mail $* $#error $@ 5.7.1 $: "554 Spam is blocked" RZUBA ZUB $* $#error $@ 5.7.1 $: "554 Spam is blocked" RMailList Express $* $#error $@ 5.7.1 $: "554 Spam is blocked" RCaretop $* $#error $@ 5.7.1 $: "554 Spam is blocked" RMailer Signature $#error $@ 5.7.1 $: "554 Spam is blocked" Rnone $#error $@ 5.7.1 $: "554 Spam is blocked" RPG-MAILINGLIST $#error $@ 5.7.1 $: "554 Spam is blocked" R$* advcomtest $* $#error $@ 5.7.1 $: "554 Spam is blocked" R$* Direct Email Easy $* $#error $@ 5.7.1 $: "554 Spam is blocked" # Real Outlook has long versions, kinda 5.0.23123244 RMicrosoft Outlook Express 5.0 $#error $@ 5.7.1 $: "554 Spam is blocked" RVersion 5.0 $#error $@ 5.7.1 $: "554 Spam is blocked" # Block all one-word mailers except of these: Rnethack $@ OK RZ-Mail-SGI $@ OK R$- $#error $@ 5.7.1 $: "554 Spam is blocked" # Block empty header R$* $: < $1 > R< > $#error $@ 5.7.1 $: "554 Illegal header" R$* $@ OK SCheckSircam Rmultipart message $#error $@ 5.7.1 $: "554 Sircam infected message" R$* $@ OK SCheckNimda R$* $#error $@ 5.7.1 $: "554 Nimda virus found" SCheckCType R$* boundary= "bound" $* $#error $@ 5.7.1 $: "554 Virus Win32.Aliz found" R$* boundary= "====_ABC1234567890DEF_====" $* $#error $@ 5.7.1 $: "554 Virus Nimda/Badtrans found" R$* boundary= "====_ABC123456j7890DEF_====" $* $#error $@ 5.7.1 $: "554 Virus Nimda/Badtrans found" R$* $@ OK