-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdnsbl.toml
217 lines (200 loc) · 10.3 KB
/
dnsbl.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
[spam-filter.dnsbl.server.STWT_RBL_SPAMHAUS_IP]
enable = true
zone = "ip_reverse + '.zen.spamhaus.org'"
tag = [ { if = "octets[0] != 127", then = "false" },
{ if = "octets[3] == 2", then = "if_then(location == 'tcp', 'RBL_SPAMHAUS_SBL', 'RECEIVED_SPAMHAUS_SBL')" },
{ if = "octets[3] == 3", then = "if_then(location == 'tcp', 'RBL_SPAMHAUS_CSS', 'RECEIVED_SPAMHAUS_CSS')" },
{ if = "octets[3] >= 4 && octets[3] <= 7", then = "if_then(location == 'tcp', 'RBL_SPAMHAUS_XBL', 'RECEIVED_SPAMHAUS_XBL')" },
{ if = "octets[3] == 9", then = "if_then(location == 'tcp', 'RBL_SPAMHAUS_DROP', 'RECEIVED_SPAMHAUS_DROP')" },
{ if = "(octets[3] == 10 || octets[3] == 11)", then = "if_then(location == 'tcp', 'RBL_SPAMHAUS_PBL', 'RECEIVED_SPAMHAUS_PBL')" },
{ if = "octets[3] == 254", then = "if_then(location == 'tcp', 'RBL_SPAMHAUS_BLOCKED_OPENRESOLVER', 'RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER')" },
{ if = "octets[3] == 255", then = "if_then(location == 'tcp', 'RBL_SPAMHAUS_BLOCKED', 'RECEIVED_SPAMHAUS_BLOCKED')" },
{ else = false } ]
scope = "ip"
[spam-filter.dnsbl.server.STWT_RBL_MAILSPIKE_IP]
enable = true
zone = [ { if = "location == 'tcp'", then = "ip_reverse + '.rep.mailspike.net'" },
{ else = false } ]
tag = [ { if = "octets[0] != 127", then = "false" },
{ if = "octets[3] == 10", then = "'RBL_MAILSPIKE_WORST'" },
{ if = "octets[3] == 11", then = "'RBL_MAILSPIKE_VERYBAD'" },
{ if = "octets[3] == 12", then = "'RBL_MAILSPIKE_BAD'" },
{ if = "octets[3] >= 13 && octets[3] <= 16", then = "'RWL_MAILSPIKE_NEUTRAL'" },
{ if = "octets[3] == 17", then = "'RWL_MAILSPIKE_POSSIBLE'" },
{ if = "octets[3] == 18", then = "'RWL_MAILSPIKE_GOOD'" },
{ if = "octets[3] == 19", then = "'RWL_MAILSPIKE_VERYGOOD'" },
{ if = "octets[3] == 20", then = "'RWL_MAILSPIKE_EXCELLENT'" },
{ else = false } ]
scope = "ip"
[spam-filter.dnsbl.server.STWT_RBL_SENDERSCORE_IP]
enable = false
zone = [ { if = "location == 'tcp'", then = "ip_reverse + '.bl.score.senderscore.com'" },
{ else = false } ]
tag = [ { if = "octets[0] != 127", then = "false" },
{ if = "octets[3] == 1", then = "'RBL_SENDERSCORE_BOT'" },
{ if = "octets[3] == 2", then = "'RBL_SENDERSCORE_NA'" },
{ if = "octets[3] == 3", then = "'RBL_SENDERSCORE_NA_BOT'" },
{ if = "octets[3] == 4", then = "'RBL_SENDERSCORE_PRST'" },
{ if = "octets[3] == 5", then = "'RBL_SENDERSCORE_PRST_BOT'" },
{ if = "octets[3] == 6", then = "'RBL_SENDERSCORE_PRST_NA'" },
{ if = "octets[3] == 7", then = "'RBL_SENDERSCORE_PRST_NA_BOT'" },
{ if = "octets[3] == 8", then = "'RBL_SENDERSCORE_SUS_ATT'" },
{ if = "octets[3] == 10", then = "'RBL_SENDERSCORE_SUS_ATT_NA'" },
{ if = "octets[3] == 11", then = "'RBL_SENDERSCORE_SUS_ATT_NA_BOT'" },
{ if = "octets[3] == 14", then = "'RBL_SENDERSCORE_SUS_ATT_PRST_NA'" },
{ if = "octets[3] == 15", then = "'RBL_SENDERSCORE_SUS_ATT_PRST_NA_BOT'" },
{ if = "octets[3] == 16", then = "'RBL_SENDERSCORE_SCORE'" },
{ if = "octets[3] == 18", then = "'RBL_SENDERSCORE_SCORE_NA'" },
{ if = "octets[3] == 20", then = "'RBL_SENDERSCORE_SCORE_PRST'" },
{ if = "octets[3] == 22", then = "'RBL_SENDERSCORE_SCORE_PRST_NA'" },
{ if = "octets[3] == 26", then = "'RBL_SENDERSCORE_SCORE_SUS_ATT_NA'" },
{ if = "octets[3] == 255", then = "'RBL_SENDERSCORE_BLOCKED'" },
{ else = false } ]
scope = "ip"
[spam-filter.dnsbl.server.STWT_RBL_SENDERSCORE_REPUT_IP]
enable = true
zone = [ { if = "location == 'tcp'", then = "ip_reverse + '.score.senderscore.com'" },
{ else = false } ]
tag = [ { if = "octets[0] != 127", then = "false" },
{ if = "octets[3] < 10", then = "'RBL_SENDERSCORE_REPUT_0'" },
{ if = "octets[3] >= 10 && octets[3] <= 19", then = "'RBL_SENDERSCORE_REPUT_1'" },
{ if = "octets[3] >= 20 && octets[3] <= 29", then = "'RBL_SENDERSCORE_REPUT_2'" },
{ if = "octets[3] >= 30 && octets[3] <= 39", then = "'RBL_SENDERSCORE_REPUT_3'" },
{ if = "octets[3] >= 40 && octets[3] <= 49", then = "'RBL_SENDERSCORE_REPUT_4'" },
{ if = "octets[3] >= 50 && octets[3] <= 59", then = "'RBL_SENDERSCORE_REPUT_5'" },
{ if = "octets[3] >= 60 && octets[3] <= 69", then = "'RBL_SENDERSCORE_REPUT_6'" },
{ if = "octets[3] >= 70 && octets[3] <= 79", then = "'RBL_SENDERSCORE_REPUT_7'" },
{ if = "octets[3] >= 80 && octets[3] <= 89", then = "'RBL_SENDERSCORE_REPUT_8'" },
{ if = "octets[3] >= 90 && octets[3] <= 100", then = "'RBL_SENDERSCORE_REPUT_9'" },
{ if = "octets[3] == 255", then = "'RBL_SENDERSCORE_REPUT_BLOCKED'" },
{ else = false } ]
scope = "ip"
[spam-filter.dnsbl.server.STWT_RBL_SEM_IP]
enable = true
zone = [ { if = "location == 'tcp' && is_v4", then = "ip_reverse + '.bl.spameatingmonkey.net'" },
{ if = "location == 'tcp' && is_v6", then = "ip_reverse + '.bl.ipv6.spameatingmonkey.net'" },
{ else = false } ]
tag = [ { if = "!is_empty(ip)", then = "'RBL_SEM'" },
{ else = false } ]
scope = "ip"
[spam-filter.dnsbl.server.STWT_RBL_VIRUSFREE_IP]
enable = true
zone = [ { if = "location == 'tcp'", then = "ip_reverse + '.bip.virusfree.cz'" },
{ else = false } ]
tag = [ { if = "ip == '127.0.0.2'", then = "'RBL_VIRUSFREE_BOTNET'" },
{ else = false } ]
scope = "ip"
[spam-filter.dnsbl.server.STWT_RBL_SPAMCOP_IP]
enable = true
zone = [ { if = "location == 'tcp'", then = "ip_reverse + '.bl.spamcop.net'" },
{ else = false } ]
tag = [ { if = "!is_empty(ip)", then = "'RBL_SPAMCOP'" },
{ else = false } ]
scope = "ip"
[spam-filter.dnsbl.server.STWT_RBL_BARRACUDA_IP]
enable = true
zone = [ { if = "location == 'tcp'", then = "ip_reverse + '.b.barracudacentral.org'" },
{ else = false } ]
tag = [ { if = "!is_empty(ip)", then = "'RBL_BARRACUDA'" },
{ else = false } ]
scope = "ip"
[spam-filter.dnsbl.server.STWT_RBL_BLOCKLISTDE_IP]
enable = true
zone = "ip_reverse + '.bl.blocklist.de'"
tag = [ { if = "!is_empty(ip) && location == 'tcp'", then = "'RBL_BLOCKLISTDE'" },
{ if = "!is_empty(ip)", then = "'RECEIVED_BLOCKLISTDE'" },
{ else = false } ]
scope = "ip"
[spam-filter.dnsbl.server.STWT_DNSWL_IP]
enable = true
zone = "ip_reverse + '.list.dnswl.org'"
tag = [ { if = "octets[0] != 127", then = "false" },
{ if = "octets[3] == 0", then = "'RCVD_IN_DNSWL_NONE'" },
{ if = "octets[3] == 1", then = "'RCVD_IN_DNSWL_LOW'" },
{ if = "octets[3] == 2", then = "'RCVD_IN_DNSWL_MED'" },
{ if = "octets[3] == 3", then = "'RCVD_IN_DNSWL_HI'" },
{ if = "octets[3] == 255", then = "'DNSWL_BLOCKED'" },
{ else = false } ]
scope = "ip"
[spam-filter.dnsbl.server.STWT_DBL_SPAMHAUS_DOMAIN]
enable = true
zone = "value + '.dbl.spamhaus.org'"
tag = [ { if = "octets[0] != 127", then = "false" },
{ if = "octets[3] == 2", then = "'DBL_SPAM'" },
{ if = "octets[3] == 4", then = "'DBL_PHISH'" },
{ if = "octets[3] == 5", then = "'DBL_MALWARE'" },
{ if = "octets[3] == 6", then = "'DBL_BOTNET'" },
{ if = "octets[3] == 102", then = "'DBL_ABUSE'" },
{ if = "octets[3] == 103", then = "'DBL_ABUSE_REDIR'" },
{ if = "octets[3] == 104", then = "'DBL_ABUSE_PHISH'" },
{ if = "octets[3] == 105", then = "'DBL_ABUSE_MALWARE'" },
{ if = "octets[3] == 106", then = "'DBL_ABUSE_BOTNET'" },
{ if = "octets[3] == 254", then = "'DBL_BLOCKED_OPENRESOLVER'" },
{ if = "octets[3] == 255", then = "'DBL_BLOCKED'" },
{ else = false } ]
scope = "domain"
[spam-filter.dnsbl.server.STWT_SURBL_DOMAIN]
enable = true
zone = "value + '.multi.surbl.org'"
tag = [ { if = "octets[3] == 128", then = "'CRACKED_SURBL'" },
{ if = "octets[3] == 64", then = "'ABUSE_SURBL'" },
{ if = "octets[3] == 32", then = "'CT_SURBL'" },
{ if = "octets[3] == 18", then = "'MW_SURBL_MULTI'" },
{ if = "octets[3] == 8", then = "'PH_SURBL_MULTI'" },
{ if = "octets[3] == 4", then = "'DM_SURBL'" },
{ if = "octets[3] == 1", then = "'SURBL_BLOCKED'" },
{ else = false } ]
scope = "domain"
[spam-filter.dnsbl.server.STWT_URIBL_DOMAIN]
enable = true
zone = "value + '.multi.uribl.com'"
tag = [ { if = "octets[3] == 1", then = "'URIBL_BLOCKED'" },
{ if = "octets[3] == 2", then = "'URIBL_BLACK'" },
{ if = "octets[3] == 4", then = "'URIBL_GREY'" },
{ if = "octets[3] == 8", then = "'URIBL_RED'" },
{ else = false } ]
scope = "domain"
[spam-filter.dnsbl.server.STWT_SEM_URIBL]
enable = true
zone = "value + '.uribl.spameatingmonkey.net'"
tag = [ { if = "ip == '127.0.0.2'", then = "'SEM_URIBL'" },
{ else = false } ]
scope = "domain"
[spam-filter.dnsbl.server.STWT_SEM_URIBL_FRESH15]
enable = true
zone = "value + '.fresh15.spameatingmonkey.net'"
tag = [ { if = "ip == '127.0.0.2'", then = "'SEM_URIBL_FRESH15'" },
{ else = false } ]
scope = "domain"
[spam-filter.dnsbl.server.STWT_DWL_DNSWL_DOMAIN]
enable = true
zone = [ { if = "location == 'dkim_pass'", then = "value + '.dwl.dnswl.org'" },
{ else = false } ]
tag = [ { if = "octets[0] != 127", then = "false" },
{ if = "octets[3] == 0", then = "'DWL_DNSWL_NONE'" },
{ if = "octets[3] == 1", then = "'DWL_DNSWL_LOW'" },
{ if = "octets[3] == 2", then = "'DWL_DNSWL_MED'" },
{ if = "octets[3] == 3", then = "'DWL_DNSWL_HI'" },
{ if = "octets[3] == 255", then = "'DWL_DNSWL_BLOCKED'" },
{ else = false } ]
scope = "domain"
[spam-filter.dnsbl.server.STWT_MSBL_EBL_EMAIL]
enable = true
zone = "hash(email, 'sha1') + '.ebl.msbl.org'"
tag = [ { if = "octets[0] != 127", then = "false" },
{ if = "octets[2] == 0 && (octets[3] == 2 || octets[3] == 3)", then = "'MSBL_EBL'" },
{ if = "octets[2] == 1 && (octets[3] == 2 || octets[3] == 3)", then = "'MSBL_EBL_GREY'" },
{ else = false } ]
scope = "email"
[spam-filter.dnsbl.server.STWT_SURBL_HASHBL_DOMAIN]
enable = true
zone = [ { if = "key_exists('surbl-hashbl', host)", then = "hash(host + path, 'md5') + '.hashbl.surbl.org'" },
{ else = false } ]
tag = [ { if = "octets[0] != 127", then = "false" },
{ if = "octets[3] == 8", then = "'SURBL_HASHBL_PHISH'" },
{ if = "octets[3] == 16", then = "'SURBL_HASHBL_MALWARE'" },
{ if = "octets[3] == 64", then = "'SURBL_HASHBL_ABUSE'" },
{ if = "octets[3] == 128", then = "'SURBL_HASHBL_CRACKED'" },
{ if = "octets[2] == 1", then = "'SURBL_HASHBL_EMAIL'" },
{ else = false } ]
scope = "url"