The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.
MIKER / Net-DNSBL-Statistics-0.13 / statistics.conf.example 
#
# statistics.conf.sample
# version 1.01,	11-16-08,	michael@bizsystems.com
#
my $conf = {
#
## additional KEYS may be included with an INCLUDE statement of the form:
#
#  INCLUDE => 'path/to/file.conf',
#
#  this file may include an INCLUDE statement, as may the next, etc...
#
#
# Directory to store PID file
#
	PIDdir		=> '/var/run',

# Source files for IP addresses.
# Format:
#	- blank lines are ignored
#	- lines beginning with "#" or "[white space] #" are ignored
#	- lines containg dot quad IP addresses are parsed for
#	  the address. i.e ddd.ddd.ddd.ddd
#
# Spec may be a scalar filename or an array of scalars
# i.e. '/some/file/name'  or ['file1','file2','etc...']
#
	FILES		=> ['local/allips.txt','local/n3allips.txt'],

# A multi-formated array of IP address that will never be tarpitted.
#
# WARNING: if you are using a private network, then you should include the 
# address description for the net/subnets that you are using or you might
# find your DMZ or internal mail servers blocked since many DNSBLS list the
# private network addresses as BLACKLISTED
#
#       127./8, 10./8, 172.16/12, 192.168/16
#
#       class A         xxx.0.0.0/8		255.0.0.0
#       class B         xxx.xxx.0.0/16		255.255.0.0
#       class C         xxx.xxx.xxx.0/24	255.255.255.0
#       128 subnet      xxx.xxx.xxx.xxx/25	255.255.255.128
#        64 subnet      xxx.xxx.xxx.xxx/26	255.255.255.192
#        32 subnet      xxx.xxx.xxx.xxx/27	255.255.255.224
#        16 subnet      xxx.xxx.xxx.xxx/28	255.255.255.240
#         8 subnet      xxx.xxx.xxx.xxx/29	255.255.255.248
#         4 subnet      xxx.xxx.xxx.xxx/30	255.255.255.252
#         2 subnet      xxx.xxx.xxx.xxx/31	255.255.255.254
#       single address  xxx.xxx.xxx.xxx/32	255.255.255.255
#
  'IGNORE'      => [		# permanent whitelist
#           # a single address
#       '11.22.33.44',
#           # a range of ip's, ONLY VALID WITHIN THE SAME CLASS 'C'
#       '22.33.44.55 - 22.33.44.65',
#           # a CIDR range
#       '5.6.7.16/28',
#           # a range specified with a netmask
#       '7.8.9.128/255.255.255.240',
# 
#	    # you may want these
#	'10.0.0.0/8',
#	'172.16.0.0/12',
#	'192.168.0.0/16',

            # this should ALWAYS be here
        '127.0.0.0/8',  # ignore all test entries and localhost
  ],

# This configuration parameter is OPTIONAL as are its parameters.
# This is an AGGRESSIVE spam fighting measure. If present a test 
# for GENERIC PTR records is performed to see if the returned PTR 
# record matches any of the match array regexp's
#
# The parameters:
#
# ignore => [	an array of regular expressions to ignore 
#		before testing 'regexp', case insensitive
#	],
#
# regexp => [	an array of regular expressions that are considered
#		to mark the PTR record as "generic" BE CAREFUL!
#		case insensitive
#	],
#
# OPTIONAL

  'GENERIC'	=> {
	ignore	  => [
		'dsl-only',
	],
	regexp	  => [	# test for these regular expression (case insensitive)
		'\d+[a-zA-Z_\-\.]\d+[a-zA-Z_\-\.]\d+[a-zA-Z_\-\.]\d+|\d{12}',
	# 180.Red-80-34-112.staticIP.rima-tde.net
	# ip-90.net-89-3-110.rev.numericable.fr
	# 216.subnet125-161-2.speedy.telkom.net.id
	# 122.sub-75-199-30.myvzw.com
		'\d+\.(?i:sub|subnet|net|Red)\-?\d+[a-zA-Z_\-\.]\d+[a-zA-Z_\-\.]\d+',
	# athedsl-07371.home.otenet.gr
		'athedsl-\d+',
	# i59F4FA6C.versanet.de
		'i5[93][0-9a-fA-F]+\.versa',
	# 5aca3a11.bb.sky.com
		'5ac[a-f0-9]+.+sky',
	# bd049dda.virtua.com.br
		'bd[a-f0-9]+.virtua\.com',
	# 96.29.broadband7.iol.cz
		'\d+\.\d+\.broadband',
	# 10001260969.0000027323.acesso.oni.pt
		'\d{11}\.\d{10}\.acesso',
	# c951b999.virtua.com.br
		'c[0-9a-f]{4,}\.virtua',
	# u15271157.onlinehome-server.com
	# s218047990.onlinehome.us
		'(?:(u|s))\d+\.onlinehome',
	# d193-24-154.home3.cgocable.net
		'd\d+-\d+-\d+\.home\d+\.cgocable',
	# CableLink167-178.telefonia.InterCable.net
		'CableLink\d+-\d+\.tele',
	# ner-as30564.alshamil.net.ae
	# dxb-as76197.alshamil.net.ae
	# auh-as43491.alshamil.net.ae
		'(?:(auh|dxb|ner))-as\d+\.alshamil',
	# p2175-ipbf516souka.saitama.ocn.ne.jp
	# p2087-ipbfp701kobeminato.hyogo.ocn.ne.jp
	# p4084-ipbfp502kyoto.kyoto.ocn.ne.jp
		'p\d+-ipbf.+\.ne\.jp',
#		'dynamic',
	],
# number of seconds to wait before declaring DNS response 'timed out'
# default is 30 seconds
# [OPTIONAL]
# NOTE: overwritten by the timeout in 'in-addr.arpa' zone if present

	timeout	=> 15,

# comment to add to report output
# [OPTIONAL]

	comment => 'anonymous mail system, generic PTR',

# href link for name 'GENERIC' in web reporting format
# [OPTIONAL]

#	url	=> 'html://my.host.com/generic_description.html',

  },

# FOR A COMPREHENSIVE LIST OF ALL DNSBL ZONES, SEE:
#	http://www.openrbl.org
# click "zones"
#
# all dnsbl servers must have a record a config entry as follows:
#
# 'zone.name'	=> {
#	acceptany   => 'comment - treat any response as valid',
#    # or
#	accept	    => {	# a list of codes that are ok to add to tarpit from this DNSBL
#	 	'127.0.0.2' => 'reason',
#		'127.0.0.3' => 'reason',
#	},
#
#
#	response    => '127.0.0.3',		# optional, our default response code for records
#						# added because of queries to this DNSBL server
#						# this code will be ignored if it is < 127.0.0.3
#						# and 127.0.0.3 will be used in its place
#
#  error message to use with this host. 
#  NOTE: if the DNSBL supplies a TXT record and it contains the string "http://something..." or 
#  "www.something..." then that will be use for the error string for the matching A record. 
#  Otherwise, the error string below will be appended to the whatever TXT is returned by the 
#  DNSBL. If no TXT is returned, then the "reason" code from the "accept" line for the matching 
#  127.0.0.X code will be use and the error code below will be appended.
#
#	timeout	    => 30,	# default seconds to wait for dnsbl query to timeout

# WARNING!!     The default timeout in sendmail for DNS queries is "5 seconds"
#		If this configuration is used with Net::DNSBL::MultiDaemon it is
#		recommended that the timeouts here be set to 5 seconds and that the
#		timeout parameter in the SENDMAIL m4 configuration build file for lookups be
#		extended to at least 15 seconds -- particularly if you invoke reverse lookups
#		with the in-addr.arpa parameter below.
#
#	define(`confTO_RESOLVER_RETRANS_FIRST', `15s')dnl
#	  or
#	define(`confTO_RESOLVER_RETRANS', `15s')dnl
#
#	see: http://www.sendmail.org/m4/tweaking_config.html
#
#	Similar precautions must be taken for other MTA's
#
#
# comment to add to report output
# [OPTIONAL]
#
#	comment => '127.0.0.2, 127.0.0.3',
#
# href link for name 'zone.name' in web reporting format
# [OPTIONAL]
#
#	url	=> 'html://www.zone.name/index.html',
#
# To check that ip addresses have some kind of reverse DNS entry, add a zone
# for in-addr.arpa as shown below. You must have reverse DNS entries for    
# ip blocks 127, 10, 172, 192 or use the IGNORE blocks above to prevent     
# rejects for these address blocks as they DO NOT HAVE worldwide RDNS       

  'in-addr.arpa'	=> {    # check for lack of reverse DNS
  # accept is not needed for reverse DNS checking
	timeout		=> 5,
	comment	 	=> 'missing PTR record = 127.0.0.2',
 },

# working, sample file entries

  'bl.spamcannibal.org'	=> {
	accept	=> {
		'127.0.0.2'  => 'rejected host',
	},
	timeout		=> 5,
	comment		=> '127.0.0.2 = listed IP',
	url		=> 'http://www.spamcannibal.org/',
  },
  'bogons.cymru.com'	=> {	# see http://www.cymru.com/Bogons/#dns
	accept	=> {    # list of codes for which we tarpit
		'127.0.0.2'  => 'bogon',
	},
	timeout		=> '30',
	comment		=> '127.0.0.2 = bogon',
	url		=> 'http://www.cymru.com/Bogons/#dns',
  },

  'dnsbl.sorbs.net'	=> {	# see http://www.dnsbl.sorbs.net/using.html
#	acceptany   => 'comment - treat any response as valid',
#    or
	accept	=> {	# list of codes for which we tarpit
		'127.0.0.2'  =>	'open http proxie',
		'127.0.0.3'  =>	'open socks proxie',
		'127.0.0.4'  =>	'open proxy server',
		'127.0.0.5'  =>	'open smtp relay',
#		'127.0.0.6'  =>	'spam supporting ISP',
		'127.0.0.7'  =>	'open web - form mail servers',
		'127.0.0.8'  =>	'blocked hosts',
		'127.0.0.9'  =>	'zombie - hijacked netblock',
		'127.0.0.10' =>	'dynamic address range',
		'127.0.0.11' =>	'bad config -- MX or A records inaccurate',
		'127.0.0.12' =>	'no mail ever sent from these domains',
  	},
	timeout		=> '15',
	comment		=> '127.0.0.2,3,4,5,7,8,9,10,11,12',
	url		=> 'http://www.dnsbl.sorbs.net/using.shtml',
  },

  'dnsbl.njabl.org'	=> {	# see http://dnsbl.njabl.org/use.html
	accept	=> {	# list of codes for which we tarpit
		'127.0.0.2'  =>	'open relays',
		'127.0.0.3'  =>	'dial-up/dynamic IP ranges',
		'127.0.0.4'  =>	'spam sources',
		'127.0.0.5'  =>	'multi-stage openrelay',
		'127.0.0.8'  =>	'open web - form mail servers',
		'127.0.0.9'  =>	'open proxy servers',
	},
	timeout		=> '15',
	comment		=> '127.0.0.2,3,4,5,8,9',
	url		=> 'http://dnsbl.njabl.org/use.html',
  },

  'cbl.abuseat.org'	=> {	# see http://cbl.abuseat.org
	accept  => {
		'127.0.0.2' => '',
	},
	timeout		=> '15',
	comment		=> 'rejected IP = 127.0.0.2',
	url		=> 'http://cbl.abuseat.org/',
  },

  'zen.spamhaus.org'	=> {	# see http://www.spamhaus.org
	accept	=> {
		'127.0.0.2' => '',
	},
	timeout		=> '15',
	comment		=> 'rejected IP = 127.0.0.2',
	url		=> 'http://www.spamhaus.org/',
  },

  'list.dsbl.org'       => {    # see http://dsbl.org
	accept => {
		'127.0.0.2' => '', 
	},
	timeout		=> '15',
	comment		=> 'rejected IP = 127.0.0.2',
	url		=> 'http://dsbl.org/',
  },

# OPTIONAL import parameter, import these keys from this file
#
# NOTE:	import values will add to and overwrite keys that 
#	are already in this array
#
#  IMPORT	=> {
#	FILE	=> '/usr/local/spamcannibal/config/sc_BlackList.conf',
#
#	regular expression that describes the keys to import
#	KEYexp	=> 'GENERIC|IGNORE|[0-9a-zA-Z]+\.[0-9a-zA-Z]+',
#  },
};