#
# statistics.conf.sample
# version 1.01, 11-16-08, michael@bizsystems.com
#
my $conf = {
#
## additional KEYS may be included with an INCLUDE statement of the form:
#
# INCLUDE => 'path/to/file.conf',
#
# this file may include an INCLUDE statement, as may the next, etc...
#
#
# Directory to store PID file
#
PIDdir => '/var/run',
# Source files for IP addresses.
# Format:
# - blank lines are ignored
# - lines beginning with "#" or "[white space] #" are ignored
# - lines containg dot quad IP addresses are parsed for
# the address. i.e ddd.ddd.ddd.ddd
#
# Spec may be a scalar filename or an array of scalars
# i.e. '/some/file/name' or ['file1','file2','etc...']
#
FILES => ['local/allips.txt','local/n3allips.txt'],
# A multi-formated array of IP address that will never be tarpitted.
#
# WARNING: if you are using a private network, then you should include the
# address description for the net/subnets that you are using or you might
# find your DMZ or internal mail servers blocked since many DNSBLS list the
# private network addresses as BLACKLISTED
#
# 127./8, 10./8, 172.16/12, 192.168/16
#
# class A xxx.0.0.0/8 255.0.0.0
# class B xxx.xxx.0.0/16 255.255.0.0
# class C xxx.xxx.xxx.0/24 255.255.255.0
# 128 subnet xxx.xxx.xxx.xxx/25 255.255.255.128
# 64 subnet xxx.xxx.xxx.xxx/26 255.255.255.192
# 32 subnet xxx.xxx.xxx.xxx/27 255.255.255.224
# 16 subnet xxx.xxx.xxx.xxx/28 255.255.255.240
# 8 subnet xxx.xxx.xxx.xxx/29 255.255.255.248
# 4 subnet xxx.xxx.xxx.xxx/30 255.255.255.252
# 2 subnet xxx.xxx.xxx.xxx/31 255.255.255.254
# single address xxx.xxx.xxx.xxx/32 255.255.255.255
#
'IGNORE' => [ # permanent whitelist
# # a single address
# '11.22.33.44',
# # a range of ip's, ONLY VALID WITHIN THE SAME CLASS 'C'
# '22.33.44.55 - 22.33.44.65',
# # a CIDR range
# '5.6.7.16/28',
# # a range specified with a netmask
# '7.8.9.128/255.255.255.240',
#
# # you may want these
# '10.0.0.0/8',
# '172.16.0.0/12',
# '192.168.0.0/16',
# this should ALWAYS be here
'127.0.0.0/8', # ignore all test entries and localhost
],
# This configuration parameter is OPTIONAL as are its parameters.
# This is an AGGRESSIVE spam fighting measure. If present a test
# for GENERIC PTR records is performed to see if the returned PTR
# record matches any of the match array regexp's
#
# The parameters:
#
# ignore => [ an array of regular expressions to ignore
# before testing 'regexp', case insensitive
# ],
#
# regexp => [ an array of regular expressions that are considered
# to mark the PTR record as "generic" BE CAREFUL!
# case insensitive
# ],
#
# OPTIONAL
'GENERIC' => {
ignore => [
'dsl-only',
],
regexp => [ # test for these regular expression (case insensitive)
'\d+[a-zA-Z_\-\.]\d+[a-zA-Z_\-\.]\d+[a-zA-Z_\-\.]\d+|\d{12}',
# 180.Red-80-34-112.staticIP.rima-tde.net
# ip-90.net-89-3-110.rev.numericable.fr
# 216.subnet125-161-2.speedy.telkom.net.id
# 122.sub-75-199-30.myvzw.com
'\d+\.(?i:sub|subnet|net|Red)\-?\d+[a-zA-Z_\-\.]\d+[a-zA-Z_\-\.]\d+',
# athedsl-07371.home.otenet.gr
'athedsl-\d+',
# i59F4FA6C.versanet.de
'i5[93][0-9a-fA-F]+\.versa',
# 5aca3a11.bb.sky.com
'5ac[a-f0-9]+.+sky',
# bd049dda.virtua.com.br
'bd[a-f0-9]+.virtua\.com',
# 96.29.broadband7.iol.cz
'\d+\.\d+\.broadband',
# 10001260969.0000027323.acesso.oni.pt
'\d{11}\.\d{10}\.acesso',
# c951b999.virtua.com.br
'c[0-9a-f]{4,}\.virtua',
# u15271157.onlinehome-server.com
# s218047990.onlinehome.us
'(?:(u|s))\d+\.onlinehome',
# d193-24-154.home3.cgocable.net
'd\d+-\d+-\d+\.home\d+\.cgocable',
# CableLink167-178.telefonia.InterCable.net
'CableLink\d+-\d+\.tele',
# ner-as30564.alshamil.net.ae
# dxb-as76197.alshamil.net.ae
# auh-as43491.alshamil.net.ae
'(?:(auh|dxb|ner))-as\d+\.alshamil',
# p2175-ipbf516souka.saitama.ocn.ne.jp
# p2087-ipbfp701kobeminato.hyogo.ocn.ne.jp
# p4084-ipbfp502kyoto.kyoto.ocn.ne.jp
'p\d+-ipbf.+\.ne\.jp',
# 'dynamic',
],
# number of seconds to wait before declaring DNS response 'timed out'
# default is 30 seconds
# [OPTIONAL]
# NOTE: overwritten by the timeout in 'in-addr.arpa' zone if present
timeout => 15,
# comment to add to report output
# [OPTIONAL]
comment => 'anonymous mail system, generic PTR',
# href link for name 'GENERIC' in web reporting format
# [OPTIONAL]
# url => 'html://my.host.com/generic_description.html',
},
# FOR A COMPREHENSIVE LIST OF ALL DNSBL ZONES, SEE:
# http://www.openrbl.org
# click "zones"
#
# all dnsbl servers must have a record a config entry as follows:
#
# 'zone.name' => {
# acceptany => 'comment - treat any response as valid',
# # or
# accept => { # a list of codes that are ok to add to tarpit from this DNSBL
# '127.0.0.2' => 'reason',
# '127.0.0.3' => 'reason',
# },
#
#
# response => '127.0.0.3', # optional, our default response code for records
# # added because of queries to this DNSBL server
# # this code will be ignored if it is < 127.0.0.3
# # and 127.0.0.3 will be used in its place
#
# error message to use with this host.
# NOTE: if the DNSBL supplies a TXT record and it contains the string "http://something..." or
# "www.something..." then that will be use for the error string for the matching A record.
# Otherwise, the error string below will be appended to the whatever TXT is returned by the
# DNSBL. If no TXT is returned, then the "reason" code from the "accept" line for the matching
# 127.0.0.X code will be use and the error code below will be appended.
#
# timeout => 30, # default seconds to wait for dnsbl query to timeout
# WARNING!! The default timeout in sendmail for DNS queries is "5 seconds"
# If this configuration is used with Net::DNSBL::MultiDaemon it is
# recommended that the timeouts here be set to 5 seconds and that the
# timeout parameter in the SENDMAIL m4 configuration build file for lookups be
# extended to at least 15 seconds -- particularly if you invoke reverse lookups
# with the in-addr.arpa parameter below.
#
# define(`confTO_RESOLVER_RETRANS_FIRST', `15s')dnl
# or
# define(`confTO_RESOLVER_RETRANS', `15s')dnl
#
# see: http://www.sendmail.org/m4/tweaking_config.html
#
# Similar precautions must be taken for other MTA's
#
#
# comment to add to report output
# [OPTIONAL]
#
# comment => '127.0.0.2, 127.0.0.3',
#
# href link for name 'zone.name' in web reporting format
# [OPTIONAL]
#
# url => 'html://www.zone.name/index.html',
#
# To check that ip addresses have some kind of reverse DNS entry, add a zone
# for in-addr.arpa as shown below. You must have reverse DNS entries for
# ip blocks 127, 10, 172, 192 or use the IGNORE blocks above to prevent
# rejects for these address blocks as they DO NOT HAVE worldwide RDNS
'in-addr.arpa' => { # check for lack of reverse DNS
# accept is not needed for reverse DNS checking
timeout => 5,
comment => 'missing PTR record = 127.0.0.2',
},
# working, sample file entries
'bl.spamcannibal.org' => {
accept => {
'127.0.0.2' => 'rejected host',
},
timeout => 5,
comment => '127.0.0.2 = listed IP',
url => 'http://www.spamcannibal.org/',
},
'bogons.cymru.com' => { # see http://www.cymru.com/Bogons/#dns
accept => { # list of codes for which we tarpit
'127.0.0.2' => 'bogon',
},
timeout => '30',
comment => '127.0.0.2 = bogon',
url => 'http://www.cymru.com/Bogons/#dns',
},
'dnsbl.sorbs.net' => { # see http://www.dnsbl.sorbs.net/using.html
# acceptany => 'comment - treat any response as valid',
# or
accept => { # list of codes for which we tarpit
'127.0.0.2' => 'open http proxie',
'127.0.0.3' => 'open socks proxie',
'127.0.0.4' => 'open proxy server',
'127.0.0.5' => 'open smtp relay',
# '127.0.0.6' => 'spam supporting ISP',
'127.0.0.7' => 'open web - form mail servers',
'127.0.0.8' => 'blocked hosts',
'127.0.0.9' => 'zombie - hijacked netblock',
'127.0.0.10' => 'dynamic address range',
'127.0.0.11' => 'bad config -- MX or A records inaccurate',
'127.0.0.12' => 'no mail ever sent from these domains',
},
timeout => '15',
comment => '127.0.0.2,3,4,5,7,8,9,10,11,12',
url => 'http://www.dnsbl.sorbs.net/using.shtml',
},
'dnsbl.njabl.org' => { # see http://dnsbl.njabl.org/use.html
accept => { # list of codes for which we tarpit
'127.0.0.2' => 'open relays',
'127.0.0.3' => 'dial-up/dynamic IP ranges',
'127.0.0.4' => 'spam sources',
'127.0.0.5' => 'multi-stage openrelay',
'127.0.0.8' => 'open web - form mail servers',
'127.0.0.9' => 'open proxy servers',
},
timeout => '15',
comment => '127.0.0.2,3,4,5,8,9',
url => 'http://dnsbl.njabl.org/use.html',
},
'cbl.abuseat.org' => { # see http://cbl.abuseat.org
accept => {
'127.0.0.2' => '',
},
timeout => '15',
comment => 'rejected IP = 127.0.0.2',
url => 'http://cbl.abuseat.org/',
},
'zen.spamhaus.org' => { # see http://www.spamhaus.org
accept => {
'127.0.0.2' => '',
},
timeout => '15',
comment => 'rejected IP = 127.0.0.2',
url => 'http://www.spamhaus.org/',
},
'list.dsbl.org' => { # see http://dsbl.org
accept => {
'127.0.0.2' => '',
},
timeout => '15',
comment => 'rejected IP = 127.0.0.2',
url => 'http://dsbl.org/',
},
# OPTIONAL import parameter, import these keys from this file
#
# NOTE: import values will add to and overwrite keys that
# are already in this array
#
# IMPORT => {
# FILE => '/usr/local/spamcannibal/config/sc_BlackList.conf',
#
# regular expression that describes the keys to import
# KEYexp => 'GENERIC|IGNORE|[0-9a-zA-Z]+\.[0-9a-zA-Z]+',
# },
};