#
# sc_BlackList.conf, multi_dnsbl.conf
# Configuration for sc_BLcheck.pl, sc_BLpreen.pl, and Net::DNSBL::MultiDaemon
#
# version 1.03, 6-14-13
#
my $DNSBL = {

## additional KEYS may be included with an INCLUDE statement of the form:
#
#  INCLUDE => 'path/to/file.conf',
#
#  this file may include an INCLUDE statement, as may the next, etc...
#
#
## Net::DNSBL::MultiDaemon parameters

# the OPTIONAL name of a file that will contain 'hit' statistics for DNSBLS
# this file will be used to seed the sort order of DNSBL checking if it is
# present and will be updated with the 'added' counts of each run. If it
# is deleted, it will be recreated with a new time tag at the beginning.
#
  MDstatfile      => '/usr/local/spamcannibal/mdstats.txt',

# The path for the directory where the pid file will live
#
  MDpidpath       => '/var/run',

# The zone name for this PSEUDO DNSBL
#
  MDzone          => 'pseudo.dnsbl',

###### The following optional configuration parameters
###### are shown with their default values
#
# Update frequency for the "stats" file, no
# update occurs if there is no new information
#
#  MDstatrefresh => 300,        # seconds
# The IPaddress that the daemon will listen on.
# The default will listen on ALL interfaces,   
# this is probably not what you want. A more   
# suitable value for co-installation with bind 
# on the same host would be 127.0.0.1
#
  MDipaddr        => '127.0.0.1',

# The port that the daemon will listen on
#
  MDport         => 12153,

# Syslog facility. Specify one of:
# LOG_EMERG LOG_ALERT LOG_CRIT LOG_ERR LOG_WARNING LOG_NOTICE LOG_INFO LOG_DEBU
#
  MDsyslog        => 'LOG_ERR',

# DNSBL lookup cache, uses the TTL provided by the lookup DNSBL
# this is only useful for STANDALONE operation. When used as
# an add-on to BIND, BIND will provide the caching
# cache size below 10000 will default to 10000.  
# suggested cache size 20,000 to 50,000
# each cache entry takes about 400 bytes
#
#  MDcache         => 10000,

# Do rhbl lookups only, default false
# all other rejection classes are disabled, IGNORE, BLOCK, BBC, in-addr.arpa
# RHBL need only be "true" for operation. If OPTIONAL URBL conditioning
# is needed, then the parameters in the has must be added
  RHBL 	=> {	# optional URBL preparation
	urblwhite => [
		'/path/to/cached/whitefile',
		'/path/to/local/file'	# see format of spamassassin file
	],
	urblblack => [
		'/path/to/local/blacklist'
	],
# NOTE: level 3 tld's should be first before level 2 tld's
	urbltlds  => [
		'/path/to/cached/tld3file',
		'/path/to/cached/tld2file'
	],
	urlwhite  => [
		'http://spamassasin.googlecode.com/svn-history/r6/trunk/share/spamassassin/25_uribl.cf',
		'/path/to/cached/whitefile'
	],
	urltld3   => [
		'http://george.surbl.org/three-level-tlds',
		'/path/to/cached/tld3file'
	],
	urltld2   => [
		'http://george.surbl.org/two-level-tlds',
		'/path/to/cached/tld2file'
	],
  },

# FOR A COMPREHENSIVE LIST OF ALL DNSBL ZONES, SEE:
#	http://www.openrbl.org
# click "zones"
#
# all dnsbl servers must have a record a config entry as follows:
#
# 'zone.name'	=> {
	acceptany   => 'comment - treat any response as valid',
#    # or
#	accept	    => {	# a list of codes that are ok to add to tarpit from this DNSBL
#	 	'127.0.0.2' => 'reason',
#		'127.0.0.3' => 'reason',
#	},
#
#  WARNING !!! DO NOT USE THIS OPTION WITH DNSBL HOSTS THAT REPORT TARPIT ACTIVITY
#
#	confirm     => 1,			# optional, confirmation of acceptance of non - 127.0.0.2 codes
#
#	response    => '127.0.0.3',		# optional, our default response code for records
#						# added because of queries to this DNSBL server
#						# this code will be ignored if it is < 127.0.0.3
#						# and 127.0.0.3 will be used in its place
#
#  error message to use with this host. 
#  NOTE: if the DNSBL supplies a TXT record and it contains the string "http://something..." or 
#  "www.something..." then that will be use for the error string for the matching A record. 
#  Otherwise, the error string below will be appended to the whatever TXT is returned by the 
#  DNSBL. If no TXT is returned, then the "reason" code from the "accept" line for the matching 
#  127.0.0.X code will be use and the error code below will be appended.
#
#  If the error string ending matches /\?.+=$/ or /\?$/
#  then the offending IP address will be automagically added
#
#	error	    => 'IP address blocked, see http://www.somehost.com?ip=',
#
#	expire	    => '7d',	# optional default expiration if DNSBL can not be reached
#				# may be specified in any combination of seconds, minutes, hours, days, weeks
#				#  i.e. 604800 or 604800s, 10080m, 168h
#				#	1w 3d
#
#	timeout	    => 30,	# default seconds to wait for dnsbl query to timeout

# WARNING!!     The default timeout in sendmail for DNS queries is "5 seconds"
#		If this configuration is used with Net::DNSBL::MultiDaemon it is
#		recommended that the timeouts here be set to 5 seconds and that the
#		timeout parameter in the SENDMAIL m4 configuration build file for lookups be
#		extended to at least 15 seconds -- particularly if you invoke reverse lookups
#		with the in-addr.arpa parameter below.
#
#	define(`confTO_RESOLVER_RETRANS_FIRST', `15s')dnl
#	  or
#	define(`confTO_RESOLVER_RETRANS', `15s')dnl
#
#	see: http://www.sendmail.org/m4/tweaking_config.html
#
#	Similar precautions must be taken for other MTA's
#

# list of RHBL's here: http://spamlinks.net/filter-dnsbl-lists.htm
 
# working, sample file entries


#127.0.1.2	 	spam domain
#127.0.1.3 		spammed redirector domain
#127.0.1.4-.19 		spam domain (future use)
#127.0.1.20-.39 	phish domain (future use)
#127.0.1.40-.59 	malware domain (future use)
#127.0.1.255 		IP queries prohibited!

# test as: dbltest.com.dbl.spamhaus.org
#
  'dbl.spamhaus.org'	=> {	# see http://www.spamhaus.org/dbl/
#	acceptany	=>	'any response is valid',
# or accept a subset
	accept		=> {
#		each IP must go in one at a time
		'127.0.1.2'	=>	'spam domain',
		'127.0.1.3'	=>	'spammed redirector domain',
#		'127.0.1.4-.19'          spam domain (future use)
#		'127.0.1.20-.39'         phish domain (future use) 
#		'127.0.1.40-.59'         malware domain (future use)
#		'127.0.1.255'            IP queries prohibited!
	},
	error		=> 'listed in dsb.spamhouse.org',
	expire		=> '5d',
	timeout		=> '15',
	comment		=> '127.0.1.2 -> 127.0.1.255',
	url		=> 'http://www.spamhaus.org/dbl/',
  },

# test as: test.surbl.org.multi.surbl.org
#
  'multi.surbl.org'	=> {	# see surbl.org
  # set multi.surbl.org bit mask
  #     2 = comes from SC
  #     4 = comes from WS
  #     8 = comes from PH
  #     16 = comes from OB (OB is deprecated as of 22 October 2012.)
  #     16 = comes from MW (MW active as of 1 May 2013.)
  #     32 = comes from AB
  #     64 = comes from JP
	acceptmask	=> 0xDE,
  # mark as URBL
	urbl		=> 1,
	error		=> 'listed in multi.surbl.org',
	expire		=> '5d',
	timeout		=> '15',
	comment		=> '127.0.1.1 -> 127.0.1.255',
	url		=> 'http://surbl.org/',
  },

# testpoints (2.0.0.127 and test.uribl.com) are the 
# only items that are cross listed
# test as: test.uribl.com.multi.uribl.com
#
  'multi.uribl.com'	=> {	# see www.uribl.com
  # set multi.uribl.com bit mask
  #	1   00000001  Query blocked, possibly due to high volume
  #	2   00000010  black
  #	4   00000100  grey
  #	8   00001000  red
  #	14  00001110  black,grey,red (for testpoints)
	acceptmask	=> 0x2,
  # do NOT mark as URBL
	error		=> 'listed in multi.urbl.com',
	expire		=> '5d',
	timeout		=> '15',
	comment		=> '127.0.1.1 -> 127.0.1.255',
	url		=> 'http://www.uribl.com/',
  },

# rhbl list http://spamlinks.net/filter-dnsbl-lists.htm#domain
# potential, contact before using
# rhsbl.ahbl.org
};