pmcfernandes · January 23, 2015 22:00
diff --git a/sendmail.cf b/sendmail.cf
 ####
 ## The Anti-Spam and general blocking stuff
 ####

 ## The NDBM file used for the blocking rulesets
 KSpam dbm -o /usr/local/mail/maps/AntiSpam

 ## Web page for info on the rulesets
 D{WebPage}" - see http://www.bpfh.net/spam/"

 ####
 ## Handle the -bt mode for rules which use $| as a separator. We need
 ## this as can't put in $| when using -bt.
 ##
 ##  % sendmail -bt -d21.12
 ##  ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
 ##  Enter <ruleset> <address>
 ##  > Start,check_compat <sender> $| <recipient>
 ##
 ####
 SStart
 R$* $$| $*			$: $1 $| $2


 #####
 ###
 ### The following are the anti-spam and general blocking rules.
 ### These use a single map (currently an NDBM file) which has hosts,
 ### domains and IP addresses as its key. The values are the action
 ### to be performed on the key value. These include things like
 ### allowing relaying to a domain, if the EMail is from a spammer, etc.
 ###
 #####

 #####
 ###
 ### First we have the general utility functions used by some or all
 ### of the actual rulesets
 ###
 #####

 ####
 ## Handle the anti-spam messages in one place. This ruleset takes
 ## the message type (see comp_value) and any args. The args depend
 ## on the message type.
 ####
 SSpamMsg
 RRELAY $| $*			$#error $: " 550 we do not support relaying " $1 " " $(dequote "" $&{client_name} $) " [" $(dequote "" $&{client_addr} $) "] " $&{WebPage} " [RELAY]"
 RBLOCKED 			$#error $: " 550 Your site " $(dequote "" $&{client_name} $) " [" $(dequote "" $&{client_addr} $) "] is blocked " $&{WebPage} " [BLOCKED]"
 RSPAM_CLIENT 			$#error $: " 550 Your site " $(dequote "" $&{client_name} $) " [" $(dequote "" $&{client_addr} $) "] is blocked - use your ISP provided relay " $&{WebPage} " [SPAM_CLIENT]"
 RNOACCEPT			$#error $: " 550 We do not accept mail from you "$(dequote "" $&{client_name} $) " [" $(dequote "" $&{client_addr} $) "] " $&{WebPage} " [NOACCEPT]"
 RDIALUP				$#error $: " 550 We do not accept mail from you "$(dequote "" $&{client_name} $) " [" $(dequote "" $&{client_addr} $) "] as you appear to be a dialup host " $&{WebPage} " [DIALUP]"
 RSPAMMER $| $*			$#error $: " 550 We do not accept mail from spammers " $1 " " $&{WebPage} " [SPAMMER]"
 RKILL_EMAIL $| $*		$#error $: " 550 We do not accept mail from you " $1 " for a reason other than spamming " $&{WebPage} " [KILL_EMAIL]"
 RSPAM $| $*			$#error $: " 550 We do not accept mail from " $1 $(dequote "" $&{client_name} $) " [" $(dequote "" $&{client_addr} $) "] " $&{WebPage} " [SPAM]"
 RSPECIAL $| $* $| $*			$#error $: " 550 Mail from " $1 " must come from a machine in the " $2 " domain, not from " $(dequote "" $&{client_name} $) " [" $(dequote "" $&{client_addr} $) "] " $&{WebPage} " [SPECIAL]"
 RNO_DNS $| $*			$#error $: " 550 We do not accept mail from domains which do not resolve (domain: " $1 ") " $(dequote "" $&{client_name} $) " [" $(dequote "" $&{client_addr} $) "] " $&{WebPage} " [NO_DNS]"
 REXT_MAPS			$#error $: 550 " Mail from " $(dequote "" $&{client_addr} $) " refused by MAPS, see http://mail-abuse.org/cgi-bin/lookup?" $&{client_addr} " " $&{WebPage} " [EXT_MAPS]"
 REXT_MAPS_DUL			$#error $: 550 " Mail from " $(dequote "" $&{client_addr} $) " refused by MAPS DUL, see http://mail-abuse.org/dul/ " $&{WebPage} " [EXT_MAPS_DUL]"
 REXT_RSS			$#error $: 550 " Mail from " $(dequote "" $&{client_addr} $) " refused by RSS, see http://www.mail-abuse.org/cgi-bin/nph-rss?" $&{client_addr} " " $&{WebPage} " [EXT_RSS]"
 REXT_ORBS			$#error $: 550 " Mail from " $(dequote "" $&{client_addr} $) " refused by ORBS, see http://www.orbs.org/" " " $&{WebPage} " [EXT_ORBS]"
 REXT_IMRSS			$#error $: 550 " Mail from " $(dequote "" $&{client_addr} $) " refused byt IMRSS, see http://www.imrss.org/error.html " $&{WebPage} " [EXT_IMRSS]"
 REXT_DSSL			$#error $: 550 " Mail from " $(dequote "" $&{client_addr} $) " refused by IMRSS DSSL, see http://www.imrss.org/dssl/unblock.html " $&{WebPage} " [EXT_DSSL]"
 REXT_SPEWS			$#error $: 550 " Mail from " $(dequote "" $&{client_addr} $) " refused by SPEWS, see http://www.spews.org/" " " $&{WebPage} " [EXT_SPEWS]"
 REXT_SPAMSITES			$#error $: 550 " Mail from " $(dequote "" $&{client_addr} $) " refused by SpamSites, see http://www.spamsites.org/" " " $&{WebPage} " [EXT_SPAMSITES]"
 REXT_RSL			$#error $: 550 " Mail from " $(dequote "" $&{client_addr} $) " refused by RSL, see http://relays.visi.com/" " " $&{WebPage} " [EXT_RSL]"
 REXT_SBL			$#error $: 550 " Mail from " $(dequote "" $&{client_addr} $) " refused by SBL, see http://www.spamhaus.org/SBL" " " $&{WebPage} " [EXT_SBL]"
 REXT_ORDB			$#error $: 550 " Mail from " $(dequote "" $&{client_addr} $) " refused by ORDB, see http://www.ordb.org/" " " $&{WebPage} " [EXT_ORDB]"
 REXT_MONKEY_FORM			$#error $: 550 " Mail from " $(dequote "" $&{client_addr} $) " refused by Monkey FormMail, see http://www.monkeys.com/anti-spam/filtering/formmail.html" " " $&{WebPage} " [EXT_MONKEY_FORM]"
 REXT_MONKEY_PROXIES			$#error $: 550 " Mail from " $(dequote "" $&{client_addr} $) " refused by Monkey proxie list, see http://www.monkeys.com/anti-spam/filtering/proxies.html" " " $&{WebPage} " [EXT_MONKEY_PROXIES]"
 REXT_DSBL_LIST			$#error $: 550 " Mail from " $(dequote "" $&{client_addr} $) " refused by DSBL list, see http://www.dsbl.org/" " " $&{WebPage} " [EXT_DSBL_LIST]"
 REXT_DSBL_MULTIHOP			$#error $: 550 " Mail from " $(dequote "" $&{client_addr} $) " refused by DSBL multi-hop list, see http://www.dsbl.org/" " " $&{WebPage} " [EXT_DSBL_MULTIHOP]"
 RBADARGS $| $*			$#error $: 554 internal error in the $1 ruleset - contact [email protected] [BADARGS]
 R$*				$#error $: 554 internal error in the SpamMsg ruleset was passed $1 - contact [email protected] [INTERNAL ERROR]

 ####
 ## Compare values from the Anti-Spam rulesets. Yes, this *is* a
 ## kludge. If there is an easier way to do (foo == bar) then I'd
 ## like to hear it.
 ####
 Scomp_value
 RBLOCK_IP $| BLOCK_IP		$@ BLOCK_IP
 RBLOCK_HOST $| BLOCK_HOST	$@ BLOCK_HOST
 RSPAM_CLIENT $| SPAM_CLIENT	$@ SPAM_CLIENT
 RSPAM_EMAIL $| SPAM_EMAIL	$@ SPAM_EMAIL
 RSPAM_IP $| SPAM_IP		$@ SPAM_IP
 RSPAM_HOST $| SPAM_HOST		$@ SPAM_HOST
 RRELAY $| RELAY			$@ RELAY
 RNO_EXTRN $| NO_EXTRN		$@ NO_EXTRN
 RLOCAL_IP $| LOCAL_IP		$@ LOCAL_IP
 RLOCAL_HOST $| LOCAL_HOST	$@ LOCAL_HOST
 RRELAY_HOST $| RELAY_HOST	$@ RELAY_HOST
 RRELAY_IP $| RELAY_IP		$@ RELAY_IP
 RALLOW_EMAIL $| ALLOW_EMAIL	$@ ALLOW_EMAIL
 RALLOW_HOST $| ALLOW_HOST	$@ ALLOW_HOST
 RKILL_EMAIL $| KILL_EMAIL	$@ KILL_EMAIL
 R$* $| $*			$@ NO_COMPARE

 ####
 ## Handle looking at domains within the AntiSpam map. This takes the
 ## domain and the required value as domain $| value. This returns
 ## either NO_COMPARE on failure or one of the results in comp_value
 ## if a match occurs. This performs a recursive check, ie the name
 ## foo.bar.com will match if the bar.com domain is in the map.
 ####
 Slookat_domain
 R$* . $| $*			$: $1 $| $2
 R$*.dialup.$* $| DIALUP		$@ DIALUP
 Rdialup.$* $| DIALUP		$@ DIALUP
 R$* $| $*			$: $(Spam $1 $:NOMATCH $| $1 $) $| $2
 RNOMATCH $| $+ . $* $| $*	$: $>lookat_domain $2 $| $3
 R$* $| $*			$@ $>comp_value $1 $| $2

 ####
 ## Handle looking at IP addresses within the AntiSpam map. This takes
 ## the IP and the required value as domain $| value. This returns
 ## either NO_COMPARE on failure or one of the results in comp_value if
 ## a match occurs. This performs a recursive check, ie the IP address
 ## "193.43.45.3" will match if the address "193" is in the map.
 ####
 Slookat_ip
 R$* $| $*			$: $(Spam $1 $:NOMATCH $| $1 $) $| $2
 RNOMATCH $| $+.$+.$+.$+ $| $*	$: $>lookat_ip $1.$2.$3 $| $5
 RNOMATCH $| $+.$+.$+ $| $*	$: $>lookat_ip $1.$2 $| $4
 RNOMATCH $| $+.$+ $| $*		$: $>lookat_ip $1 $| $3
 R$* $| $*			$@ $>comp_value $1 $| $2

 ####
 ## Handle looking at an EMail address. This means taking off trailing
 ## "."s, surroundding "<" & ">", etc. Returns either NO_COMPARE on
 ## failure or one of the results of comp_value if a match occurs.
 ####
 Slookat_email
 R<$*> $| $*			$: $1 $| $2
 R$* . $| $*			$: $1 $| $2
 R$* $| $*			$: $(Spam $1 $:NOMATCH $| $1 $) $| $2
 RNOMATCH $| $* $| $*		$@ NO_COMPARE
 R$* $| $*			$@ $>comp_value $1 $| $2


 #####
 ###
 ### Now we have the actual rulesets which sendmail calls when doing
 ### things like:
 ###
 ###  o Having a host connection (check_relay)
 ###  o Getting a MAIL FROM: (check_mail)
 ###  o Getting an RCPT TO: (check_rcpt)
 ###  o After a message has been full received (check_compat)
 ###
 ### The above are in the order the checking occurs as well.
 ###
 #####

 ####
 ## check_compat - this gets both the sender and recipient addresses
 ## as parameters. However this is called *after* the entire message
 ## has been recieved so its very much the ruleset of last resort.
 ##
 ## We also allow local hosts to send mail with any sender address
 ## from any recipient address. This is *only* done because I know
 ## the small number of people who use the local addresses personally
 ## I know that they will not spam. In situations where this is not
 ## the case (ie if there is doubt that the end lusers will spam or
 ## not) then you'll probably want to comment those lines out.
 ##
 ## Called as: check_compat <sender> $| <recipient>
 ## Test with: Start,check_compat <sender> $| <recipient>
 ##
 ## It should be noted that this ruleset doesn't deal with something like
 ##
 ##  check_compat <spammer%spam.net@mailhost> $| <victim%innocent.com@mailhost>
 ##
 ## However the above *is* dealt with by the check_rcpt ruleset correctly. I
 ## should probably rework this ruleset to also handle this. When I actually
 ## have free time that is (yeah, *right*. As if that will ever happen)
 ##
 ####
 Scheck_compat
 R$* $| $*			$: <$1> $| <$2>
 R<<$*>> $| $*			$: <$1> $| $2
 R$* $| <<$*>>			$: $1 $| <$2>
 R<$* @ $*> $| $*		$: <$1@$2> $| $3 $| $>lookat_domain $2 $| RELAY
 R<> $| <$* @ $*> 		$: <> $| <$1@$2> $| $>lookat_domain $2 $| RELAY
 R$* $| <$* @ $*> $| NO_COMPARE	$: $1 $| <$2@$3> $| $>lookat_domain $3 $| RELAY
 R$* $| $* $| RELAY 		$@ OK
 R$* $| $* $| $*			$: $1 $| $2
 R$+ $| $+			$: $2 $| $>3 $1	canonicalize sender
 R$+ $| $+			$: $2 $| $>3 $1	canonicalize recipient
 R$- $| $+			$@ OK		from here
 R$+ $| $-			$@ OK		to here
 R$+<@$=w.> $| $+		$@ OK		from here
 R$+ $| $*<@$=w.>		$@ OK		to here
 R$+<@$*> $| $*<@$*>		$: <$1@$2> $| <$3@$4>
 ##
 ## The following three lines enable local addresses to send mail using
 ## any sender or recipient address they wish to. See the notes above
 ## for the dangers of this.
 ##
 R$* $| $* 			$: $1 $| $2 $| $&{client_addr}
 R$* $| $* $| $*			$: $1 $| $2 $| $>lookat_ip $3 $| LOCAL_IP
 R$* $| $* $| LOCAL_IP		$@ OK
 R$* $| $* $| $*			$: $1 $| $2 $| $&{client_name}
 R$* $| $* $| $*			$: $1 $| $2 $| $>lookat_domain $3 $| LOCAL_HOST
 R$* $| $* $| LOCAL_HOST		$@ OK
 ## 
 ## If we're here then its a relay attempt - so block it. Without these
 ## lines the check_compat ruleset is essentially useless.
 ##
 R$* $| $* $| $*			$@ $> SpamMsg RELAY $| $1
 R$* $| $*			$@ $> SpamMsg RELAY $| $1

 ####
 ## check_relay - this is called when a client connects to the server
 ## and is given the hostname and IP address of the client separated by a
 ## $|. Although the name suggests otherwise, this can not be used for
 ## stopping unauthorized relaying - check_rcpt and check_compat are used
 ## for that. It can be used for TCP Wrapper-like access controls. Any
 ## access (ie any bits of (E)SMTP protocol except for QUIT, HELO, EHLO and
 ## NOOP) will be refused with a "500 Access denied".
 ##
 ## Called as: check_relay client_name $| client_addr
 ####
 Scheck_relay
 R$* $| $*			$: $1 $| $2 $| $>lookat_domain $1 $| BLOCK_HOST
 R$* $| $* $| BLOCK_HOST		$@ $> SpamMsg BLOCKED
 R$* $| $* $| $*			$: $1 $| $2 $| $>lookat_ip $2 $| BLOCK_IP
 R$* $| $* $| BLOCK_IP		$@ $> SpamMsg BLOCKED
 R$*				$@ OK

 ####
 ## check_rcpt - called when an RCPT TO: <> is issued by the client. This
 ## gets the address given by the client. This is used to prevent
 ## unauthorized relaying by looking at the address and seeing if it is
 ## local or not. If the address is not and not in the RelayTo map then
 ## the address is disallowed.
 ##
 ## Called as: check_rcpt <recipient>
 ####
 Scheck_rcpt
 ####
 ## First things first - see if someone is trying to relay via us
 R$+ 				$: $&{client_addr} $| $1
 R0 $| $*			$@ OK
 ## Local IP address ?
 R$* $| $*			$: $2 $| $>lookat_ip $1 $| LOCAL_IP
 R$* $| LOCAL_IP			$@ OK
 R<$*@$*> $| $*			$: $1@$2 $| $3
 R$*@$* $| $*			$: <$1@$2> $| $3
 ## Do we accept this domain ?
 R<$*@$*> $| $*			$: <$1@$2> $| $>lookat_domain $2 $| RELAY
 R$* $| RELAY			$@ OK
 ## Hmmmm... not one we're explicitly relaying...
 R$* $| $*			$: $>3 $1
 # Remove the local part
 R$+				$:$>removelocal $1
 # If anything non-local is here then its a relay attempt
 # ... so we first see if an allowed host or network is doing it
 R$*<@$+>$*			$: <$1@$2> $| $>lookat_domain $&{client_name} $| RELAY_HOST
 R<$*> $| RELAY_HOST		$@ OK
 R<$*> $| $*			$: <$1> $| $>lookat_domain $&{client_name} $| RELAY_IP
 R<$*> $| RELAY_IP		$@ OK
 # We've got through that so anything non-local is a relay attempt
 R<$*> $| $*			$@ $> SpamMsg RELAY $| "to <" $1 ">"
 # All is fine - accept the RCPT TO:
 # It should be noted that the host and IP address checks do not need to be
 # performed - they are done in check_mail
 R$*				$@ OK

 ####
 ## removelocal - remove any local bits of the address.
 ## Used by check_rcpt
 ####
 Sremovelocal
 R$*<@$=w.>$*			$: $>removelocal $>3 $1 $3
 R$*<@$*>$*			$@ $1<@$2>$3
 # dequote local part
 R$-				$: $>3 $(dequote $1 $)
 R$*<@$*>$*			$: $>removelocal $1<@$2>$3


 ####
 ## Special case for usa.com.
 ##  If it comes from usa.com mail servers then it passes
 ####
 SSpecialUsaCom
 R$* $| $*.usa.com		$@ OK
 R$* $| $*			$@ $> SpamMsg SPECIAL $| $1 $| usa.com

 ####
 ## Special case for Yahoo.com.
 ##  If it comes from yahoo.com mail servers then it passes
 ####
 SSpecialYahoo
 R$* $| $*.yahoo.com		$@ OK
 R$* $| onion.valueclick.com	$@ OK
 R$* $| $*			$@ $> SpamMsg SPECIAL $| $1 $| yahoo.com

 ####
 ## Special case for Hotmail.com.
 ##  If it comes from hotmail.com mail servers then it passes
 ####
 SSpecialHotmail
 R$* $| $*.hotmail.com		$@ OK
 R$* $| onion.valueclick.com	$@ OK
 R$* $| $*.parasolsolutions.com	$@ OK
 R$* $| $*			$@ $> SpamMsg SPECIAL $| $1 $| hotmail.com

 ####
 ## Special case for aol.com.
 ##  If it comes from hotmail.com mail servers then it passes
 ####
 SSpecialAol
 R$* $| $*.aol.com		$@ OK
 R$* $| $*			$@ $> SpamMsg SPECIAL $| $1 $| aol.com

 ####
 ## Special case for aol.co.uk.
 ##  If it comes from AOL mail servers then it passes
 ####
 SSpecialAolUk
 R$* $| $*.aol.co.uk		$@ OK
 R$* $| $*.aol.com		$@ OK
 R$* $| $*			$@ $> SpamMsg SPECIAL $| $1 $| aol.co.uk

 ####
 ## Special case for Lycos
 ##  If it comes from lycos.com mail servers then it passes
 ####
 SSpecialLycos
 R$* $| $*.lycos.com		$@ OK
 R$* $| $*			$@ $> SpamMsg SPECIAL $| $1 $| lycos.com

 ####
 ## check_mail - called when the client issues a MAIL FROM: <> command. This
 ## calls the external checks like MAPS RBL, ORBS, etc. It also blocks on the
 ## sender mail address.
 ##
 ## Called as: check_mail <sender>
 ####
 Scheck_mail
 # First we see if this is a local host - if so its always trusted
 R$*				$: $1 $| $>lookat_ip $&{client_addr} $| LOCAL_IP
 R$* $| LOCAL_IP			$@ OK
 R$* $| $*			$: $1 $| $>lookat_domain $&{client_name} $| LOCAL_HOST
 R$* $| LOCAL_HOST		$@ OK
 # Now see if is it a short-circuit domain
 R$* $| $*			$: $1 $| $>lookat_email $1 $| ALLOW_EMAIL
 R$* $| ALLOW_EMAIL		$@ OK
 # Now let us see if the sender is a known spammer
 R$* $| $*			$: $1 $| $>lookat_email $1 $| SPAM_EMAIL
 R$* $| SPAM_EMAIL		$@ $> SpamMsg SPAMMER $| <$1>
 # Do we just kill this EMail ?
 R$* $| $*			$: $1 $| $>lookat_email $1 $| KILL_EMAIL
 R$* $| KILL_EMAIL		$@ $> SpamMsg KILL_EMAIL $| <$1>
 R<> $| $*			$: <<NULL>> $| $1
 R<$*> $| $*			$: $1 $| $2
 ####
 ## Special cases
 ####
 R$*@usa.com $| $*		$@ $> SpecialUsaCom [email protected] $| $&{client_name}
 R$*@yahoo.com $| $*		$@ $> SpecialYahoo [email protected] $| $&{client_name}
 R$*@hotmail.com $| $*		$@ $> SpecialHotmail [email protected] $| $&{client_name}
 R$*@aol.com $| $*		$@ $> SpecialAol [email protected] $| $&{client_name}
 R$*@aol.co.uk $| $*		$@ $> SpecialAolUk [email protected] $| $&{client_name}
 R$*@lycos.com $| $*		$@ $> SpecialLycos [email protected] $| $&{client_name}
 ####
 ## Start to look at the domain
 R$*@$* $| $*			$: $2
 # Do we allow the domain through ?
 R$*				$: $1 $| $>lookat_domain $1 $| ALLOW_HOST
 R$* $| ALLOW_HOST		$@ OK
 # Is it a known spam domain ?
 R$* $| $*			$: $1 $| $>lookat_domain $1 $| SPAM_HOST
 R$* $| SPAM_HOST		$@ $> SpamMsg SPAM $| $1
 # Does the DNS resolve - if it doesn't reject it. We try to resolve the name
 # a couple of times here to deal with slow resolution.
 R$* $| $*			$: $1
 R$* .				$: $1
 R$*				$: $1 $| GOT_DOMAIN
 R$* $| GOT_DOMAIN		$: $[ $1 $] $| DNS_FAIL
 R$* . $| $*			$: $1 $| DNS_OKAY
 R$* $| $*			$: $[ $1 $] $| DNS_FAIL
 R$* . $| $*			$: $1 $| DNS_OKAY
 R$* $| $*			$: $[ $1 $] $| DNS_FAIL
 R$* . $| $*			$: $1 $| DNS_OKAY
 R<NULL> $| $*			$: <NULL> $| DNS_OKAY
 R$* $| DNS_FAIL		$@ $> SpamMsg NO_DNS $| $1
 ##
 ## We now switch from looking at the domain name given in the MAIL TO to
 ## looking at the name and network address of the client which actually sent
 ## us the mail.
 ##
 # Check the client name - is it a spam host ?
 R$*				$: $&{client_name} $| $>lookat_domain $&{client_name} $| SPAM_HOST
 R$* $| SPAM_HOST		$@ $> SpamMsg SPAM $| ""
 # Do we block this host ?
 R$* $| $*			$: $1 $| $>lookat_domain $1 $| BLOCK_HOST
 R$* $| BLOCK_HOST		$@ $> SpamMsg BLOCKED
 R$* $| $*			$: $1 $| $>lookat_domain $1 $| SPAM_CLIENT
 R$* $| SPAM_CLIENT		$@ $> SpamMsg SPAM_CLIENT
 # Do we let this client through ?
 R$* $| $*			$: $1 $| $>lookat_domain $1 $| NO_EXTRN
 R$* $| NO_EXTRN			$@ OK
 # Is it from a Spam network ?
 R$*				$: $&{client_addr} $| $>lookat_ip $&{client_addr} $| SPAM_IP
 R$* $| SPAM_IP			$@ $> SpamMsg SPAM $| ""
 # Do we block this network ?
 R$* $| $*			$: $1 $| $>lookat_ip $1 $| BLOCK_IP
 R$* $| BLOCK_IP			$@ $> SpamMsg BLOCKED
 # This is a local IP address ?
 R$* $| $*			$: $1 $| $>lookat_ip $1 $| LOCAL_IP
 R$* $| LOCAL_IP			$@ OK
 # Do we let this client through ?
 R$* $| $*			$: $1 $| $>lookat_ip $1 $| NO_EXTRN
 R$* $| NO_EXTRN			$@ OK
 ###
 ## Start to use the external checks. See
 ##   http://www.declude.com/JunkMail/Support/ip4r.htm
 ## for more.
 ###
 ##
 ## Use SPEWS - http://www.spews.org/
 ##
 #R$*				$: $&{client_addr}
 #R$-.$-.$-.$-			$: $(host $4.$3.$2.$1.spews.relays.osirusoft.com. $: OK $)
 #R$+.				$@ $> SpamMsg EXT_SPEWS
 ##
 ## Use SpamSites - http://www.spamsites.org/
 ##
 #R$*				$: $&{client_addr}
 #R$-.$-.$-.$-			$: $(host $4.$3.$2.$1.spamsites.relays.osirusoft.com. $: OK $)
 #R$+.				$@ $> SpamMsg EXT_SPAMSITES
 ##
 ## Use RSL - http://relays.visi.com/
 ##
 R$*				$: $&{client_addr}
 R$-.$-.$-.$-			$: $(host $4.$3.$2.$1.relays.visi.com. $: OK $)
 R$+.				$@ $> SpamMsg EXT_RSL
 ##
 ## Use SBL - http://www.spamhaus.org/SBL
 ##
 R$*				$: $&{client_addr}
 R$-.$-.$-.$-			$: $(host $4.$3.$2.$1.sbl.spamhaus.org. $: OK $)
 R$+.				$@ $> SpamMsg EXT_SBL
 ##
 ## Use ORDB - http://www.ordb.org/
 ##
 R$*				$: $&{client_addr}
 R$-.$-.$-.$-			$: $(host $4.$3.$2.$1.relays.ordb.org. $: OK $)
 R$+.				$@ $> SpamMsg EXT_ORDB
 ##
 ## Use Monkeys.Com form mail list
 ##  - http://www.monkeys.com/anti-spam/filtering/formmail.html
 ##
 #R$*				$: $&{client_addr}
 #R$-.$-.$-.$-			$: $(host $4.$3.$2.$1.formmail.relays.monkeys.com. $: OK $)
 #R$+.				$@ $> SpamMsg EXT_MONKEY_FORM
 ##
 ## Use Monkeys.Com open proxie list
 ##  - http://www.monkeys.com/anti-spam/filtering/proxies.html
 ##
 #R$*				$: $&{client_addr}
 #R$-.$-.$-.$-			$: $(host $4.$3.$2.$1.proxies.relays.monkeys.com. $: OK $)
 #R$+.				$@ $> SpamMsg EXT_MONKEY_PROXIES
 ##
 ## Use DSBL main list - http://www.dsbl.org/
 ##
 R$*				$: $&{client_addr}
 R$-.$-.$-.$-			$: $(host $4.$3.$2.$1.list.dsbl.org. $: OK $)
 R$+.				$@ $> SpamMsg EXT_DSBL_LIST
 ##
 ## Use DSBL multi-hop list - http://www.dsbl.org/
 ##  DISABLED
 ##
 #R$*				$: $&{client_addr}
 #R$-.$-.$-.$-			$: $(host $4.$3.$2.$1.multihop.dsbl.org. $: OK $)
 #R$+.				$@ $> SpamMsg EXT_DSBL_MULTIHOP
 ##
 ## Use the MAPS list - http://mail-abuse.org/rbl/
 ##  DISABLED
 ##
 #R$*				$: $&{client_addr}
 #R$-.$-.$-.$-			$: $(host $4.$3.$2.$1.blackholes.mail-abuse.org. $: OK $)
 #R$+.				$@ $> SpamMsg EXT_MAPS 
 ##
 ## Use the MAPS DUL list - http://mail-abuse.org/dul/
 ##  DISABLED
 ##
 #R$*				$: $&{client_addr}
 #R$-.$-.$-.$-			$: $(host $4.$3.$2.$1.dialups.mail-abuse.org. $: OK $)
 #R$+.				$@ $> SpamMsg EXT_MAPS_DUL
 ##
 ## Use the RSS - http://www.mail-abuse.org/rss/
 ##  DISABLED
 ##
 #R$*				$: $&{client_addr}
 #R$-.$-.$-.$-			$: $(host $4.$3.$2.$1.relays.mail-abuse.org $: OK $)
 #R$+.				$@ $> SpamMsg EXT_RSS
 ##
 ## Use ORBS - http://www.orbs.org/
 ##   DISABLED
 ##
 #R$*				$: $&{client_addr}
 #R$-.$-.$-.$-			$: $(host $4.$3.$2.$1.relays.orbs.org $: OK $)
 #R$+.				$@ $> SpamMsg EXT_ORBS
 ##
 ## Use the IMRSS open relay list - http://www.imrss.org/
 ##   DISABLED
 ##
 #R$*				$: $&{client_addr}
 #R$-.$-.$-.$-			$: $(host $4.$3.$2.$1.mr-out.imrss.org. $: OK $)
 #R$+.				$@ $> SpamMsg EXT_IMRSS
 ##
 ## Use the DSSL dynamic IP list - http://www.imrss.org/dssl
 ##   DISABLED
 ##
 #R$*				$: $&{client_addr}
 #R$-.$-.$-.$-			$: $(host $4.$3.$2.$1.dssl.imrss.org. $: OK $)
 #R$+.				$@ $> SpamMsg EXT_DSSL
 ##
 ## All is still well, so continue
 ##
 R$*				$@ OK