$Id: README,v 1.3 2000/03/20 06:42:17 sra Exp $ Perl scripts to support RBL-style processing under procmail. These scripts are both intended to pick IPv4 addreses out of the Received: headers of an RFC-822 formatted mail message. While RFC-822 does not require the Received: header to contain such an IP address, this has become the norm in most MTAs, as an aid to spam tracking. The scripts look up whatever IPv4 addresses they find this way in various "RBL-style" DNS databases. The two scripts are very similar (and could in fact be rewritten to be different operation modes of a single program): the difference is in what they do when they find a match. rblreceived halts at the first match, printing out the IP address and the name of the database. rblannotate checks all the IP addresses in all the databases, and adds a X-RBL-Received: describing each match. The difference reflects the intended usage: rblreceived is intended for use in a backquoted procmail variable assignment when you don't want to modify the message itself, while rblannotate is intended for use as a filter when you want to do all the RBL checking in a single pass to get it over with. rblreceived .procmailrc examples: # ORBS tries to list all potential spam relays, so check ORBS but # consider other factors as well before discarding a message. # (Clever procmailsc weighted scoring recipe using ORBS_LISTED as # one of its inputs left as an exercise for the reader.) RBLS="relays.orbs.org" ORBS_LISTED=`perl rblreceived` # RSS tries to list only relays known to be in use by spammers, so # an RSS hit indicates a high probability that a message is spam. # If you don't mind living dangerously, here's how to discard any # message that gets an RSS hit with extreme prejudice. RBLS="relays.mail-abuse.org" :0 Whi | perl rblreceived >/dev/null rblannotate .procmailrc example: # Check all your favorite RBL-style listings with one swell foop. # Presumably you're going to do filtering further down based on # the X-RBL-Received: annotations that this filter adds. RBLS="rbl.maps.vix.com:relays.mail-abuse.org" :0 fhw | perl rblannotate Both scripts can be customized to some extent via environment variables, see the comments at the head of each script. If you're processing a -lot- of mail on a busy machine, it might be worth rewriting these programs in C to get rid of the Perl startup overhead, but if your machine is that loaded you're probably not running procmail either. Recoding in C wouldn't make these programs run much faster in any case, since the slow part is the DNS lookups. --sra, Saint Patrick's Day, 2000