Hamster Playground comes with a "ready-to-use" script named "Demo-RBL-Check.hsc"
and an accompanying script module named "RblChecker.hsm".
The script will lookup the IPs in the "Received:" headers
of new mails and add "X-RBL-Warning:" headers for senders
listed in any of the configured RBL.
Before you use the script, it is strongly suggested to only work with
a copy of that script, because the one named "Demo-RBL-Check.hsc"
will be overwritten next time you update Hamster. So copy or rename this script
to "My-RBL-Check.hsc" first if you want to change it.
The only required configuration is the list of RBL hosts to be checked. The demo script already contains some widely used ones, highlighted in the script snippet below:
The "Demo-RBL-Check.hsc" script (or your personal
"My-RBL-Check.hsc" script) is not intended to be started
manually, it has to be started automatically whenever a new mail comes in
instead.
To achieve this, just assign the script to the action named "MailInHeader".
Be sure to mark the "Wait" option for it, but do not mark
the "Lock" option!
After assigning the script to the "MailInHeader"
action, every mail fetched from an external POP3 server will get additional
"X-RBL-Warning:" headers whenever a sender is listed in
one or more of the configured RBL.
Such "X-RBL-Warning:" headers will contain the
following information:
<RBL-HOST> returned <RESULT> (<COMMENT>) for
<IP> (<POSITION>)
<RBL-HOST> is the RBL host as given in the script.
<RESULT> is what the host has returned.
<COMMENT> is a description of the result as set in the script
(just "listed" if none given).
<IP> is the IP number that was checked.
<POSITION> is a counter for the "Received:"
header containing the IP ("1st", "2nd",
"3rd, "4th" etc.).
Examples:
X-RBL-Warning: sbl-xbl.spamhaus.org returned 127.0.0.4 (spam source) for 210.127.65.50
(1st)
X-RBL-Warning: zz.countries.nerd.dk returned 127.0.1.154 (from .kr) for 210.127.65.50
(1st)
The information of the RBL lookup is now contained in the "X-RBL-Warning:"
headers of mails, so this header can be used to filter out unwanted mails, e. g.
by scoring them down with "Mail Traps":
Before someone asks: The regular expression patterns in the examples shown above just have a "." (=any character) where a "\." (=dot character) would be more appropriate. This is intended to improve readability and really doesn't matter in this case ...