# Dialup detection ACL
#
# Dial-up/cable/dsl check

dialup_acl:

  accept  condition        = ${if def:acl_c_dialup}
	  condition        = $acl_c_dialup

  deny    condition        = ${if def:acl_c_dialup}
  
  accept  acl              = raw_dialup_acl
#         !dnslists        = ips.backscatterer.org:list.dnswl.org
          set acl_c_dialup = yes
#          logwrite         = DIALUP YES $sender_host_name $sender_host_address

  deny    set acl_c_dialup = no
#          logwrite         = DIALUP NO $sender_host_name $sender_host_address

raw_dialup_acl:

  # Known not dialup hosts

  deny    hosts         = *.amazon.com:*.yahoo.com:*.hotmail.com:\
			  *.secureserver.net:*.correodirect.com
#			  *.acens.net:*.staticip.rima-tde.net 
 
  # Get hostname on acl_c4

  warn    condition     = ${if !def:acl_c4}
          condition     = ${if eq {$sender_host_name}{}}
          set acl_c4    = ${lookup dnsdb{defer_never,ptr=$sender_host_address}\
                           {${lc:$value}}{}}

  warn    condition     = ${if !def:acl_c4}
          set acl_c4    = ${lc:$sender_host_name}

  # No hostname (rDNS) is suspicious too

  accept  condition     = ${if eq {$acl_c4}{}}

  # Test for dsl hostname patterns

#  accept  condition     = ${if match {$acl_c4}\
#			  {\N\b[a-z]*?(\d{1,3}[\.\-x]\d{1,3}|\
#			  ([a-z]?dsl(am)?|dhcp|tnt|ipt|pool|nas|cvx|leased|\
#			  slip|user|subscriber|d[iu]p|modem(cable)?|ppp(oe)?|\
#			  dyn(amic)?|dial(up|in)?|cust(omers?)?|(end)?users?|\
#			  d?cliente?)\d*?)\b\N}}

  accept  condition     = ${if match {$acl_c4}\
                          {\N[a-z\-]*?(\d{5,}|\d{1,3}[\.\-x]\d{1,3}|\
                          ([a-z]?dsl(am)?|dhcp|tnt|ipt|pool|nas|cvx|leased|\
                          slip|user|subscriber|d[iu]p|modem|cable|ppp(oe)?|\
                          dyn(amic)?|dial(up|in)?|cust(omers?)?|(end)?users?|\
                          d?cliente?)\d*?)\N}}

#  accept  condition     = ${if match {$acl_c4}{\N\d{5,}\N}}
#  accept  condition     = ${if match {$acl_c4}{\N\d{1,3}(\.|\-)\d{1,3}\N}}
#  accept  condition     = ${if match {$acl_c4}{\N(user|host)\d{1,3}\.\N}}

  accept  condition     = ${if match {$acl_c4}\
			  {(comcast\.net|ips\.sarenet\.es|prod-empresarial\.com\.mx|\
			  rodos\.acn\.gr|res\.rr\.com|ks\.charter\.com|\
			  abi\.uni2\.es|e\.brasiltelecom\.net\.br|\
			  bigpond\.net\.au|ip\.fastwebnet\.it|\
			  miyagi\.ocn\.ne\.jp|telecom-bg|fibertel\.com\.ar|\
			  abo\.wanadoo\.fr|speed\.planet\.nl)\$}}

  accept  dnslists      = pbl.spamhaus.org:\
                          dialup.blacklist.jippg.org:dynablock.easynet.nl

  deny