sub rbl_scanner {
  # mike's RBL scanner <mbowe@pipeline.com.au>
  #
  # this qmail-scanner sub can be used to grab all the ip's out of the 
  # messages header, and run them through the RBL's of your choice. 
  #
  # This allows you to reject any mail that has arrived via
  # open relay's / open proxies etc. Almost always this will be spam mail.
  #
  # You should already be running rblsmtpd to block mail arriving directly
  # from an open relay/proxy, but this sub lets you detect mail that
  # has gone via an open relay/proxy at ANY hop before arriving at your
  # server

  &debug("rbl_scanner: starting");

  my ($start_rblscan_time)=[gettimeofday];
  my ($stop_rblscan_time, $rblscan_time);

  use Mail::RBL;

  # define the list of RBL servers to check against
  my (%rbls);

  foreach my $rbl ("relays.ordb.org","list.dsbl.org") {
    $rbls{$rbl} = new Mail::RBL($rbl);
  }

  # suck out all the ip addresses found in message header
  &debug("rbl_scanner: $headers{'received'}");
  my (%ips);
#  map {$ips{$_} = 1} $headers{'received'} =~ /\((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\)/g;
  map {$ips{$_} =1} $headers{'received'} =~ /[\[\(]([012]?\d?\d\.[012]?\d?\d\.[012]?\d?\d\.[012]?\d?\d)[\]\)]/g;
  # for each ip address found, run it though each of the RBLs.

  foreach my $ip (keys %ips) {
    &debug("rbl_scanner: Found an IP ($ip)");
    foreach my $rbl (keys %rbls) {
      if ($rbls{$rbl}->check($ip)) {
        &debug("rbl_scanner: $ip is listed in $rbl");

        # "a $destring was found in the email you sent", "the $destring was reported to be ", "$quarantine_description"

        $destring="open proxy or open relay server";

        $quarantine_description  = "   Host : $ip was found in the $rbl RBL list\n\n";
        $quarantine_description .= "   Company policy does not permit the acceptance of mail \n";
        $quarantine_description .= "   that has been sent via open proxy or open relay servers.";

        if ($rbl eq "relays.ordb.org") {
          $quarantine_description .= "\n\n   More detailed information regarding this problem is available at\n";
          $quarantine_description .= "   http://www.pipeline.com.au/ordb?$ip";
        } elsif  ($rbl eq "list.dsbl.org") {
          $quarantine_description .= "\n\n   More information regarding this problem is available at\n";
          $quarantine_description .= "   http://dsbl.org/listing?$ip";
        }
        # quarantine_event flags to qmailscanner that a virus was found, and that it should emit a report
        $quarantine_event="rbl_scanner:OPEN_PROXY_OR_RELAY";

        $description = "$ip is listed in $rbl";
      }
    }
  }

  $stop_rblscan_time=[gettimeofday];
  $rblscan_time = tv_interval ($start_rblscan_time, $stop_rblscan_time);
  &debug("rbl_scanner: finished scan of dir \"$scandir/$file_id\" in $rblscan_time secs");
}
