38
=item skip_uribl_checks ( 0 | 1 ) (default: 0)
40
Turning on the skip_uribl_checks setting will disable the URIDNSBL plugin.
42
By default, SpamAssassin will run URI DNSBL checks. Individual URI blocklists
43
may be disabled selectively by setting a score of a corresponding rule to 0
44
or through the uridnsbl_skip_domain parameter.
46
See also a related configuration parameter skip_rbl_checks,
47
which controls the DNSEval plugin (documented in the Conf man page).
38
53
=item uridnsbl_skip_domain domain1 domain2 ...
40
55
Specify a domain, or a number of domains, which should be skipped for the
60
75
body URIBL_SBLXBL eval:check_uridnsbl('URIBL_SBLXBL')
61
76
describe URIBL_SBLXBL Contains a URL listed in the SBL/XBL blocklist
78
=item uridnssub NAME_OF_RULE dnsbl_zone lookuptype subtest
80
Specify a DNSBL-style domain lookup with a sub-test. C<NAME_OF_RULE> is the
81
name of the rule to be used, C<dnsbl_zone> is the zone to look up IPs in,
82
and C<lookuptype> is the type of lookup (B<TXT> or B<A>).
84
C<subtest> is the sub-test to run against the returned data. The sub-test may
85
either be an IPv4 dotted address for DNSBLs that return multiple A records or a
86
non-negative decimal number to specify a bitmask for DNSBLs that return a
87
single A record containing a bitmask of results.
89
Note that, as with C<uridnsbl>, you must also define a body-eval rule calling
90
C<check_uridnsbl()> to use this.
94
uridnssub URIBL_DNSBL_4 dnsbl.example.org. A 127.0.0.4
95
uridnssub URIBL_DNSBL_8 dnsbl.example.org. A 8
63
97
=item urirhsbl NAME_OF_RULE rhsbl_zone lookuptype
65
99
Specify a RHSBL-style domain lookup. C<NAME_OF_RULE> is the name of the rule
74
108
C<bar.com.uriblzone.net>, and C<foo.bar.co.uk> will look up
75
109
C<bar.co.uk.uriblzone.net>.
77
If a URI consists IP address instead of a hostname, the IP address is looked
78
up (using the standard reversed quads method) in each C<rhsbl_zone>.
111
If an URI consists of an IP address instead of a hostname, the IP address is
112
looked up (using the standard reversed quads method) in each C<rhsbl_zone>.
100
134
urirhssub URIBL_RHSBL_4 rhsbl.example.org. A 127.0.0.4
101
135
urirhssub URIBL_RHSBL_8 rhsbl.example.org. A 8
137
=item urinsrhsbl NAME_OF_RULE rhsbl_zone lookuptype
139
Perform a RHSBL-style domain lookup against the contents of the NS records
140
for each URI. In other words, a URI using the domain C<foo.com> will cause
141
an NS lookup to take place; assuming that domain has an NS of C<ns0.bar.com>,
142
that will cause a lookup of C<bar.com.uriblzone.net>. Note that hostnames
143
are stripped from both the domain used in the URI, and the domain in the
146
C<NAME_OF_RULE> is the name of the rule to be used, C<rhsbl_zone> is the zone
147
to look up domain names in, and C<lookuptype> is the type of lookup (B<TXT> or
150
Note that, as with C<urirhsbl>, you must also define a body-eval rule calling
151
C<check_uridnsbl()> to use this.
153
=item urinsrhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
155
Specify a RHSBL-style domain-NS lookup, as above, with a sub-test.
156
C<NAME_OF_RULE> is the name of the rule to be used, C<rhsbl_zone> is the zone
157
to look up domain names in, and C<lookuptype> is the type of lookup (B<TXT> or
158
B<A>). C<subtest> is the sub-test to run against the returned data; see
161
Note that, as with C<urirhsbl>, you must also define a body-eval rule calling
162
C<check_uridnsbl()> to use this.
164
=item urifullnsrhsbl NAME_OF_RULE rhsbl_zone lookuptype
166
Perform a RHSBL-style domain lookup against the contents of the NS records for
167
each URI. In other words, a URI using the domain C<foo.com> will cause an NS
168
lookup to take place; assuming that domain has an NS of C<ns0.bar.com>, that
169
will cause a lookup of C<ns0.bar.com.uriblzone.net>. Note that hostnames are
170
stripped from the domain used in the URI.
172
C<NAME_OF_RULE> is the name of the rule to be used, C<rhsbl_zone> is the zone
173
to look up domain names in, and C<lookuptype> is the type of lookup (B<TXT> or
176
Note that, as with C<urirhsbl>, you must also define a body-eval rule calling
177
C<check_uridnsbl()> to use this.
179
=item urifullnsrhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
181
Specify a RHSBL-style domain-NS lookup, as above, with a sub-test.
182
C<NAME_OF_RULE> is the name of the rule to be used, C<rhsbl_zone> is the zone
183
to look up domain names in, and C<lookuptype> is the type of lookup (B<TXT> or
184
B<A>). C<subtest> is the sub-test to run against the returned data; see
187
Note that, as with C<urirhsbl>, you must also define a body-eval rule calling
188
C<check_uridnsbl()> to use this.
105
192
=head1 ADMINISTRATOR SETTINGS
190
283
my $rulecf = $scanner->{conf}->{uridnsbls}->{$rulename};
191
284
if ($rulecf->{is_rhsbl}) {
192
285
$scanner->{uridnsbl_active_rules_rhsbl}->{$rulename} = 1;
286
} elsif ($rulecf->{is_fullnsrhsbl}) {
287
$scanner->{uridnsbl_active_rules_fullnsrhsbl}->{$rulename} = 1;
288
} elsif ($rulecf->{is_nsrhsbl}) {
289
$scanner->{uridnsbl_active_rules_nsrhsbl}->{$rulename} = 1;
194
291
$scanner->{uridnsbl_active_rules_revipbl}->{$rulename} = 1;
431
setting => 'uridnssub',
434
my ($self, $key, $value, $line) = @_;
435
if ($value =~ /^(\S+)\s+(\S+)\s+(\S+)\s+(\d{1,10}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) {
440
$self->{uridnsbls}->{$rulename} = {
441
zone => $zone, type => $type,
442
is_rhsbl => 0, is_subrule => 1
444
$self->{uridnsbl_subs}->{$zone} ||= { };
445
push (@{$self->{uridnsbl_subs}->{$zone}->{$subrule}->{rulenames}}, $rulename);
447
elsif ($value =~ /^$/) {
448
return $Mail::SpamAssassin::Conf::MISSING_REQUIRED_VALUE;
451
return $Mail::SpamAssassin::Conf::INVALID_VALUE;
328
457
setting => 'urirhsbl',
506
setting => 'urinsrhsbl',
509
my ($self, $key, $value, $line) = @_;
510
if ($value =~ /^(\S+)\s+(\S+)\s+(\S+)$/) {
514
$self->{uridnsbls}->{$rulename} = {
515
zone => $zone, type => $type,
519
elsif ($value =~ /^$/) {
520
return $Mail::SpamAssassin::Conf::MISSING_REQUIRED_VALUE;
523
return $Mail::SpamAssassin::Conf::INVALID_VALUE;
529
setting => 'urinsrhssub',
532
my ($self, $key, $value, $line) = @_;
533
if ($value =~ /^(\S+)\s+(\S+)\s+(\S+)\s+(\d{1,10}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) {
538
$self->{uridnsbls}->{$rulename} = {
539
zone => $zone, type => $type,
540
is_nsrhsbl => 1, is_subrule => 1
542
$self->{uridnsbl_subs}->{$zone} ||= { };
543
push (@{$self->{uridnsbl_subs}->{$zone}->{$subrule}->{rulenames}}, $rulename);
545
elsif ($value =~ /^$/) {
546
return $Mail::SpamAssassin::Conf::MISSING_REQUIRED_VALUE;
549
return $Mail::SpamAssassin::Conf::INVALID_VALUE;
555
setting => 'urifullnsrhsbl',
558
my ($self, $key, $value, $line) = @_;
559
if ($value =~ /^(\S+)\s+(\S+)\s+(\S+)$/) {
563
$self->{uridnsbls}->{$rulename} = {
564
zone => $zone, type => $type,
568
elsif ($value =~ /^$/) {
569
return $Mail::SpamAssassin::Conf::MISSING_REQUIRED_VALUE;
572
return $Mail::SpamAssassin::Conf::INVALID_VALUE;
578
setting => 'urifullnsrhssub',
581
my ($self, $key, $value, $line) = @_;
582
if ($value =~ /^(\S+)\s+(\S+)\s+(\S+)\s+(\d{1,10}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) {
587
$self->{uridnsbls}->{$rulename} = {
588
zone => $zone, type => $type,
589
is_fullnsrhsbl => 1, is_subrule => 1
591
$self->{uridnsbl_subs}->{$zone} ||= { };
592
push (@{$self->{uridnsbl_subs}->{$zone}->{$subrule}->{rulenames}}, $rulename);
594
elsif ($value =~ /^$/) {
595
return $Mail::SpamAssassin::Conf::MISSING_REQUIRED_VALUE;
598
return $Mail::SpamAssassin::Conf::INVALID_VALUE;
377
604
setting => 'uridnsbl_skip_domain',
606
type => $Mail::SpamAssassin::Conf::CONF_TYPE_HASH_KEY_VALUE,
380
608
my ($self, $key, $value, $line) = @_;
381
609
if ($value =~ /^$/) {
437
662
$single_dnsbl = 1;
665
my $rhsblrules = $scanner->{uridnsbl_active_rules_rhsbl};
666
my $nsrhsblrules = $scanner->{uridnsbl_active_rules_nsrhsbl};
667
my $fullnsrhsblrules = $scanner->{uridnsbl_active_rules_fullnsrhsbl};
668
my $reviprules = $scanner->{uridnsbl_active_rules_revipbl};
440
670
if ($single_dnsbl) {
441
671
# look up the domain in the RHSBL subset
442
my $cf = $scanner->{uridnsbl_active_rules_rhsbl};
443
foreach my $rulename (keys %{$cf}) {
672
foreach my $rulename (keys %{$rhsblrules}) {
444
673
my $rulecf = $scanner->{conf}->{uridnsbls}->{$rulename};
445
674
$self->lookup_single_dnsbl($scanner, $obj, $rulename,
446
675
$dom, $rulecf->{zone}, $rulecf->{type});
449
678
$scanner->register_async_rule_start($rulename);
452
# perform NS, A lookups to look up the domain in the non-RHSBL subset
453
if ($dom !~ /^\d+\.\d+\.\d+\.\d+$/) {
681
# perform NS, A lookups to look up the domain in the non-RHSBL subset,
682
# but only if there are active reverse-IP-URIBL rules
683
if ($dom !~ /^\d+\.\d+\.\d+\.\d+$/ &&
684
(scalar keys %{$reviprules} ||
685
scalar keys %{$nsrhsblrules} ||
686
scalar keys %{$fullnsrhsblrules}))
454
688
$self->lookup_domain_ns($scanner, $obj, $dom);
458
692
# note that these rules are now underway. important: unless the
459
693
# rule hits, in the current design, these will not be considered
460
694
# "finished" until harvest_dnsbl_queries() completes
461
my $cf = $scanner->{uridnsbl_active_rules_revipbl};
462
foreach my $rulename (keys %{$cf}) {
695
foreach my $rulename (keys %{$reviprules}) {
463
696
$scanner->register_async_rule_start($rulename);
502
740
if ($nsmatch =~ /^$IPV4_ADDRESS$/ && $nsmatch !~ /^$IP_PRIVATE$/) {
503
741
$self->lookup_dnsbl_for_ip($scanner, $ent->{obj}, $nsmatch);
743
$nsrhblstr = $nsmatch;
507
746
$self->lookup_a_record($scanner, $ent->{obj}, $nsmatch);
747
$nsrhblstr = Mail::SpamAssassin::Util::RegistrarBoundaries::trim_domain($nsmatch);
750
foreach my $rulename (keys %{$nsrhsblrules}) {
751
my $rulecf = $scanner->{conf}->{uridnsbls}->{$rulename};
752
$self->lookup_single_dnsbl($scanner, $ent->{obj}, $rulename,
753
$nsrhblstr, $rulecf->{zone}, $rulecf->{type});
755
$scanner->register_async_rule_start($rulename);
758
foreach my $rulename (keys %{$fullnsrhsblrules}) {
759
my $rulecf = $scanner->{conf}->{uridnsbls}->{$rulename};
760
$self->lookup_single_dnsbl($scanner, $ent->{obj}, $rulename,
761
$fullnsrhblstr, $rulecf->{zone}, $rulecf->{type});
763
$scanner->register_async_rule_start($rulename);