1Mail::SpamAssassin::PluUgsienr::CUoRnItDrNiSbBuLt(e3d)PMearill:D:oScpuammeAnstsaatsisoinn::Plugin::URIDNSBL(3)
2
3
4

NAME

6       URIDNSBL - look up URLs against DNS blocklists
7

SYNOPSIS

9         loadplugin    Mail::SpamAssassin::Plugin::URIDNSBL
10         uridnsbl      URIBL_SBLXBL    sbl-xbl.spamhaus.org.   TXT
11

DESCRIPTION

13       This works by analysing message text and HTML for URLs, extracting the
14       domain names from those, querying their NS records in DNS, resolving
15       the hostnames used therein, and querying various DNS blocklists for
16       those IP addresses.  This is quite effective.
17

USER SETTINGS

19       skip_uribl_checks ( 0 | 1 )   (default: 0)
20           Turning on the skip_uribl_checks setting will disable the URIDNSBL
21           plugin.
22
23           By default, SpamAssassin will run URI DNSBL checks. Individual URI
24           blocklists may be disabled selectively by setting a score of a
25           corresponding rule to 0 or through the uridnsbl_skip_domain
26           parameter.
27
28           See also a related configuration parameter skip_rbl_checks, which
29           controls the DNSEval plugin (documented in the Conf man page).
30
31       uridnsbl_skip_domain domain1 domain2 ...
32           Specify a domain, or a number of domains, which should be skipped
33           for the URIBL checks.  This is very useful to specify very common
34           domains which are not going to be listed in URIBLs.
35

RULE DEFINITIONS AND PRIVILEGED SETTINGS

37       uridnsbl NAME_OF_RULE dnsbl_zone lookuptype
38           Specify a lookup.  "NAME_OF_RULE" is the name of the rule to be
39           used, "dnsbl_zone" is the zone to look up IPs in, and "lookuptype"
40           is the type of lookup (TXT or A).   Note that you must also define
41           a body-eval rule calling "check_uridnsbl()" to use this.
42
43           Example:
44
45            uridnsbl        URIBL_SBLXBL    sbl-xbl.spamhaus.org.   TXT
46            body            URIBL_SBLXBL    eval:check_uridnsbl('URIBL_SBLXBL')
47            describe        URIBL_SBLXBL    Contains a URL listed in the SBL/XBL blocklist
48
49       uridnssub NAME_OF_RULE dnsbl_zone lookuptype subtest
50           Specify a DNSBL-style domain lookup with a sub-test.
51           "NAME_OF_RULE" is the name of the rule to be used, "dnsbl_zone" is
52           the zone to look up IPs in, and "lookuptype" is the type of lookup
53           (TXT or A).
54
55           "subtest" is a sub-test to run against the returned data.  The sub-
56           test may be in one of the following forms: m, n1-n2, or n/m, where
57           n,n1,n2,m can be any of: decimal digits, 0x followed by up to 8
58           hexadecimal digits, or an IPv4 address in quad-dot form. The 'A'
59           records (IPv4 dotted address) as returned by DNSBLs lookups are
60           converted into a numerical form (r) and checked against the
61           specified sub-test as follows: for a range n1-n2 the following must
62           be true: (r >= n1 && r <= n2); for a n/m form the following must be
63           true: (r & m) == (n & m); for a single value in quad-dot form the
64           following must be true: r == n; for a single decimal or hex form
65           the following must be true: (r & n) != 0.
66
67           Some typical examples of a sub-test are: 127.0.1.2,
68           127.0.1.20-127.0.1.39, 127.0.1.0/255.255.255.0, 0.0.0.16/0.0.0.16,
69           0x10/0x10, 16, 0x10 .
70
71           Note that, as with "uridnsbl", you must also define a body-eval
72           rule calling "check_uridnsbl()" to use this.
73
74           Example:
75
76             uridnssub   URIBL_DNSBL_4    dnsbl.example.org.   A    127.0.0.4
77             uridnssub   URIBL_DNSBL_8    dnsbl.example.org.   A    8
78
79       urirhsbl NAME_OF_RULE rhsbl_zone lookuptype
80           Specify a RHSBL-style domain lookup.  "NAME_OF_RULE" is the name of
81           the rule to be used, "rhsbl_zone" is the zone to look up domain
82           names in, and "lookuptype" is the type of lookup (TXT or A).   Note
83           that you must also define a body-eval rule calling
84           "check_uridnsbl()" to use this.
85
86           An RHSBL zone is one where the domain name is looked up, as a
87           string; e.g. a URI using the domain "foo.com" will cause a lookup
88           of "foo.com.uriblzone.net".  Note that hostnames are stripped from
89           the domain used in the URIBL lookup, so the domain "foo.bar.com"
90           will look up "bar.com.uriblzone.net", and "foo.bar.co.uk" will look
91           up "bar.co.uk.uriblzone.net".
92
93           If an URI consists of an IP address instead of a hostname, the IP
94           address is looked up (using the standard reversed quads method) in
95           each "rhsbl_zone".
96
97           Example:
98
99             urirhsbl        URIBL_RHSBL    rhsbl.example.org.   TXT
100
101       urirhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
102           Specify a RHSBL-style domain lookup with a sub-test.
103           "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
104           the zone to look up domain names in, and "lookuptype" is the type
105           of lookup (TXT or A).
106
107           "subtest" is a sub-test to run against the returned data.  The sub-
108           test may be in one of the following forms: m, n1-n2, or n/m, where
109           n,n1,n2,m can be any of: decimal digits, 0x followed by up to 8
110           hexadecimal digits, or an IPv4 address in quad-dot form. The 'A'
111           records (IPv4 dotted address) as returned by DNSBLs lookups are
112           converted into a numerical form (r) and checked against the
113           specified sub-test as follows: for a range n1-n2 the following must
114           be true: (r >= n1 && r <= n2); for a n/m form the following must be
115           true: (r & m) == (n & m); for a single value in quad-dot form the
116           following must be true: r == n; for a single decimal or hex form
117           the following must be true: (r & n) != 0.
118
119           Some typical examples of a sub-test are: 127.0.1.2,
120           127.0.1.20-127.0.1.39, 127.2.3.0/255.255.255.0, 0.0.0.16/0.0.0.16,
121           0x10/0x10, 16, 0x10 .
122
123           Note that, as with "urirhsbl", you must also define a body-eval
124           rule calling "check_uridnsbl()" to use this.
125
126           Example:
127
128             urirhssub   URIBL_RHSBL_4    rhsbl.example.org.   A    127.0.0.4
129             urirhssub   URIBL_RHSBL_8    rhsbl.example.org.   A    8
130
131       urinsrhsbl NAME_OF_RULE rhsbl_zone lookuptype
132           Perform a RHSBL-style domain lookup against the contents of the NS
133           records for each URI.  In other words, a URI using the domain
134           "foo.com" will cause an NS lookup to take place; assuming that
135           domain has an NS of "ns0.bar.com", that will cause a lookup of
136           "bar.com.uriblzone.net".  Note that hostnames are stripped from
137           both the domain used in the URI, and the domain in the lookup.
138
139           "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
140           the zone to look up domain names in, and "lookuptype" is the type
141           of lookup (TXT or A).
142
143           Note that, as with "urirhsbl", you must also define a body-eval
144           rule calling "check_uridnsbl()" to use this.
145
146       urinsrhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
147           Specify a RHSBL-style domain-NS lookup, as above, with a sub-test.
148           "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
149           the zone to look up domain names in, and "lookuptype" is the type
150           of lookup (TXT or A).  "subtest" is the sub-test to run against the
151           returned data; see <urirhssub>.
152
153           Note that, as with "urirhsbl", you must also define a body-eval
154           rule calling "check_uridnsbl()" to use this.
155
156       urifullnsrhsbl NAME_OF_RULE rhsbl_zone lookuptype
157           Perform a RHSBL-style domain lookup against the contents of the NS
158           records for each URI.  In other words, a URI using the domain
159           "foo.com" will cause an NS lookup to take place; assuming that
160           domain has an NS of "ns0.bar.com", that will cause a lookup of
161           "ns0.bar.com.uriblzone.net".  Note that hostnames are stripped from
162           the domain used in the URI.
163
164           "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
165           the zone to look up domain names in, and "lookuptype" is the type
166           of lookup (TXT or A).
167
168           Note that, as with "urirhsbl", you must also define a body-eval
169           rule calling "check_uridnsbl()" to use this.
170
171       urifullnsrhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
172           Specify a RHSBL-style domain-NS lookup, as above, with a sub-test.
173           "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
174           the zone to look up domain names in, and "lookuptype" is the type
175           of lookup (TXT or A).  "subtest" is the sub-test to run against the
176           returned data; see <urirhssub>.
177
178           Note that, as with "urirhsbl", you must also define a body-eval
179           rule calling "check_uridnsbl()" to use this.
180
181       tflags NAME_OF_RULE ips_only
182           Only URIs containing IP addresses as the "host" component will be
183           matched against the named "urirhsbl"/"urirhssub" rule.
184
185       tflags NAME_OF_RULE domains_only
186           Only URIs containing a non-IP-address "host" component will be
187           matched against the named "urirhsbl"/"urirhssub" rule.
188

ADMINISTRATOR SETTINGS

190       uridnsbl_max_domains N        (default: 20)
191           The maximum number of domains to look up.
192

NOTES

194       The "uridnsbl_timeout" option has been obsoleted by the "rbl_timeout"
195       option.  See the "Mail::SpamAssassin::Conf" POD for details on
196       "rbl_timeout".
197
198
199
200perl v5.10.1                      2010-0M3a-i1l6::SpamAssassin::Plugin::URIDNSBL(3)