Mail::SpamAssassin::Plugin::URIDNSBL(3pm)

1Mail::SpamAssassin::PluUgsienr::CUoRnItDrNiSbBuLt(e3d)PMearill:D:oScpuammeAnstsaatsisoinn::Plugin::URIDNSBL(3)
2
3
4

NAME

6       URIDNSBL - look up URLs against DNS blocklists
7

SYNOPSIS

9         loadplugin    Mail::SpamAssassin::Plugin::URIDNSBL
10         uridnsbl      URIBL_SBLXBL    sbl-xbl.spamhaus.org.   TXT
11

DESCRIPTION

13       This works by analysing message text and HTML for URLs, extracting the
14       domain names from those, querying their NS records in DNS, resolving
15       the hostnames used therein, and querying various DNS blocklists for
16       those IP addresses.  This is quite effective.
17

USER SETTINGS

19       skip_uribl_checks ( 0 | 1 )   (default: 0)
20           Turning on the skip_uribl_checks setting will disable the URIDNSBL
21           plugin.
22
23           By default, SpamAssassin will run URI DNSBL checks. Individual URI
24           blocklists may be disabled selectively by setting a score of a
25           corresponding rule to 0 or through the uridnsbl_skip_domain
26           parameter.
27
28           See also a related configuration parameter skip_rbl_checks, which
29           controls the DNSEval plugin (documented in the Conf man page).
30
31       uridnsbl_skip_domain domain1 domain2 ...
32           Specify a domain, or a number of domains, which should be skipped
33           for the URIBL checks.  This is very useful to specify very common
34           domains which are not going to be listed in URIBLs.
35
36       clear_uridnsbl_skip_domain [domain1 domain2 ...]
37           If no argument is given, then clears the entire list of domains
38           declared by uridnsbl_skip_domain configuration directives so far.
39           Any subsequent uridnsbl_skip_domain directives will start creating
40           a new list of skip domains.
41
42           When given a list of domains as arguments, only the specified
43           domains are removed from the list of skipped domains.
44

RULE DEFINITIONS AND PRIVILEGED SETTINGS

46       uridnsbl NAME_OF_RULE dnsbl_zone lookuptype
47           Specify a lookup.  "NAME_OF_RULE" is the name of the rule to be
48           used, "dnsbl_zone" is the zone to look up IPs in, and "lookuptype"
49           is the type of lookup (TXT or A).   Note that you must also define
50           a body-eval rule calling "check_uridnsbl()" to use this.
51
52           Example:
53
54            uridnsbl        URIBL_SBLXBL    sbl-xbl.spamhaus.org.   TXT
55            body            URIBL_SBLXBL    eval:check_uridnsbl('URIBL_SBLXBL')
56            describe        URIBL_SBLXBL    Contains a URL listed in the SBL/XBL blocklist
57
58       uridnssub NAME_OF_RULE dnsbl_zone lookuptype subtest
59           Specify a DNSBL-style domain lookup with a sub-test.
60           "NAME_OF_RULE" is the name of the rule to be used, "dnsbl_zone" is
61           the zone to look up IPs in, and "lookuptype" is the type of lookup
62           (TXT or A).
63
64           "subtest" is a sub-test to run against the returned data.  The sub-
65           test may be in one of the following forms: m, n1-n2, or n/m, where
66           n,n1,n2,m can be any of: decimal digits, 0x followed by up to 8
67           hexadecimal digits, or an IPv4 address in quad-dot form. The 'A'
68           records (IPv4 dotted address) as returned by DNSBLs lookups are
69           converted into a numerical form (r) and checked against the
70           specified sub-test as follows: for a range n1-n2 the following must
71           be true: (r >= n1 && r <= n2); for a n/m form the following must be
72           true: (r & m) == (n & m); for a single value in quad-dot form the
73           following must be true: r == n; for a single decimal or hex form
74           the following must be true: (r & n) != 0.
75
76           Some typical examples of a sub-test are: 127.0.1.2,
77           127.0.1.20-127.0.1.39, 127.0.1.0/255.255.255.0, 0.0.0.16/0.0.0.16,
78           0x10/0x10, 16, 0x10 .
79
80           Note that, as with "uridnsbl", you must also define a body-eval
81           rule calling "check_uridnsbl()" to use this.
82
83           Example:
84
85             uridnssub   URIBL_DNSBL_4    dnsbl.example.org.   A    127.0.0.4
86             uridnssub   URIBL_DNSBL_8    dnsbl.example.org.   A    8
87
88       urirhsbl NAME_OF_RULE rhsbl_zone lookuptype
89           Specify a RHSBL-style domain lookup.  "NAME_OF_RULE" is the name of
90           the rule to be used, "rhsbl_zone" is the zone to look up domain
91           names in, and "lookuptype" is the type of lookup (TXT or A).   Note
92           that you must also define a body-eval rule calling
93           "check_uridnsbl()" to use this.
94
95           An RHSBL zone is one where the domain name is looked up, as a
96           string; e.g. a URI using the domain "foo.com" will cause a lookup
97           of "foo.com.uriblzone.net".  Note that hostnames are stripped from
98           the domain used in the URIBL lookup, so the domain "foo.bar.com"
99           will look up "bar.com.uriblzone.net", and "foo.bar.co.uk" will look
100           up "bar.co.uk.uriblzone.net".
101
102           If an URI consists of an IP address instead of a hostname, the IP
103           address is looked up (using the standard reversed quads method) in
104           each "rhsbl_zone".
105
106           Example:
107
108             urirhsbl        URIBL_RHSBL    rhsbl.example.org.   TXT
109
110       urirhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
111           Specify a RHSBL-style domain lookup with a sub-test.
112           "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
113           the zone to look up domain names in, and "lookuptype" is the type
114           of lookup (TXT or A).
115
116           "subtest" is a sub-test to run against the returned data.  The sub-
117           test may be in one of the following forms: m, n1-n2, or n/m, where
118           n,n1,n2,m can be any of: decimal digits, 0x followed by up to 8
119           hexadecimal digits, or an IPv4 address in quad-dot form. The 'A'
120           records (IPv4 dotted address) as returned by DNSBLs lookups are
121           converted into a numerical form (r) and checked against the
122           specified sub-test as follows: for a range n1-n2 the following must
123           be true: (r >= n1 && r <= n2); for a n/m form the following must be
124           true: (r & m) == (n & m); for a single value in quad-dot form the
125           following must be true: r == n; for a single decimal or hex form
126           the following must be true: (r & n) != 0.
127
128           Some typical examples of a sub-test are: 127.0.1.2,
129           127.0.1.20-127.0.1.39, 127.2.3.0/255.255.255.0, 0.0.0.16/0.0.0.16,
130           0x10/0x10, 16, 0x10 .
131
132           Note that, as with "urirhsbl", you must also define a body-eval
133           rule calling "check_uridnsbl()" to use this.
134
135           Example:
136
137             urirhssub   URIBL_RHSBL_4    rhsbl.example.org.   A    127.0.0.4
138             urirhssub   URIBL_RHSBL_8    rhsbl.example.org.   A    8
139
140       urinsrhsbl NAME_OF_RULE rhsbl_zone lookuptype
141           Perform a RHSBL-style domain lookup against the contents of the NS
142           records for each URI.  In other words, a URI using the domain
143           "foo.com" will cause an NS lookup to take place; assuming that
144           domain has an NS of "ns0.bar.com", that will cause a lookup of
145           "bar.com.uriblzone.net".  Note that hostnames are stripped from
146           both the domain used in the URI, and the domain in the lookup.
147
148           "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
149           the zone to look up domain names in, and "lookuptype" is the type
150           of lookup (TXT or A).
151
152           Note that, as with "urirhsbl", you must also define a body-eval
153           rule calling "check_uridnsbl()" to use this.
154
155       urinsrhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
156           Specify a RHSBL-style domain-NS lookup, as above, with a sub-test.
157           "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
158           the zone to look up domain names in, and "lookuptype" is the type
159           of lookup (TXT or A).  "subtest" is the sub-test to run against the
160           returned data; see <urirhssub>.
161
162           Note that, as with "urirhsbl", you must also define a body-eval
163           rule calling "check_uridnsbl()" to use this.
164
165       urifullnsrhsbl NAME_OF_RULE rhsbl_zone lookuptype
166           Perform a RHSBL-style domain lookup against the contents of the NS
167           records for each URI.  In other words, a URI using the domain
168           "foo.com" will cause an NS lookup to take place; assuming that
169           domain has an NS of "ns0.bar.com", that will cause a lookup of
170           "ns0.bar.com.uriblzone.net".  Note that hostnames are stripped from
171           the domain used in the URI.
172
173           "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
174           the zone to look up domain names in, and "lookuptype" is the type
175           of lookup (TXT or A).
176
177           Note that, as with "urirhsbl", you must also define a body-eval
178           rule calling "check_uridnsbl()" to use this.
179
180       urifullnsrhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
181           Specify a RHSBL-style domain-NS lookup, as above, with a sub-test.
182           "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
183           the zone to look up domain names in, and "lookuptype" is the type
184           of lookup (TXT or A).  "subtest" is the sub-test to run against the
185           returned data; see <urirhssub>.
186
187           Note that, as with "urirhsbl", you must also define a body-eval
188           rule calling "check_uridnsbl()" to use this.
189
190       tflags NAME_OF_RULE ips_only
191           Only URIs containing IP addresses as the "host" component will be
192           matched against the named "urirhsbl"/"urirhssub" rule.
193
194       tflags NAME_OF_RULE domains_only
195           Only URIs containing a non-IP-address "host" component will be
196           matched against the named "urirhsbl"/"urirhssub" rule.
197

ADMINISTRATOR SETTINGS

199       uridnsbl_max_domains N        (default: 20)
200           The maximum number of domains to look up.
201

NOTES

203       The "uridnsbl_timeout" option has been obsoleted by the "rbl_timeout"
204       option.  See the "Mail::SpamAssassin::Conf" POD for details on
205       "rbl_timeout".
206
207
208
209perl v5.12.4                      2011-0M6a-i0l6::SpamAssassin::Plugin::URIDNSBL(3)