1Mail::SpamAssassin::PluUgsienr::CUoRnItDrNiSbBuLt(e3d)PMearill:D:oScpuammeAnstsaatsisoinn::Plugin::URIDNSBL(3)
2
3
4

NAME

6       URIDNSBL - look up URLs against DNS blocklists
7

SYNOPSIS

9         loadplugin    Mail::SpamAssassin::Plugin::URIDNSBL
10         uridnsbl      URIBL_SBLXBL    sbl-xbl.spamhaus.org.   TXT
11

DESCRIPTION

13       This works by analysing message text and HTML for URLs, extracting host
14       names from those, then querying various DNS blocklists for either: IP
15       addresses of these hosts (uridnsbl,a) or their nameservers
16       (uridnsbl,ns), or domain names of these hosts (urirhsbl), or domain
17       names of their nameservers (urinsrhsbl, urifullnsrhsbl).
18

USER SETTINGS

20       skip_uribl_checks ( 0 | 1 )   (default: 0)
21           Turning on the skip_uribl_checks setting will disable the URIDNSBL
22           plugin.
23
24           By default, SpamAssassin will run URI DNSBL checks. Individual URI
25           blocklists may be disabled selectively by setting a score of a
26           corresponding rule to 0 or through the uridnsbl_skip_domain
27           parameter.
28
29           See also a related configuration parameter skip_rbl_checks, which
30           controls the DNSEval plugin (documented in the Conf man page).
31
32       uridnsbl_skip_domain domain1 domain2 ...
33           Specify a domain, or a number of domains, which should be skipped
34           for the URIBL checks.  This is very useful to specify very common
35           domains which are not going to be listed in URIBLs.
36
37       clear_uridnsbl_skip_domain [domain1 domain2 ...]
38           If no argument is given, then clears the entire list of domains
39           declared by uridnsbl_skip_domain configuration directives so far.
40           Any subsequent uridnsbl_skip_domain directives will start creating
41           a new list of skip domains.
42
43           When given a list of domains as arguments, only the specified
44           domains are removed from the list of skipped domains.
45

RULE DEFINITIONS AND PRIVILEGED SETTINGS

47       uridnsbl NAME_OF_RULE dnsbl_zone lookuptype
48           Specify a lookup.  "NAME_OF_RULE" is the name of the rule to be
49           used, "dnsbl_zone" is the zone to look up IPs in, and "lookuptype"
50           is the type of lookup (TXT or A).   Note that you must also define
51           a body-eval rule calling "check_uridnsbl()" to use this.
52
53           This works by collecting domain names from URLs and querying DNS
54           blocklists with an IP address of host names found in URLs or with
55           IP addresses of their name servers, according to tflags as follows.
56
57           If the corresponding body rule has a tflag 'a', the DNS blocklist
58           will be queried with an IP address of a host found in URLs.
59
60           If the corresponding body rule has a tflag 'ns', DNS will be
61           queried for name servers (NS records) of a domain name found in
62           URLs, then these name server names will be resolved to their IP
63           addresses, which in turn will be sent to DNS blocklist.
64
65           Tflags directive may specify either 'a' or 'ns' or both flags. In
66           absence of any of these two flags, a default is a 'ns', which is
67           compatible with pre-3.4 versions of SpamAssassin.
68
69           The choice of tflags must correspond to the policy and expected use
70           of each DNS blocklist and is normally not a local decision. As an
71           example, a blocklist expecting queries resulting from an 'a' tflag
72           is a "black_a.txt" ( http://www.uribl.com/datasets.shtml ).
73
74           Example:
75
76            uridnsbl        URIBL_SBLXBL    sbl-xbl.spamhaus.org.   TXT
77            body            URIBL_SBLXBL    eval:check_uridnsbl('URIBL_SBLXBL')
78            describe        URIBL_SBLXBL    Contains a URL listed in the SBL/XBL blocklist
79            tflags          URIBL_SBLXBL    net ns
80
81       uridnssub NAME_OF_RULE dnsbl_zone lookuptype subtest
82           Specify a DNSBL-style domain lookup with a sub-test.
83           "NAME_OF_RULE" is the name of the rule to be used, "dnsbl_zone" is
84           the zone to look up IPs in, and "lookuptype" is the type of lookup
85           (TXT or A).
86
87           Tflags 'ns' and 'a' on a corresponding body rule are recognized and
88           have the same meaning as in the uridnsbl directive.
89
90           "subtest" is a sub-test to run against the returned data.  The sub-
91           test may be in one of the following forms: m, n1-n2, or n/m, where
92           n,n1,n2,m can be any of: decimal digits, 0x followed by up to 8
93           hexadecimal digits, or an IPv4 address in quad-dot form. The 'A'
94           records (IPv4 dotted address) as returned by DNSBLs lookups are
95           converted into a numerical form (r) and checked against the
96           specified sub-test as follows: for a range n1-n2 the following must
97           be true: (r >= n1 && r <= n2); for a n/m form the following must be
98           true: (r & m) == (n & m); for a single value in quad-dot form the
99           following must be true: r == n; for a single decimal or hex form
100           the following must be true:
101             ((r & n) != 0) && ((r & 0xff000000) == 0x7f000000), i.e. within
102           127.0.0.0/8
103
104           Some typical examples of a sub-test are: 127.0.1.2,
105           127.0.1.20-127.0.1.39, 127.0.1.0/255.255.255.0, 0.0.0.16/0.0.0.16,
106           0x10/0x10, 16, 0x10 .
107
108           Note that, as with "uridnsbl", you must also define a body-eval
109           rule calling "check_uridnsbl()" to use this.
110
111           Example:
112
113             uridnssub   URIBL_DNSBL_4    dnsbl.example.org.   A    127.0.0.4
114             uridnssub   URIBL_DNSBL_8    dnsbl.example.org.   A    8
115
116       urirhsbl NAME_OF_RULE rhsbl_zone lookuptype
117           Specify a RHSBL-style domain lookup.  "NAME_OF_RULE" is the name of
118           the rule to be used, "rhsbl_zone" is the zone to look up domain
119           names in, and "lookuptype" is the type of lookup (TXT or A).   Note
120           that you must also define a body-eval rule calling
121           "check_uridnsbl()" to use this.
122
123           An RHSBL zone is one where the domain name is looked up, as a
124           string; e.g. a URI using the domain "foo.com" will cause a lookup
125           of "foo.com.uriblzone.net".  Note that hostnames are stripped from
126           the domain used in the URIBL lookup, so the domain "foo.bar.com"
127           will look up "bar.com.uriblzone.net", and "foo.bar.co.uk" will look
128           up "bar.co.uk.uriblzone.net".
129
130           If an URI consists of an IP address instead of a hostname, the IP
131           address is looked up (using the standard reversed quads method) in
132           each "rhsbl_zone".
133
134           Example:
135
136             urirhsbl        URIBL_RHSBL    rhsbl.example.org.   TXT
137
138       urirhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
139           Specify a RHSBL-style domain lookup with a sub-test.
140           "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
141           the zone to look up domain names in, and "lookuptype" is the type
142           of lookup (TXT or A).
143
144           "subtest" is a sub-test to run against the returned data.  The sub-
145           test may be in one of the following forms: m, n1-n2, or n/m, where
146           n,n1,n2,m can be any of: decimal digits, 0x followed by up to 8
147           hexadecimal digits, or an IPv4 address in quad-dot form. The 'A'
148           records (IPv4 dotted address) as returned by DNSBLs lookups are
149           converted into a numerical form (r) and checked against the
150           specified sub-test as follows: for a range n1-n2 the following must
151           be true: (r >= n1 && r <= n2); for a n/m form the following must be
152           true: (r & m) == (n & m); for a single value in quad-dot form the
153           following must be true: r == n; for a single decimal or hex form
154           the following must be true:
155             ((r & n) != 0) && ((r & 0xff000000) == 0x7f000000), i.e. within
156           127.0.0.0/8
157
158           Some typical examples of a sub-test are: 127.0.1.2,
159           127.0.1.20-127.0.1.39, 127.2.3.0/255.255.255.0, 0.0.0.16/0.0.0.16,
160           0x10/0x10, 16, 0x10 .
161
162           Note that, as with "urirhsbl", you must also define a body-eval
163           rule calling "check_uridnsbl()" to use this.
164
165           Example:
166
167             urirhssub   URIBL_RHSBL_4    rhsbl.example.org.   A    127.0.0.4
168             urirhssub   URIBL_RHSBL_8    rhsbl.example.org.   A    8
169
170       urinsrhsbl NAME_OF_RULE rhsbl_zone lookuptype
171           Perform a RHSBL-style domain lookup against the contents of the NS
172           records for each URI.  In other words, a URI using the domain
173           "foo.com" will cause an NS lookup to take place; assuming that
174           domain has an NS of "ns0.bar.com", that will cause a lookup of
175           "bar.com.uriblzone.net".  Note that hostnames are stripped from
176           both the domain used in the URI, and the domain in the lookup.
177
178           "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
179           the zone to look up domain names in, and "lookuptype" is the type
180           of lookup (TXT or A).
181
182           Note that, as with "urirhsbl", you must also define a body-eval
183           rule calling "check_uridnsbl()" to use this.
184
185       urinsrhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
186           Specify a RHSBL-style domain-NS lookup, as above, with a sub-test.
187           "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
188           the zone to look up domain names in, and "lookuptype" is the type
189           of lookup (TXT or A).  "subtest" is the sub-test to run against the
190           returned data; see <urirhssub>.
191
192           Note that, as with "urirhsbl", you must also define a body-eval
193           rule calling "check_uridnsbl()" to use this.
194
195       urifullnsrhsbl NAME_OF_RULE rhsbl_zone lookuptype
196           Perform a RHSBL-style domain lookup against the contents of the NS
197           records for each URI.  In other words, a URI using the domain
198           "foo.com" will cause an NS lookup to take place; assuming that
199           domain has an NS of "ns0.bar.com", that will cause a lookup of
200           "ns0.bar.com.uriblzone.net".  Note that hostnames are stripped from
201           the domain used in the URI.
202
203           "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
204           the zone to look up domain names in, and "lookuptype" is the type
205           of lookup (TXT or A).
206
207           Note that, as with "urirhsbl", you must also define a body-eval
208           rule calling "check_uridnsbl()" to use this.
209
210       urifullnsrhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
211           Specify a RHSBL-style domain-NS lookup, as above, with a sub-test.
212           "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
213           the zone to look up domain names in, and "lookuptype" is the type
214           of lookup (TXT or A).  "subtest" is the sub-test to run against the
215           returned data; see <urirhssub>.
216
217           Note that, as with "urirhsbl", you must also define a body-eval
218           rule calling "check_uridnsbl()" to use this.
219
220       tflags NAME_OF_RULE ips_only
221           Only URIs containing IP addresses as the "host" component will be
222           matched against the named "urirhsbl"/"urirhssub" rule.
223
224       tflags NAME_OF_RULE domains_only
225           Only URIs containing a non-IP-address "host" component will be
226           matched against the named "urirhsbl"/"urirhssub" rule.
227
228       tflags NAME_OF_RULE ns
229           The 'ns' flag may be applied to rules corresponding to uridnsbl and
230           uridnssub directives. Host names from URLs will be mapped to their
231           name server IP addresses (a NS lookup followed by an A lookup),
232           which in turn will be sent to blocklists. This is a default when
233           neither 'a' nor 'ns' flags are specified.
234
235       tflags NAME_OF_RULE a
236           The 'a' flag may be applied to rules corresponding to uridnsbl and
237           uridnssub directives. Host names from URLs will be mapped to their
238           IP addresses, which will be sent to blocklists. When both 'ns' and
239           'a' flags are specified, both queries will be performed.
240

ADMINISTRATOR SETTINGS

242       uridnsbl_max_domains N        (default: 20)
243           The maximum number of domains to look up.
244

NOTES

246       The "uridnsbl_timeout" option has been obsoleted by the "rbl_timeout"
247       option.  See the "Mail::SpamAssassin::Conf" POD for details on
248       "rbl_timeout".
249
250
251
252perl v5.28.1                      2018-0M9a-i1l4::SpamAssassin::Plugin::URIDNSBL(3)
Impressum