1Mail::SpamAssassin::PluUgsienr::CUoRnItDrNiSbBuLt(e3d)PMearill:D:oScpuammeAnstsaatsisoinn::Plugin::URIDNSBL(3)
2
3
4
6 URIDNSBL - look up URLs against DNS blocklists
7
9 loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
10 uridnsbl URIBL_SBLXBL sbl-xbl.spamhaus.org. TXT
11
13 This works by analysing message text and HTML for URLs, extracting host
14 names from those, then querying various DNS blocklists for either: IP
15 addresses of these hosts (uridnsbl,a) or their nameservers
16 (uridnsbl,ns), or domain names of these hosts (urirhsbl), or domain
17 names of their nameservers (urinsrhsbl, urifullnsrhsbl).
18
20 skip_uribl_checks ( 0 | 1 ) (default: 0)
21 Turning on the skip_uribl_checks setting will disable the URIDNSBL
22 plugin.
23
24 By default, SpamAssassin will run URI DNSBL checks. Individual URI
25 blocklists may be disabled selectively by setting a score of a
26 corresponding rule to 0 or through the uridnsbl_skip_domain
27 parameter.
28
29 See also a related configuration parameter skip_rbl_checks, which
30 controls the DNSEval plugin (documented in the Conf man page).
31
32 uridnsbl_skip_domain domain1 domain2 ...
33 Specify a domain, or a number of domains, which should be skipped
34 for the URIBL checks. This is very useful to specify very common
35 domains which are not going to be listed in URIBLs.
36
37 clear_uridnsbl_skip_domain [domain1 domain2 ...]
38 If no argument is given, then clears the entire list of domains
39 declared by uridnsbl_skip_domain configuration directives so far.
40 Any subsequent uridnsbl_skip_domain directives will start creating
41 a new list of skip domains.
42
43 When given a list of domains as arguments, only the specified
44 domains are removed from the list of skipped domains.
45
47 uridnsbl NAME_OF_RULE dnsbl_zone lookuptype
48 Specify a lookup. "NAME_OF_RULE" is the name of the rule to be
49 used, "dnsbl_zone" is the zone to look up IPs in, and "lookuptype"
50 is the type of lookup (TXT or A). Note that you must also define
51 a body-eval rule calling "check_uridnsbl()" to use this.
52
53 This works by collecting domain names from URLs and querying DNS
54 blocklists with an IP address of host names found in URLs or with
55 IP addresses of their name servers, according to tflags as follows.
56
57 If the corresponding body rule has a tflag 'a', the DNS blocklist
58 will be queried with an IP address of a host found in URLs.
59
60 If the corresponding body rule has a tflag 'ns', DNS will be
61 queried for name servers (NS records) of a domain name found in
62 URLs, then these name server names will be resolved to their IP
63 addresses, which in turn will be sent to DNS blocklist.
64
65 Tflags directive may specify either 'a' or 'ns' or both flags. In
66 absence of any of these two flags, a default is a 'ns', which is
67 compatible with pre-3.4 versions of SpamAssassin.
68
69 The choice of tflags must correspond to the policy and expected use
70 of each DNS blocklist and is normally not a local decision. As an
71 example, a blocklist expecting queries resulting from an 'a' tflag
72 is a "black_a.txt" ( http://www.uribl.com/datasets.shtml ).
73
74 Example:
75
76 uridnsbl URIBL_SBLXBL sbl-xbl.spamhaus.org. TXT
77 body URIBL_SBLXBL eval:check_uridnsbl('URIBL_SBLXBL')
78 describe URIBL_SBLXBL Contains a URL listed in the SBL/XBL blocklist
79 tflags URIBL_SBLXBL net ns
80
81 uridnssub NAME_OF_RULE dnsbl_zone lookuptype subtest
82 Specify a DNSBL-style domain lookup with a sub-test.
83 "NAME_OF_RULE" is the name of the rule to be used, "dnsbl_zone" is
84 the zone to look up IPs in, and "lookuptype" is the type of lookup
85 (TXT or A).
86
87 Tflags 'ns' and 'a' on a corresponding body rule are recognized and
88 have the same meaning as in the uridnsbl directive.
89
90 "subtest" is a sub-test to run against the returned data. The sub-
91 test may be in one of the following forms: m, n1-n2, or n/m, where
92 n,n1,n2,m can be any of: decimal digits, 0x followed by up to 8
93 hexadecimal digits, or an IPv4 address in quad-dot form. The 'A'
94 records (IPv4 dotted address) as returned by DNSBLs lookups are
95 converted into a numerical form (r) and checked against the
96 specified sub-test as follows: for a range n1-n2 the following must
97 be true: (r >= n1 && r <= n2); for a n/m form the following must be
98 true: (r & m) == (n & m); for a single value in quad-dot form the
99 following must be true: r == n; for a single decimal or hex form
100 the following must be true:
101 ((r & n) != 0) && ((r & 0xff000000) == 0x7f000000), i.e. within
102 127.0.0.0/8
103
104 Some typical examples of a sub-test are: 127.0.1.2,
105 127.0.1.20-127.0.1.39, 127.0.1.0/255.255.255.0, 0.0.0.16/0.0.0.16,
106 0x10/0x10, 16, 0x10 .
107
108 Note that, as with "uridnsbl", you must also define a body-eval
109 rule calling "check_uridnsbl()" to use this.
110
111 Example:
112
113 uridnssub URIBL_DNSBL_4 dnsbl.example.org. A 127.0.0.4
114 uridnssub URIBL_DNSBL_8 dnsbl.example.org. A 8
115
116 urirhsbl NAME_OF_RULE rhsbl_zone lookuptype
117 Specify a RHSBL-style domain lookup. "NAME_OF_RULE" is the name of
118 the rule to be used, "rhsbl_zone" is the zone to look up domain
119 names in, and "lookuptype" is the type of lookup (TXT or A). Note
120 that you must also define a body-eval rule calling
121 "check_uridnsbl()" to use this.
122
123 An RHSBL zone is one where the domain name is looked up, as a
124 string; e.g. a URI using the domain "foo.com" will cause a lookup
125 of "foo.com.uriblzone.net". Note that hostnames are stripped from
126 the domain used in the URIBL lookup, so the domain "foo.bar.com"
127 will look up "bar.com.uriblzone.net", and "foo.bar.co.uk" will look
128 up "bar.co.uk.uriblzone.net".
129
130 If an URI consists of an IP address instead of a hostname, the IP
131 address is looked up (using the standard reversed quads method) in
132 each "rhsbl_zone".
133
134 Example:
135
136 urirhsbl URIBL_RHSBL rhsbl.example.org. TXT
137
138 urirhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
139 Specify a RHSBL-style domain lookup with a sub-test.
140 "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
141 the zone to look up domain names in, and "lookuptype" is the type
142 of lookup (TXT or A).
143
144 "subtest" is a sub-test to run against the returned data. The sub-
145 test may be in one of the following forms: m, n1-n2, or n/m, where
146 n,n1,n2,m can be any of: decimal digits, 0x followed by up to 8
147 hexadecimal digits, or an IPv4 address in quad-dot form. The 'A'
148 records (IPv4 dotted address) as returned by DNSBLs lookups are
149 converted into a numerical form (r) and checked against the
150 specified sub-test as follows: for a range n1-n2 the following must
151 be true: (r >= n1 && r <= n2); for a n/m form the following must be
152 true: (r & m) == (n & m); for a single value in quad-dot form the
153 following must be true: r == n; for a single decimal or hex form
154 the following must be true:
155 ((r & n) != 0) && ((r & 0xff000000) == 0x7f000000), i.e. within
156 127.0.0.0/8
157
158 Some typical examples of a sub-test are: 127.0.1.2,
159 127.0.1.20-127.0.1.39, 127.2.3.0/255.255.255.0, 0.0.0.16/0.0.0.16,
160 0x10/0x10, 16, 0x10 .
161
162 Note that, as with "urirhsbl", you must also define a body-eval
163 rule calling "check_uridnsbl()" to use this.
164
165 Example:
166
167 urirhssub URIBL_RHSBL_4 rhsbl.example.org. A 127.0.0.4
168 urirhssub URIBL_RHSBL_8 rhsbl.example.org. A 8
169
170 urinsrhsbl NAME_OF_RULE rhsbl_zone lookuptype
171 Perform a RHSBL-style domain lookup against the contents of the NS
172 records for each URI. In other words, a URI using the domain
173 "foo.com" will cause an NS lookup to take place; assuming that
174 domain has an NS of "ns0.bar.com", that will cause a lookup of
175 "bar.com.uriblzone.net". Note that hostnames are stripped from
176 both the domain used in the URI, and the domain in the lookup.
177
178 "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
179 the zone to look up domain names in, and "lookuptype" is the type
180 of lookup (TXT or A).
181
182 Note that, as with "urirhsbl", you must also define a body-eval
183 rule calling "check_uridnsbl()" to use this.
184
185 urinsrhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
186 Specify a RHSBL-style domain-NS lookup, as above, with a sub-test.
187 "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
188 the zone to look up domain names in, and "lookuptype" is the type
189 of lookup (TXT or A). "subtest" is the sub-test to run against the
190 returned data; see <urirhssub>.
191
192 Note that, as with "urirhsbl", you must also define a body-eval
193 rule calling "check_uridnsbl()" to use this.
194
195 urifullnsrhsbl NAME_OF_RULE rhsbl_zone lookuptype
196 Perform a RHSBL-style domain lookup against the contents of the NS
197 records for each URI. In other words, a URI using the domain
198 "foo.com" will cause an NS lookup to take place; assuming that
199 domain has an NS of "ns0.bar.com", that will cause a lookup of
200 "ns0.bar.com.uriblzone.net". Note that hostnames are stripped from
201 the domain used in the URI.
202
203 "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
204 the zone to look up domain names in, and "lookuptype" is the type
205 of lookup (TXT or A).
206
207 Note that, as with "urirhsbl", you must also define a body-eval
208 rule calling "check_uridnsbl()" to use this.
209
210 urifullnsrhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
211 Specify a RHSBL-style domain-NS lookup, as above, with a sub-test.
212 "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is
213 the zone to look up domain names in, and "lookuptype" is the type
214 of lookup (TXT or A). "subtest" is the sub-test to run against the
215 returned data; see <urirhssub>.
216
217 Note that, as with "urirhsbl", you must also define a body-eval
218 rule calling "check_uridnsbl()" to use this.
219
220 tflags NAME_OF_RULE ips_only
221 Only URIs containing IP addresses as the "host" component will be
222 matched against the named "urirhsbl"/"urirhssub" rule.
223
224 tflags NAME_OF_RULE domains_only
225 Only URIs containing a non-IP-address "host" component will be
226 matched against the named "urirhsbl"/"urirhssub" rule.
227
228 tflags NAME_OF_RULE ns
229 The 'ns' flag may be applied to rules corresponding to uridnsbl and
230 uridnssub directives. Host names from URLs will be mapped to their
231 name server IP addresses (a NS lookup followed by an A lookup),
232 which in turn will be sent to blocklists. This is a default when
233 neither 'a' nor 'ns' flags are specified.
234
235 tflags NAME_OF_RULE a
236 The 'a' flag may be applied to rules corresponding to uridnsbl and
237 uridnssub directives. Host names from URLs will be mapped to their
238 IP addresses, which will be sent to blocklists. When both 'ns' and
239 'a' flags are specified, both queries will be performed.
240
242 uridnsbl_max_domains N (default: 20)
243 The maximum number of domains to look up.
244
246 The "uridnsbl_timeout" option has been obsoleted by the "rbl_timeout"
247 option. See the "Mail::SpamAssassin::Conf" POD for details on
248 "rbl_timeout".
249
250
251
252perl v5.28.1 2018-0M9a-i1l4::SpamAssassin::Plugin::URIDNSBL(3)