Mail::SpamAssassin::Plugin::HashBL(3pm)

1Mail::SpamAssassin::PluUgsienr::CHoansthrBiLb(u3t)ed PerMlaiDlo:c:uSmpeanmtAastsiaosnsin::Plugin::HashBL(3)
2
3
4

NAME

6       HashBL - query hashed (and unhashed) DNS blocklists
7

SYNOPSIS

9         loadplugin Mail::SpamAssassin::Plugin::HashBL
10
11         # NON-WORKING usage examples below, replace xxx.example.invalid with real list
12         # See documentation below for detailed usage
13
14         header   HASHBL_EMAIL eval:check_hashbl_emails('ebl.example.invalid')
15         describe HASHBL_EMAIL Message contains email address found on EBL
16         tflags   HASHBL_EMAIL net
17
18         # rewrite googlemail.com -> gmail.com, applied before acl/welcomelist
19         hashbl_email_domain_alias gmail.com googlemail.com
20         # only query gmail.com addresses
21         hashbl_acl_freemail gmail.com
22         header   HASHBL_OSENDR eval:check_hashbl_emails('rbl.example.invalid/A', 'md5/max=10/shuffle', 'X-Original-Sender', '^127\.', 'freemail')
23         describe HASHBL_OSENDR Message contains email address found on HASHBL
24         tflags   HASHBL_OSENDR net
25
26         body     HASHBL_BTC eval:check_hashbl_bodyre('btcbl.example.invalid', 'sha1/max=10/shuffle', '\b([13][a-km-zA-HJ-NP-Z1-9]{25,34})\b')
27         describe HASHBL_BTC Message contains BTC address found on BTCBL
28         tflags   HASHBL_BTC net
29
30         header   HASHBL_URI eval:check_hashbl_uris('rbl.example.invalid', 'sha1', '^127\.0\.0\.32$')
31         describe HASHBL_URI Message contains uri found on rbl
32         tflags   HASHBL_URI net
33
34         body     HASHBL_ATTACHMENT eval:check_hashbl_attachments('attbl.example.invalid', 'sha256')
35         describe HASHBL_ATTACHMENT Message contains attachment found on attbl
36         tflags   HASHBL_ATTACHMENT net
37
38         # Capture tag using SA 4.0 regex named capture feature
39         header   __X_SOME_ID X-Some-ID =~ /^(?<XSOMEID>\d{10,20})$/
40         # Query the tag value as is from a DNSBL
41         header   HASHBL_TAG eval:check_hashbl_tag('idbl.example.invalid/A', 'raw', 'XSOMEID', '^127\.')
42

DESCRIPTION

44       This plugin supports multiple types of hashed or unhashed DNS blocklist
45       queries.
46
47       Common OPTS that apply to all functions:
48             raw      no hashing, query as is (can break if value is not valid DNS label)
49             md5      hash query with MD5
50             sha1     hash query with SHA1
51             sha256   hash query with Base32 encoded SHA256
52             case     keep case before hashing, default is to lowercase
53             max=x    maximum number of queries (defaults to 10 if not specified)
54             shuffle  if max exceeded, random shuffle queries before truncating to limit
55
56           Multiple options can be separated with slash.
57
58           When rule OPTS is empty ('') or missing, default is used as
59           documented by each query type.  If any options are defined, then
60           all needed options must be explicitly defined.
61
62       header RULE check_hashbl_emails('bl.example.invalid/A', 'OPTS',
63       'HEADERS', '^127\.')
64           Check email addresses from DNS list.  Note that "body" can be
65           specified along with headers to search message body for emails.
66           Rule type must always be "header".
67
68           Optional DNS query type can be appended to list with /A (default)
69           or /TXT.
70
71           Default OPTS: sha1/notag/noquote/max=10/shuffle
72
73           Additional supported OPTS:
74
75             nodot    strip username dots from email
76             notag    strip username tags from email
77             nouri    ignore emails inside uris
78             noquote  ignore emails inside < > or possible quotings
79             user     query userpart of email only
80             host     query hostpart of email only
81             domain   query domain of email only (hostpart+trim_domain)
82
83           Default HEADERS: ALLFROM/Reply-To/body
84
85           HEADERS refers to slash separated list of Headers to process:
86
87             ALL           all headers
88             ALLFROM       all From headers as returned by $pms->all_from_addrs()
89             EnvelopeFrom  message envelope from (Return-Path etc)
90             <HeaderName>  any header as used with header rules or $pms->get()
91             body          all emails found in message body
92
93           If HEADERS is empty ('') or missing, default is used.
94
95           Optional subtest regexp to match DNS answer (default: '^127\.').
96
97           For existing public email blocklist, see: http://msbl.org/ebl.html
98
99             # Working example, see https://msbl.org/ebl.html before usage
100             header   HASHBL_EMAIL eval:check_hashbl_emails('ebl.msbl.org')
101             describe HASHBL_EMAIL Message contains email address found on EBL
102             tflags   HASHBL_EMAIL net
103
104           Default regex for matching and capturing emails can be overridden
105           with "hashbl_email_regex".  Likewise, the default welcomelist can
106           be changed with "hashbl_email_welcomelist".  Only change if you
107           know what you are doing, see plugin source code for the defaults.
108           Example: hashbl_email_regex \S+@\S+.com
109
110       header RULE check_hashbl_uris('bl.example.invalid/A', 'OPTS', '^127\.')
111           Check all URIs parsed from message from DNS list.
112
113           Optional DNS query type can be appended to list with /A (default)
114           or /TXT.
115
116           Default OPTS: sha1/max=10/shuffle
117
118           Optional subtest regexp to match DNS answer (default: '^127\.').
119
120       [raw]body RULE check_hashbl_bodyre('bl.example.invalid/A', 'OPTS',
121       '\b(match)\b', '^127\.')
122           Search body for matching regexp and query the string captured.
123           Regexp must have a single capture ( ) for the string ($1).  Rule
124           type must be "body" or "rawbody".
125
126           Optional DNS query type can be appended to list with /A (default)
127           or /TXT.
128
129           Default OPTS: sha1/max=10/shuffle
130
131           Additional supported OPTS:
132
133             num      remove the chars from the match that are not numbers
134
135           Optional subtest regexp to match DNS answer (default: '^127\.').
136
137       header RULE check_hashbl_tag('bl.example.invalid/A', 'OPTS', 'TAGNAME',
138       '^127\.')
139           Query value of SpamAssassin tag _TAGNAME_ from DNS list.
140
141           Optional DNS query type can be appended to list with /A (default)
142           or /TXT.
143
144           Default OPTS: sha1/max=10/shuffle
145
146           Additional supported OPTS:
147
148             ip        only query if value is valid IPv4/IPv6 address
149             ipv4      only query if value is valid IPv4 address
150             ipv6      only query if value is valid IPv6 address
151             revip     reverse IP before query
152             fqdn      only query if value is valid FQDN (is_fqdn_valid)
153             tld       only query if value has valid TLD (is_domain_valid)
154             trim      trim name from hostname to domain (trim_domain)
155
156             If both ip/ipv4/ipv6 and fqdn/tld are enabled, only either of them is
157             required to match.  Both fqdn and tld are needed for complete FQDN+TLD
158             check.
159
160           Optional subtest regexp to match DNS answer (default: '^127\.').
161
162       header RULE check_hashbl_attachments('bl.example.invalid/A', 'OPTS',
163       '^127\.')
164           Check all all message attachments (mimeparts) from DNS list.
165
166           Optional DNS query type can be appended to list with /A (default)
167           or /TXT.
168
169           Default OPTS: sha1/max=10/shuffle
170
171           Additional supported OPTS:
172
173             minsize=x  skip any parts smaller than x bytes
174             maxsize=x  skip any parts larger than x bytes
175
176           Optional subtest regexp to match DNS answer (default: '^127\.').
177
178           Specific attachment filenames can be skipped with "hashbl_ignore".
179           For example "hashbl_ignore safe.pdf".
180
181           Specific mime types can be skipped with "hashbl_ignore".  For
182           example "hashbl_ignore text/plain".
183
184       hashbl_ignore value [value...]
185           Skip any type of query, if either the hash or original value (email
186           for example) matches.  Multiple values can be defined, separated by
187           whitespace.  Matching is case-insensitive.
188
189           Any host or its domain part matching uridnsbl_skip_domains is also
190           ignored by default.
191
192
193
194perl v5.36.0                      2023-01-M2a1il::SpamAssassin::Plugin::HashBL(3)