Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Mail::SpamAssassin::PlUser:Contributed)Mail::SpamAssassin::Plugin::URIDNSBL(3)

NAME
       URIDNSBL	- look up URLs against DNS blocklists

SYNOPSIS
	 loadplugin    Mail::SpamAssassin::Plugin::URIDNSBL
	 uridnsbl      URIBL_SBLXBL    sbl-xbl.spamhaus.org.   TXT

DESCRIPTION
       This works by analysing message text and	HTML for URLs, extracting host
       names from those, then querying various DNS blocklists for either: IP
       addresses of these hosts	(uridnsbl,a) or	their nameservers
       (uridnsbl,ns), or domain	names of these hosts (urirhsbl), or domain
       names of	their nameservers (urinsrhsbl, urifullnsrhsbl).

USER SETTINGS
       skip_uribl_checks ( 0 | 1 )   (default: 0)
	   Turning on the skip_uribl_checks setting will disable the URIDNSBL
	   plugin.

	   By default, SpamAssassin will run URI DNSBL checks. Individual URI
	   blocklists may be disabled selectively by setting a score of	a
	   corresponding rule to 0 or through the uridnsbl_skip_domain
	   parameter.

	   See also a related configuration parameter skip_rbl_checks, which
	   controls the	DNSEval	plugin (documented in the Conf man page).

       uridnsbl_skip_domain domain1 domain2 ...
	   Specify a domain, or	a number of domains, which should be skipped
	   for the URIBL checks.  This is very useful to specify very common
	   domains which are not going to be listed in URIBLs.

       clear_uridnsbl_skip_domain [domain1 domain2 ...]
	   If no argument is given, then clears	the entire list	of domains
	   declared by uridnsbl_skip_domain configuration directives so	far.
	   Any subsequent uridnsbl_skip_domain directives will start creating
	   a new list of skip domains.

	   When	given a	list of	domains	as arguments, only the specified
	   domains are removed from the	list of	skipped	domains.

RULE DEFINITIONS AND PRIVILEGED	SETTINGS
       uridnsbl	NAME_OF_RULE dnsbl_zone	lookuptype
	   Specify a lookup.  "NAME_OF_RULE" is	the name of the	rule to	be
	   used, "dnsbl_zone" is the zone to look up IPs in, and "lookuptype"
	   is the type of lookup (TXT or A).   Note that you must also define
	   a body-eval rule calling "check_uridnsbl()" to use this.

	   This	works by collecting domain names from URLs and querying	DNS
	   blocklists with an IP address of host names found in	URLs or	with
	   IP addresses	of their name servers, according to tflags as follows.

	   If the corresponding	body rule has a	tflag 'a', the DNS blocklist
	   will	be queried with	an IP address of a host	found in URLs.

	   If the corresponding	body rule has a	tflag 'ns', DNS	will be
	   queried for name servers (NS	records) of a domain name found	in
	   URLs, then these name server	names will be resolved to their	IP
	   addresses, which in turn will be sent to DNS	blocklist.

	   Tflags directive may	specify	either 'a' or 'ns' or both flags. In
	   absence of any of these two flags, a	default	is a 'ns', which is
	   compatible with pre-3.4 versions of SpamAssassin.

	   The choice of tflags	must correspond	to the policy and expected use
	   of each DNS blocklist and is	normally not a local decision. As an
	   example, a blocklist	expecting queries resulting from an 'a'	tflag
	   is a	"black_a.txt" (	http://www.uribl.com/datasets.shtml ).

	   Example:

	    uridnsbl	    URIBL_SBLXBL    sbl-xbl.spamhaus.org.   TXT
	    body	    URIBL_SBLXBL    eval:check_uridnsbl('URIBL_SBLXBL')
	    describe	    URIBL_SBLXBL    Contains a URL listed in the SBL/XBL blocklist
	    tflags	    URIBL_SBLXBL    net	ns

       uridnssub NAME_OF_RULE dnsbl_zone lookuptype subtest
	   Specify a DNSBL-style domain	lookup with a sub-test.
	   "NAME_OF_RULE" is the name of the rule to be	used, "dnsbl_zone" is
	   the zone to look up IPs in, and "lookuptype"	is the type of lookup
	   (TXT	or A).

	   Tflags 'ns' and 'a' on a corresponding body rule are	recognized and
	   have	the same meaning as in the uridnsbl directive.

	   "subtest" is	a sub-test to run against the returned data.  The sub-
	   test	may be in one of the following forms: m, n1-n2,	or n/m,	where
	   n,n1,n2,m can be any	of: decimal digits, 0x followed	by up to 8
	   hexadecimal digits, or an IPv4 address in quad-dot form. The	'A'
	   records (IPv4 dotted	address) as returned by	DNSBLs lookups are
	   converted into a numerical form (r) and checked against the
	   specified sub-test as follows: for a	range n1-n2 the	following must
	   be true: (r >= n1 &&	r <= n2); for a	n/m form the following must be
	   true: (r & m) == (n & m); for a single value	in quad-dot form the
	   following must be true: r ==	n; for a single	decimal	or hex form
	   the following must be true:
	     ((r & n) != 0) && ((r & 0xff000000) == 0x7f000000), i.e. within
	   127.0.0.0/8

	   Some	typical	examples of a sub-test are: 127.0.1.2,
	   127.0.1.20-127.0.1.39, 127.0.1.0/255.255.255.0, 0.0.0.16/0.0.0.16,
	   0x10/0x10, 16, 0x10 .

	   Note	that, as with "uridnsbl", you must also	define a body-eval
	   rule	calling	"check_uridnsbl()" to use this.

	   Example:

	     uridnssub	 URIBL_DNSBL_4	  dnsbl.example.org.   A    127.0.0.4
	     uridnssub	 URIBL_DNSBL_8	  dnsbl.example.org.   A    8

       urirhsbl	NAME_OF_RULE rhsbl_zone	lookuptype
	   Specify a RHSBL-style domain	lookup.	 "NAME_OF_RULE"	is the name of
	   the rule to be used,	"rhsbl_zone" is	the zone to look up domain
	   names in, and "lookuptype" is the type of lookup (TXT or A).	  Note
	   that	you must also define a body-eval rule calling
	   "check_uridnsbl()" to use this.

	   An RHSBL zone is one	where the domain name is looked	up, as a
	   string; e.g.	a URI using the	domain "foo.com" will cause a lookup
	   of "foo.com.uriblzone.net".	Note that hostnames are	stripped from
	   the domain used in the URIBL	lookup,	so the domain "foo.bar.com"
	   will	look up	"bar.com.uriblzone.net", and "foo.bar.co.uk" will look
	   up "bar.co.uk.uriblzone.net".

	   If an URI consists of an IP address instead of a hostname, the IP
	   address is looked up	(using the standard reversed quads method) in
	   each	"rhsbl_zone".

	   Example:

	     urirhsbl	     URIBL_RHSBL    rhsbl.example.org.	 TXT

       urirhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
	   Specify a RHSBL-style domain	lookup with a sub-test.
	   "NAME_OF_RULE" is the name of the rule to be	used, "rhsbl_zone" is
	   the zone to look up domain names in,	and "lookuptype" is the	type
	   of lookup (TXT or A).

	   "subtest" is	a sub-test to run against the returned data.  The sub-
	   test	may be in one of the following forms: m, n1-n2,	or n/m,	where
	   n,n1,n2,m can be any	of: decimal digits, 0x followed	by up to 8
	   hexadecimal digits, or an IPv4 address in quad-dot form. The	'A'
	   records (IPv4 dotted	address) as returned by	DNSBLs lookups are
	   converted into a numerical form (r) and checked against the
	   specified sub-test as follows: for a	range n1-n2 the	following must
	   be true: (r >= n1 &&	r <= n2); for a	n/m form the following must be
	   true: (r & m) == (n & m); for a single value	in quad-dot form the
	   following must be true: r ==	n; for a single	decimal	or hex form
	   the following must be true:
	     ((r & n) != 0) && ((r & 0xff000000) == 0x7f000000), i.e. within
	   127.0.0.0/8

	   Some	typical	examples of a sub-test are: 127.0.1.2,
	   127.0.1.20-127.0.1.39, 127.2.3.0/255.255.255.0, 0.0.0.16/0.0.0.16,
	   0x10/0x10, 16, 0x10 .

	   Note	that, as with "urirhsbl", you must also	define a body-eval
	   rule	calling	"check_uridnsbl()" to use this.

	   Example:

	     urirhssub	 URIBL_RHSBL_4	  rhsbl.example.org.   A    127.0.0.4
	     urirhssub	 URIBL_RHSBL_8	  rhsbl.example.org.   A    8

       urinsrhsbl NAME_OF_RULE rhsbl_zone lookuptype
	   Perform a RHSBL-style domain	lookup against the contents of the NS
	   records for each URI.  In other words, a URI	using the domain
	   "foo.com" will cause	an NS lookup to	take place; assuming that
	   domain has an NS of "ns0.bar.com", that will	cause a	lookup of
	   "bar.com.uriblzone.net".  Note that hostnames are stripped from
	   both	the domain used	in the URI, and	the domain in the lookup.

	   "NAME_OF_RULE" is the name of the rule to be	used, "rhsbl_zone" is
	   the zone to look up domain names in,	and "lookuptype" is the	type
	   of lookup (TXT or A).

	   Note	that, as with "urirhsbl", you must also	define a body-eval
	   rule	calling	"check_uridnsbl()" to use this.

       urinsrhssub NAME_OF_RULE	rhsbl_zone lookuptype subtest
	   Specify a RHSBL-style domain-NS lookup, as above, with a sub-test.
	   "NAME_OF_RULE" is the name of the rule to be	used, "rhsbl_zone" is
	   the zone to look up domain names in,	and "lookuptype" is the	type
	   of lookup (TXT or A).  "subtest" is the sub-test to run against the
	   returned data; see <urirhssub>.

	   Note	that, as with "urirhsbl", you must also	define a body-eval
	   rule	calling	"check_uridnsbl()" to use this.

       urifullnsrhsbl NAME_OF_RULE rhsbl_zone lookuptype
	   Perform a RHSBL-style domain	lookup against the contents of the NS
	   records for each URI.  In other words, a URI	using the domain
	   "foo.com" will cause	an NS lookup to	take place; assuming that
	   domain has an NS of "ns0.bar.com", that will	cause a	lookup of
	   "ns0.bar.com.uriblzone.net".	 Note that hostnames are stripped from
	   the domain used in the URI.

	   "NAME_OF_RULE" is the name of the rule to be	used, "rhsbl_zone" is
	   the zone to look up domain names in,	and "lookuptype" is the	type
	   of lookup (TXT or A).

	   Note	that, as with "urirhsbl", you must also	define a body-eval
	   rule	calling	"check_uridnsbl()" to use this.

       urifullnsrhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
	   Specify a RHSBL-style domain-NS lookup, as above, with a sub-test.
	   "NAME_OF_RULE" is the name of the rule to be	used, "rhsbl_zone" is
	   the zone to look up domain names in,	and "lookuptype" is the	type
	   of lookup (TXT or A).  "subtest" is the sub-test to run against the
	   returned data; see <urirhssub>.

	   Note	that, as with "urirhsbl", you must also	define a body-eval
	   rule	calling	"check_uridnsbl()" to use this.

       tflags NAME_OF_RULE ips_only
	   Only	URIs containing	IP addresses as	the "host" component will be
	   matched against the named "urirhsbl"/"urirhssub" rule.

       tflags NAME_OF_RULE domains_only
	   Only	URIs containing	a non-IP-address "host"	component will be
	   matched against the named "urirhsbl"/"urirhssub" rule.

       tflags NAME_OF_RULE ns
	   The 'ns' flag may be	applied	to rules corresponding to uridnsbl and
	   uridnssub directives. Host names from URLs will be mapped to	their
	   name	server IP addresses (a NS lookup followed by an	A lookup),
	   which in turn will be sent to blocklists. This is a default when
	   neither 'a' nor 'ns'	flags are specified.

       tflags NAME_OF_RULE a
	   The 'a' flag	may be applied to rules	corresponding to uridnsbl and
	   uridnssub directives. Host names from URLs will be mapped to	their
	   IP addresses, which will be sent to blocklists. When	both 'ns' and
	   'a' flags are specified, both queries will be performed.

ADMINISTRATOR SETTINGS
       uridnsbl_max_domains N	     (default: 20)
	   The maximum number of domains to look up.

       parse_dkim_uris ( 0 / 1 )
	   Include DKIM	uris in	lookups. This option is	documented in
	   Mail::SpamAssassin::Conf.

NOTES
       The "uridnsbl_timeout" option has been obsoleted	by the "rbl_timeout"
       option.	See the	"Mail::SpamAssassin::Conf" POD for details on
       "rbl_timeout".

perl v5.32.0			  2020-Mail::SpamAssassin::Plugin::URIDNSBL(3)

NAME | SYNOPSIS | DESCRIPTION | USER SETTINGS | RULE DEFINITIONS AND PRIVILEGED SETTINGS | ADMINISTRATOR SETTINGS | NOTES

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=Mail::SpamAssassin::Plugin::URIDNSBL&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help