Parent Directory
| 
Revision Log
| 
Patch
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm 2008/11/28 16:02:30 721524
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm 2008/12/22 21:23:50 728782
@@ -146,6 +146,32 @@
Note that, as with C<urirhsbl>, you must also define a body-eval rule calling
C<check_uridnsbl()> to use this.
+=item urifullnsrhsbl NAME_OF_RULE rhsbl_zone lookuptype
+
+Perform a RHSBL-style domain lookup against the contents of the NS records for
+each URI. In other words, a URI using the domain C<foo.com> will cause an NS
+lookup to take place; assuming that domain has an NS of C<ns0.bar.com>, that
+will cause a lookup of C<ns0.bar.com.uriblzone.net>. Note that hostnames are
+stripped from the domain used in the URI.
+
+C<NAME_OF_RULE> is the name of the rule to be used, C<rhsbl_zone> is the zone
+to look up domain names in, and C<lookuptype> is the type of lookup (B<TXT> or
+B<A>).
+
+Note that, as with C<urirhsbl>, you must also define a body-eval rule calling
+C<check_uridnsbl()> to use this.
+
+=item urifullnsrhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
+
+Specify a RHSBL-style domain-NS lookup, as above, with a sub-test.
+C<NAME_OF_RULE> is the name of the rule to be used, C<rhsbl_zone> is the zone
+to look up domain names in, and C<lookuptype> is the type of lookup (B<TXT> or
+B<A>). C<subtest> is the sub-test to run against the returned data; see
+<urirhssub>.
+
+Note that, as with C<urirhsbl>, you must also define a body-eval rule calling
+C<check_uridnsbl()> to use this.
+
=back
=head1 ADMINISTRATOR SETTINGS
@@ -231,6 +257,7 @@
# only hit DNSBLs for active rules (defined and score != 0)
$scanner->{'uridnsbl_active_rules_rhsbl'} = { };
$scanner->{'uridnsbl_active_rules_nsrhsbl'} = { };
+ $scanner->{'uridnsbl_active_rules_fullnsrhsbl'} = { };
$scanner->{'uridnsbl_active_rules_revipbl'} = { };
foreach my $rulename (keys %{$scanner->{conf}->{uridnsbls}}) {
@@ -239,6 +266,8 @@
my $rulecf = $scanner->{conf}->{uridnsbls}->{$rulename};
if ($rulecf->{is_rhsbl}) {
$scanner->{uridnsbl_active_rules_rhsbl}->{$rulename} = 1;
+ } elsif ($rulecf->{is_fullnsrhsbl}) {
+ $scanner->{uridnsbl_active_rules_fullnsrhsbl}->{$rulename} = 1;
} elsif ($rulecf->{is_nsrhsbl}) {
$scanner->{uridnsbl_active_rules_nsrhsbl}->{$rulename} = 1;
} else {
@@ -500,6 +529,55 @@
});
push (@cmds, {
+ setting => 'urifullnsrhsbl',
+ is_priv => 1,
+ code => sub {
+ my ($self, $key, $value, $line) = @_;
+ if ($value =~ /^(\S+)\s+(\S+)\s+(\S+)$/) {
+ my $rulename = $1;
+ my $zone = $2;
+ my $type = $3;
+ $self->{uridnsbls}->{$rulename} = {
+ zone => $zone, type => $type,
+ is_fullnsrhsbl => 1
+ };
+ }
+ elsif ($value =~ /^$/) {
+ return $Mail::SpamAssassin::Conf::MISSING_REQUIRED_VALUE;
+ }
+ else {
+ return $Mail::SpamAssassin::Conf::INVALID_VALUE;
+ }
+ }
+ });
+
+ push (@cmds, {
+ setting => 'urifullnsrhssub',
+ is_priv => 1,
+ code => sub {
+ my ($self, $key, $value, $line) = @_;
+ if ($value =~ /^(\S+)\s+(\S+)\s+(\S+)\s+(\d{1,10}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) {
+ my $rulename = $1;
+ my $zone = $2;
+ my $type = $3;
+ my $subrule = $4;
+ $self->{uridnsbls}->{$rulename} = {
+ zone => $zone, type => $type,
+ is_fullnsrhsbl => 1, is_subrule => 1
+ };
+ $self->{uridnsbl_subs}->{$zone} ||= { };
+ push (@{$self->{uridnsbl_subs}->{$zone}->{$subrule}->{rulenames}}, $rulename);
+ }
+ elsif ($value =~ /^$/) {
+ return $Mail::SpamAssassin::Conf::MISSING_REQUIRED_VALUE;
+ }
+ else {
+ return $Mail::SpamAssassin::Conf::INVALID_VALUE;
+ }
+ }
+ });
+
+ push (@cmds, {
setting => 'uridnsbl_skip_domain',
default => {},
code => sub {
@@ -562,6 +640,7 @@
my $rhsblrules = $scanner->{uridnsbl_active_rules_rhsbl};
my $nsrhsblrules = $scanner->{uridnsbl_active_rules_nsrhsbl};
+ my $fullnsrhsblrules = $scanner->{uridnsbl_active_rules_fullnsrhsbl};
my $reviprules = $scanner->{uridnsbl_active_rules_revipbl};
if ($single_dnsbl) {
@@ -578,7 +657,9 @@
# perform NS, A lookups to look up the domain in the non-RHSBL subset,
# but only if there are active reverse-IP-URIBL rules
if ($dom !~ /^\d+\.\d+\.\d+\.\d+$/ &&
- (scalar keys %{$reviprules} || scalar keys %{$nsrhsblrules}))
+ (scalar keys %{$reviprules} ||
+ scalar keys %{$nsrhsblrules} ||
+ scalar keys %{$fullnsrhsblrules}))
{
$self->lookup_domain_ns($scanner, $obj, $dom);
}
@@ -616,6 +697,7 @@
my $IPV4_ADDRESS = IPV4_ADDRESS;
my $IP_PRIVATE = IP_PRIVATE;
my $nsrhsblrules = $scanner->{uridnsbl_active_rules_nsrhsbl};
+ my $fullnsrhsblrules = $scanner->{uridnsbl_active_rules_fullnsrhsbl};
foreach my $rr (@answer) {
my $str = $rr->string;
@@ -625,6 +707,8 @@
if ($str =~ /IN\s+NS\s+(\S+)/) {
my $nsmatch = $1;
my $nsrhblstr = $nsmatch;
+ my $fullnsrhblstr = $nsmatch;
+ $fullnsrhblstr =~ s/\.$//;
if ($nsmatch =~ /^\d+\.\d+\.\d+\.\d+\.?$/) {
$nsmatch =~ s/\.$//;
@@ -646,6 +730,14 @@
$scanner->register_async_rule_start($rulename);
}
+
+ foreach my $rulename (keys %{$fullnsrhsblrules}) {
+ my $rulecf = $scanner->{conf}->{uridnsbls}->{$rulename};
+ $self->lookup_single_dnsbl($scanner, $ent->{obj}, $rulename,
+ $fullnsrhblstr, $rulecf->{zone}, $rulecf->{type});
+
+ $scanner->register_async_rule_start($rulename);
+ }
}
}
}
@@ -777,6 +869,7 @@
if ($scanner->{uridnsbl_active_rules_revipbl}->{$rulename}
|| $scanner->{uridnsbl_active_rules_nsrhsbl}->{$rulename}
+ || $scanner->{uridnsbl_active_rules_fullnsrhsbl}->{$rulename}
|| $scanner->{uridnsbl_active_rules_rhsbl}->{$rulename})
{
# TODO: this needs to handle multiple domain hits per rule
| apache@apache.org | ViewVC Help |
| Powered by ViewVC 1.1.2 |