You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2010/03/01 11:37:03 UTC
svn commit: r917454 - in /spamassassin/trunk: ./
lib/Mail/SpamAssassin/Plugin/ rules/ t/ t/data/spam/
Author: jm
Date: Mon Mar 1 10:37:03 2010
New Revision: 917454
URL: http://svn.apache.org/viewvc?rev=917454&view=rev
Log:
bug 6335: add support for 'tflags ips_only' and 'tflags domains_only', to control URIDNSBL lookup behaviour on a rule-by-rule basis; add URIBL_DBL rule for Spamhaus DBL, http://www.spamhaus.org/dbl/
Added:
spamassassin/trunk/t/data/spam/dnsbl_domsonly.eml
spamassassin/trunk/t/data/spam/dnsbl_ipsonly.eml
spamassassin/trunk/t/uribl_all_types.t
spamassassin/trunk/t/uribl_domains_only.t
spamassassin/trunk/t/uribl_ips_only.t
Modified:
spamassassin/trunk/MANIFEST
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
spamassassin/trunk/rules/25_uribl.cf
spamassassin/trunk/t/SATest.pm
spamassassin/trunk/t/data/spam/dnsbl.eml
spamassassin/trunk/t/dnsbl.t
spamassassin/trunk/t/dnsbl_sc_meta.t
spamassassin/trunk/t/uribl.t
Modified: spamassassin/trunk/MANIFEST
URL: http://svn.apache.org/viewvc/spamassassin/trunk/MANIFEST?rev=917454&r1=917453&r2=917454&view=diff
==============================================================================
--- spamassassin/trunk/MANIFEST (original)
+++ spamassassin/trunk/MANIFEST Mon Mar 1 10:37:03 2010
@@ -532,3 +532,8 @@
t/whitelist_to.t
t/zz_cleanup.t
t/spamc_bug6176.t
+t/data/spam/dnsbl_domsonly.eml
+t/uribl_domains_only.t
+t/data/spam/dnsbl_ipsonly.eml
+t/uribl_all_types.t
+t/uribl_ips_only.t
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm?rev=917454&r1=917453&r2=917454&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm Mon Mar 1 10:37:03 2010
@@ -187,6 +187,16 @@
Note that, as with C<urirhsbl>, you must also define a body-eval rule calling
C<check_uridnsbl()> to use this.
+=item tflags NAME_OF_RULE ips_only
+
+Only URIs containing IP addresses as the "host" component will be matched
+against the named rule.
+
+=item tflags NAME_OF_RULE domains_only
+
+Only URIs containing a non-IP-address "host" component will be matched against
+the named rule.
+
=back
=head1 ADMINISTRATOR SETTINGS
@@ -370,7 +380,6 @@
}
else {
# trim down to a limited number - pick randomly
- my $i;
while (@domains && keys %domlist < $umd) {
my $r = int rand (scalar @domains);
$domlist{splice (@domains, $r, 1)} = 1;
@@ -644,8 +653,18 @@
my $obj = { dom => $dom };
+ my $tflags = $scanner->{conf}->{tflags};
+ my $cf = $scanner->{uridnsbl_active_rules_revipbl};
+ my $dnsbl_lookup_ips = 0;
+ foreach my $rulename (keys %{$cf}) {
+ if ($tflags->{$rulename} !~ /\bdomains_only\b/) {
+ $dnsbl_lookup_ips++;
+ }
+ }
+
+ my $is_ip = 0;
my $single_dnsbl = 0;
- if ($dom =~ /^\d+\.\d+\.\d+\.\d+$/) {
+ if ($dnsbl_lookup_ips && $dom =~ /^\d+\.\d+\.\d+\.\d+$/) {
my $IPV4_ADDRESS = IPV4_ADDRESS;
my $IP_PRIVATE = IP_PRIVATE;
# only look up the IP if it is public and valid
@@ -655,6 +674,7 @@
if ($dom =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) {
$dom = "$4.$3.$2.$1";
$single_dnsbl = 1;
+ $is_ip = 1;
}
}
}
@@ -670,6 +690,9 @@
if ($single_dnsbl) {
# look up the domain in the RHSBL subset
foreach my $rulename (keys %{$rhsblrules}) {
+ next if ($is_ip && $tflags->{$rulename} =~ /\bdomains_only\b/);
+ next if (!$is_ip && $tflags->{$rulename} =~ /\bips_only\b/);
+
my $rulecf = $scanner->{conf}->{uridnsbls}->{$rulename};
$self->lookup_single_dnsbl($scanner, $obj, $rulename,
$dom, $rulecf->{zone}, $rulecf->{type});
Modified: spamassassin/trunk/rules/25_uribl.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rules/25_uribl.cf?rev=917454&r1=917453&r2=917454&view=diff
==============================================================================
--- spamassassin/trunk/rules/25_uribl.cf (original)
+++ spamassassin/trunk/rules/25_uribl.cf Mon Mar 1 10:37:03 2010
@@ -31,7 +31,7 @@
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
###########################################################################
-## SBL
+## Spamhaus
uridnssub URIBL_SBL zen.spamhaus.org. A 127.0.0.2
body URIBL_SBL eval:check_uridnsbl('URIBL_SBL')
@@ -39,6 +39,13 @@
tflags URIBL_SBL net
reuse URIBL_SBL
+# DBL, http://www.spamhaus.org/dbl/ . Note that hits return 127.0.1.x
+# A records, so we use a 32-bit mask to match that /24 range.
+uridnssub URIBL_DBL dbl.spamhaus.org. A 2130706688
+body URIBL_DBL eval:check_uridnsbl('URIBL_DBL')
+describe URIBL_DBL Contains an URL listed in the DBL blocklist
+tflags URIBL_DBL net domains_only
+
###########################################################################
## SURBL
Modified: spamassassin/trunk/t/SATest.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/SATest.pm?rev=917454&r1=917453&r2=917454&view=diff
==============================================================================
--- spamassassin/trunk/t/SATest.pm (original)
+++ spamassassin/trunk/t/SATest.pm Mon Mar 1 10:37:03 2010
@@ -21,6 +21,7 @@
our $SKIP_SPAMC_TESTS;
our $SSL_AVAILABLE;
our $SKIP_SETUID_NOBODY_TESTS = 0;
+ our $SKIP_DNSBL_TESTS = 0;
}
# Set up for testing. Exports (as global vars):
@@ -961,4 +962,18 @@
sub dbgprint { print STDOUT "[".time()."] ".$_[0]; }
+sub can_use_net_dns_safely {
+ return unless eval { require Net::DNS; };
+
+ # bug 3806:
+ # Do not run this test with version of Sys::Hostname::Long older than 1.4
+ # on non-Linux unices as root, due to a bug in Sys::Hostname::Long
+ # (which is used by Net::DNS)
+
+ return 1 if eval { require Sys::Hostname::Long; Sys::Hostname::Long->VERSION(1.4) };
+ return 1 if ($< != 0);
+ return 1 if ($^O =~ /^(linux|mswin|dos|os2)/oi);
+ return;
+}
+
1;
Modified: spamassassin/trunk/t/data/spam/dnsbl.eml
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/data/spam/dnsbl.eml?rev=917454&r1=917453&r2=917454&view=diff
==============================================================================
--- spamassassin/trunk/t/data/spam/dnsbl.eml (original)
+++ spamassassin/trunk/t/data/spam/dnsbl.eml Mon Mar 1 10:37:03 2010
@@ -24,4 +24,5 @@
me too: http://uribl-example-c.com/
Also -- http://spamassassin.org/
+And -- http://144.137.3.98/blah
Added: spamassassin/trunk/t/data/spam/dnsbl_domsonly.eml
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/data/spam/dnsbl_domsonly.eml?rev=917454&view=auto
==============================================================================
--- spamassassin/trunk/t/data/spam/dnsbl_domsonly.eml (added)
+++ spamassassin/trunk/t/data/spam/dnsbl_domsonly.eml Mon Mar 1 10:37:03 2010
@@ -0,0 +1,11 @@
+From spammer@example.net Fri Dec 7 11:07:10 2001
+Received: from evil.example.net [144.137.3.98] by chaos.example.net
+ for someone@example.com; Fri, 07 Dec 2001 11:07:15 +1100 (EST)
+From: "DNSBL Testing" <sp...@example.com>
+To: someone@example.com
+Subject: no subject needed
+Date: Fri, 7 Dec 2001 07:01:03
+Message-Id: <20...@mail.netnoteinc.com>
+
+I should not be listed: http://144.137.3.98/blah
+
Added: spamassassin/trunk/t/data/spam/dnsbl_ipsonly.eml
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/data/spam/dnsbl_ipsonly.eml?rev=917454&view=auto
==============================================================================
--- spamassassin/trunk/t/data/spam/dnsbl_ipsonly.eml (added)
+++ spamassassin/trunk/t/data/spam/dnsbl_ipsonly.eml Mon Mar 1 10:37:03 2010
@@ -0,0 +1,11 @@
+From spammer@example.net Fri Dec 7 11:07:10 2001
+Received: from evil.example.net [144.137.3.98] by chaos.example.net
+ for someone@example.com; Fri, 07 Dec 2001 11:07:15 +1100 (EST)
+From: "DNSBL Testing" <sp...@example.com>
+To: someone@example.com
+Subject: no subject needed
+Date: Fri, 7 Dec 2001 07:01:03
+Message-Id: <20...@mail.netnoteinc.com>
+
+I should not be listed: http://foo.bar.baz.uribl-example-a.com/
+
Modified: spamassassin/trunk/t/dnsbl.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/dnsbl.t?rev=917454&r1=917453&r2=917454&view=diff
==============================================================================
--- spamassassin/trunk/t/dnsbl.t (original)
+++ spamassassin/trunk/t/dnsbl.t Mon Mar 1 10:37:03 2010
@@ -4,21 +4,7 @@
use SATest; sa_t_init("dns");
use constant TEST_ENABLED => conf_bool('run_net_tests') && conf_bool('run_long_tests');
-use constant HAS_NET_DNS => eval { require Net::DNS; };
-# bug 3806:
-# Do not run this test with version of Sys::Hostname::Long older than 1.4
-# on non-Linux unices as root, due to a bug in Sys::Hostname::Long
-# (which is used by Net::DNS)
-use constant IS_LINUX => $^O eq 'linux';
-use constant IS_WINDOWS => ($^O =~ /^(mswin|dos|os2)/oi);
-use constant AM_ROOT => $< == 0;
-use constant HAS_SAFE_HOSTNAME =>
- eval { require Sys::Hostname::Long; Sys::Hostname::Long->VERSION(1.4) };
-
-use constant DO_RUN =>
- TEST_ENABLED && HAS_NET_DNS &&
- (HAS_SAFE_HOSTNAME || !AM_ROOT || IS_LINUX || IS_WINDOWS);
-
+use constant DO_RUN => TEST_ENABLED && can_use_net_dns_safely();
use Test;
BEGIN {
Modified: spamassassin/trunk/t/dnsbl_sc_meta.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/dnsbl_sc_meta.t?rev=917454&r1=917453&r2=917454&view=diff
==============================================================================
--- spamassassin/trunk/t/dnsbl_sc_meta.t (original)
+++ spamassassin/trunk/t/dnsbl_sc_meta.t Mon Mar 1 10:37:03 2010
@@ -4,21 +4,7 @@
use SATest; sa_t_init("dnsbl_sc_meta");
use constant TEST_ENABLED => conf_bool('run_net_tests');
-use constant HAS_NET_DNS => eval { require Net::DNS; };
-# bug 3806:
-# Do not run this test with version of Sys::Hostname::Long older than 1.4
-# on non-Linux unices as root, due to a bug in Sys::Hostname::Long
-# (which is used by Net::DNS)
-use constant IS_LINUX => $^O eq 'linux';
-use constant IS_WINDOWS => ($^O =~ /^(mswin|dos|os2)/oi);
-use constant AM_ROOT => $< == 0;
-use constant HAS_SAFE_HOSTNAME =>
- eval { require Sys::Hostname::Long; Sys::Hostname::Long->VERSION(1.4) };
-
-use constant DO_RUN =>
- TEST_ENABLED && HAS_NET_DNS &&
- (HAS_SAFE_HOSTNAME || !AM_ROOT || IS_LINUX || IS_WINDOWS);
-
+use constant DO_RUN => TEST_ENABLED && can_use_net_dns_safely();
use Test;
BEGIN {
Modified: spamassassin/trunk/t/uribl.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/uribl.t?rev=917454&r1=917453&r2=917454&view=diff
==============================================================================
--- spamassassin/trunk/t/uribl.t (original)
+++ spamassassin/trunk/t/uribl.t Mon Mar 1 10:37:03 2010
@@ -4,25 +4,11 @@
use SATest; sa_t_init("uribl");
use constant TEST_ENABLED => conf_bool('run_net_tests') && conf_bool('run_long_tests');
-use constant HAS_NET_DNS => eval { require Net::DNS; };
-# bug 3806:
-# Do not run this test with version of Sys::Hostname::Long older than 1.4
-# on non-Linux unices as root, due to a bug in Sys::Hostname::Long
-# (which is used by Net::DNS)
-use constant IS_LINUX => $^O eq 'linux';
-use constant IS_WINDOWS => ($^O =~ /^(mswin|dos|os2)/oi);
-use constant AM_ROOT => $< == 0;
-use constant HAS_SAFE_HOSTNAME =>
- eval { require Sys::Hostname::Long; Sys::Hostname::Long->VERSION(1.4) };
-
-use constant DO_RUN =>
- TEST_ENABLED && HAS_NET_DNS &&
- (HAS_SAFE_HOSTNAME || !AM_ROOT || IS_LINUX || IS_WINDOWS);
-
+use constant DO_RUN => TEST_ENABLED && can_use_net_dns_safely();
use Test;
BEGIN {
- plan tests => (DO_RUN ? 5 : 0),
+ plan tests => (DO_RUN ? 6 : 0),
};
exit unless (DO_RUN);
@@ -34,6 +20,7 @@
q{ X_URIBL_B } => 'B',
q{ X_URIBL_NS } => 'NS',
q{ X_URIBL_FULL_NS } => 'FULL_NS',
+ q{ X_URIBL_DOMSONLY } => 'X_URIBL_DOMSONLY',
);
tstlocalrules(q{
@@ -56,6 +43,10 @@
body X_URIBL_FULL_NS eval:check_uridnsbl('X_URIBL_FULL_NS')
tflags X_URIBL_FULL_NS net
+ urirhssub X_URIBL_DOMSONLY dnsbltest.spamassassin.org. A 2
+ body X_URIBL_DOMSONLY eval:check_uridnsbl('X_URIBL_DOMSONLY')
+ tflags X_URIBL_DOMSONLY net domains_only
+
add_header all RBL _RBL_
});
Added: spamassassin/trunk/t/uribl_all_types.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/uribl_all_types.t?rev=917454&view=auto
==============================================================================
--- spamassassin/trunk/t/uribl_all_types.t (added)
+++ spamassassin/trunk/t/uribl_all_types.t Mon Mar 1 10:37:03 2010
@@ -0,0 +1,46 @@
+#!/usr/bin/perl
+#
+# bug 6335: ensure that both domains_only and ips_only URIDNSBL rules can coexist
+
+use lib '.'; use lib 't';
+use SATest; sa_t_init("uribl_all_types");
+
+use constant TEST_ENABLED => conf_bool('run_net_tests') && conf_bool('run_long_tests');
+use constant DO_RUN => TEST_ENABLED && can_use_net_dns_safely();
+use Test;
+
+BEGIN {
+ plan tests => (DO_RUN ? 3 : 0),
+};
+
+exit unless (DO_RUN);
+
+# ---------------------------------------------------------------------------
+
+%patterns = (
+
+ q{ X_URIBL_IPSONLY [URIs: 144.137.3.98] } => 'X_URIBL_IPSONLY',
+ q{ X_URIBL_DOMSONLY [URIs: uribl-example-c.com] } => 'X_URIBL_DOMSONLY',
+
+);
+
+tstlocalrules(q{
+
+ rbl_timeout 30
+
+ urirhssub X_URIBL_IPSONLY dnsbltest.spamassassin.org. A 2
+ body X_URIBL_IPSONLY eval:check_uridnsbl('X_URIBL_IPSONLY')
+ tflags X_URIBL_IPSONLY net ips_only
+
+ urirhssub X_URIBL_DOMSONLY dnsbltest.spamassassin.org. A 4
+ body X_URIBL_DOMSONLY eval:check_uridnsbl('X_URIBL_DOMSONLY')
+ tflags X_URIBL_DOMSONLY net domains_only
+
+ add_header all RBL _RBL_
+
+});
+
+# note: don't leave -D here, it causes spurious passes
+ok sarun ("-t < data/spam/dnsbl.eml 2>&1", \&patterns_run_cb);
+ok_all_patterns();
+
Added: spamassassin/trunk/t/uribl_domains_only.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/uribl_domains_only.t?rev=917454&view=auto
==============================================================================
--- spamassassin/trunk/t/uribl_domains_only.t (added)
+++ spamassassin/trunk/t/uribl_domains_only.t Mon Mar 1 10:37:03 2010
@@ -0,0 +1,38 @@
+#!/usr/bin/perl
+# bug 6335: domains_only URIDNSBL rules
+
+use lib '.'; use lib 't';
+use SATest; sa_t_init("uribl_domains_only");
+
+use constant TEST_ENABLED => conf_bool('run_net_tests') && conf_bool('run_long_tests');
+use constant DO_RUN => TEST_ENABLED && can_use_net_dns_safely();
+use Test;
+
+BEGIN {
+ plan tests => (DO_RUN ? 2 : 0),
+};
+
+exit unless (DO_RUN);
+
+# ---------------------------------------------------------------------------
+
+%anti_patterns = (
+ q{ X_URIBL_DOMSONLY } => 'A',
+);
+
+tstlocalrules(q{
+
+ rbl_timeout 30
+
+ urirhssub X_URIBL_DOMSONLY dnsbltest.spamassassin.org. A 2
+ body X_URIBL_DOMSONLY eval:check_uridnsbl('X_URIBL_DOMSONLY')
+ tflags X_URIBL_DOMSONLY net domains_only
+
+ add_header all RBL _RBL_
+
+});
+
+# note: don't leave -D here, it causes spurious passes
+ok sarun ("-t < data/spam/dnsbl_domsonly.eml 2>&1", \&patterns_run_cb);
+ok_all_patterns();
+
Added: spamassassin/trunk/t/uribl_ips_only.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/uribl_ips_only.t?rev=917454&view=auto
==============================================================================
--- spamassassin/trunk/t/uribl_ips_only.t (added)
+++ spamassassin/trunk/t/uribl_ips_only.t Mon Mar 1 10:37:03 2010
@@ -0,0 +1,38 @@
+#!/usr/bin/perl
+# bug 6335: ips_only URIDNSBL rules
+
+use lib '.'; use lib 't';
+use SATest; sa_t_init("uribl_ips_only");
+
+use constant TEST_ENABLED => conf_bool('run_net_tests') && conf_bool('run_long_tests');
+use constant DO_RUN => TEST_ENABLED && can_use_net_dns_safely();
+use Test;
+
+BEGIN {
+ plan tests => (DO_RUN ? 2 : 0),
+};
+
+exit unless (DO_RUN);
+
+# ---------------------------------------------------------------------------
+
+%anti_patterns = (
+ q{ X_URIBL_IPSONLY } => 'A',
+);
+
+tstlocalrules(q{
+
+ rbl_timeout 30
+
+ urirhssub X_URIBL_IPSONLY dnsbltest.spamassassin.org. A 2
+ body X_URIBL_IPSONLY eval:check_uridnsbl('X_URIBL_IPSONLY')
+ tflags X_URIBL_IPSONLY net ips_only
+
+ add_header all RBL _RBL_
+
+});
+
+# note: don't leave -D here, it causes spurious passes
+ok sarun ("-t < data/spam/dnsbl_ipsonly.eml 2>&1", \&patterns_run_cb);
+ok_all_patterns();
+