You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2008/12/22 22:23:50 UTC
svn commit: r728782 - in /spamassassin/trunk:
lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm t/uribl.t
Author: jm
Date: Mon Dec 22 13:23:50 2008
New Revision: 728782
URL: http://svn.apache.org/viewvc?rev=728782&view=rev
Log:
bug 6020: allow urifullnsrhsbl: variant of urinsrhsbl which looks up the full hostname from the NS record in the DNSBL, not just the domain
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
spamassassin/trunk/t/uribl.t
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm?rev=728782&r1=728781&r2=728782&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm Mon Dec 22 13:23:50 2008
@@ -146,6 +146,32 @@
Note that, as with C<urirhsbl>, you must also define a body-eval rule calling
C<check_uridnsbl()> to use this.
+=item urifullnsrhsbl NAME_OF_RULE rhsbl_zone lookuptype
+
+Perform a RHSBL-style domain lookup against the contents of the NS records for
+each URI. In other words, a URI using the domain C<foo.com> will cause an NS
+lookup to take place; assuming that domain has an NS of C<ns0.bar.com>, that
+will cause a lookup of C<ns0.bar.com.uriblzone.net>. Note that hostnames are
+stripped from the domain used in the URI.
+
+C<NAME_OF_RULE> is the name of the rule to be used, C<rhsbl_zone> is the zone
+to look up domain names in, and C<lookuptype> is the type of lookup (B<TXT> or
+B<A>).
+
+Note that, as with C<urirhsbl>, you must also define a body-eval rule calling
+C<check_uridnsbl()> to use this.
+
+=item urifullnsrhssub NAME_OF_RULE rhsbl_zone lookuptype subtest
+
+Specify a RHSBL-style domain-NS lookup, as above, with a sub-test.
+C<NAME_OF_RULE> is the name of the rule to be used, C<rhsbl_zone> is the zone
+to look up domain names in, and C<lookuptype> is the type of lookup (B<TXT> or
+B<A>). C<subtest> is the sub-test to run against the returned data; see
+<urirhssub>.
+
+Note that, as with C<urirhsbl>, you must also define a body-eval rule calling
+C<check_uridnsbl()> to use this.
+
=back
=head1 ADMINISTRATOR SETTINGS
@@ -231,6 +257,7 @@
# only hit DNSBLs for active rules (defined and score != 0)
$scanner->{'uridnsbl_active_rules_rhsbl'} = { };
$scanner->{'uridnsbl_active_rules_nsrhsbl'} = { };
+ $scanner->{'uridnsbl_active_rules_fullnsrhsbl'} = { };
$scanner->{'uridnsbl_active_rules_revipbl'} = { };
foreach my $rulename (keys %{$scanner->{conf}->{uridnsbls}}) {
@@ -239,6 +266,8 @@
my $rulecf = $scanner->{conf}->{uridnsbls}->{$rulename};
if ($rulecf->{is_rhsbl}) {
$scanner->{uridnsbl_active_rules_rhsbl}->{$rulename} = 1;
+ } elsif ($rulecf->{is_fullnsrhsbl}) {
+ $scanner->{uridnsbl_active_rules_fullnsrhsbl}->{$rulename} = 1;
} elsif ($rulecf->{is_nsrhsbl}) {
$scanner->{uridnsbl_active_rules_nsrhsbl}->{$rulename} = 1;
} else {
@@ -500,6 +529,55 @@
});
push (@cmds, {
+ setting => 'urifullnsrhsbl',
+ is_priv => 1,
+ code => sub {
+ my ($self, $key, $value, $line) = @_;
+ if ($value =~ /^(\S+)\s+(\S+)\s+(\S+)$/) {
+ my $rulename = $1;
+ my $zone = $2;
+ my $type = $3;
+ $self->{uridnsbls}->{$rulename} = {
+ zone => $zone, type => $type,
+ is_fullnsrhsbl => 1
+ };
+ }
+ elsif ($value =~ /^$/) {
+ return $Mail::SpamAssassin::Conf::MISSING_REQUIRED_VALUE;
+ }
+ else {
+ return $Mail::SpamAssassin::Conf::INVALID_VALUE;
+ }
+ }
+ });
+
+ push (@cmds, {
+ setting => 'urifullnsrhssub',
+ is_priv => 1,
+ code => sub {
+ my ($self, $key, $value, $line) = @_;
+ if ($value =~ /^(\S+)\s+(\S+)\s+(\S+)\s+(\d{1,10}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) {
+ my $rulename = $1;
+ my $zone = $2;
+ my $type = $3;
+ my $subrule = $4;
+ $self->{uridnsbls}->{$rulename} = {
+ zone => $zone, type => $type,
+ is_fullnsrhsbl => 1, is_subrule => 1
+ };
+ $self->{uridnsbl_subs}->{$zone} ||= { };
+ push (@{$self->{uridnsbl_subs}->{$zone}->{$subrule}->{rulenames}}, $rulename);
+ }
+ elsif ($value =~ /^$/) {
+ return $Mail::SpamAssassin::Conf::MISSING_REQUIRED_VALUE;
+ }
+ else {
+ return $Mail::SpamAssassin::Conf::INVALID_VALUE;
+ }
+ }
+ });
+
+ push (@cmds, {
setting => 'uridnsbl_skip_domain',
default => {},
code => sub {
@@ -562,6 +640,7 @@
my $rhsblrules = $scanner->{uridnsbl_active_rules_rhsbl};
my $nsrhsblrules = $scanner->{uridnsbl_active_rules_nsrhsbl};
+ my $fullnsrhsblrules = $scanner->{uridnsbl_active_rules_fullnsrhsbl};
my $reviprules = $scanner->{uridnsbl_active_rules_revipbl};
if ($single_dnsbl) {
@@ -578,7 +657,9 @@
# perform NS, A lookups to look up the domain in the non-RHSBL subset,
# but only if there are active reverse-IP-URIBL rules
if ($dom !~ /^\d+\.\d+\.\d+\.\d+$/ &&
- (scalar keys %{$reviprules} || scalar keys %{$nsrhsblrules}))
+ (scalar keys %{$reviprules} ||
+ scalar keys %{$nsrhsblrules} ||
+ scalar keys %{$fullnsrhsblrules}))
{
$self->lookup_domain_ns($scanner, $obj, $dom);
}
@@ -616,6 +697,7 @@
my $IPV4_ADDRESS = IPV4_ADDRESS;
my $IP_PRIVATE = IP_PRIVATE;
my $nsrhsblrules = $scanner->{uridnsbl_active_rules_nsrhsbl};
+ my $fullnsrhsblrules = $scanner->{uridnsbl_active_rules_fullnsrhsbl};
foreach my $rr (@answer) {
my $str = $rr->string;
@@ -625,6 +707,8 @@
if ($str =~ /IN\s+NS\s+(\S+)/) {
my $nsmatch = $1;
my $nsrhblstr = $nsmatch;
+ my $fullnsrhblstr = $nsmatch;
+ $fullnsrhblstr =~ s/\.$//;
if ($nsmatch =~ /^\d+\.\d+\.\d+\.\d+\.?$/) {
$nsmatch =~ s/\.$//;
@@ -646,6 +730,14 @@
$scanner->register_async_rule_start($rulename);
}
+
+ foreach my $rulename (keys %{$fullnsrhsblrules}) {
+ my $rulecf = $scanner->{conf}->{uridnsbls}->{$rulename};
+ $self->lookup_single_dnsbl($scanner, $ent->{obj}, $rulename,
+ $fullnsrhblstr, $rulecf->{zone}, $rulecf->{type});
+
+ $scanner->register_async_rule_start($rulename);
+ }
}
}
}
@@ -777,6 +869,7 @@
if ($scanner->{uridnsbl_active_rules_revipbl}->{$rulename}
|| $scanner->{uridnsbl_active_rules_nsrhsbl}->{$rulename}
+ || $scanner->{uridnsbl_active_rules_fullnsrhsbl}->{$rulename}
|| $scanner->{uridnsbl_active_rules_rhsbl}->{$rulename})
{
# TODO: this needs to handle multiple domain hits per rule
Modified: spamassassin/trunk/t/uribl.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/uribl.t?rev=728782&r1=728781&r2=728782&view=diff
==============================================================================
--- spamassassin/trunk/t/uribl.t (original)
+++ spamassassin/trunk/t/uribl.t Mon Dec 22 13:23:50 2008
@@ -22,7 +22,7 @@
use Test;
BEGIN {
- plan tests => (DO_RUN ? 4 : 0),
+ plan tests => (DO_RUN ? 5 : 0),
};
exit unless (DO_RUN);
@@ -33,6 +33,7 @@
q{ X_URIBL_A } => 'A',
q{ X_URIBL_B } => 'B',
q{ X_URIBL_NS } => 'NS',
+ q{ X_URIBL_FULL_NS } => 'FULL_NS',
);
tstlocalrules(q{
@@ -51,6 +52,10 @@
body X_URIBL_NS eval:check_uridnsbl('X_URIBL_NS')
tflags X_URIBL_NS net
+ urifullnsrhssub X_URIBL_FULL_NS dnsbltest.spamassassin.org. A 8
+ body X_URIBL_FULL_NS eval:check_uridnsbl('X_URIBL_FULL_NS')
+ tflags X_URIBL_FULL_NS net
+
add_header all RBL _RBL_
});