You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by wt...@apache.org on 2011/01/02 06:25:14 UTC
svn commit: r1054351 - in /spamassassin/trunk:
lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
rulesrc/sandbox/wtogami/20_uri_skipped.cf
Author: wtogami
Date: Sun Jan 2 05:25:13 2011
New Revision: 1054351
URL: http://svn.apache.org/viewvc?rev=1054351&view=rev
Log:
URI_SKIPPED_* detects attempts of known good URI flooding, which seems to be targeted at defeating URIBL filtering of some other filter software.
This is fairly common in my own corpus, but I don't know how widespread it is. Masschecks should tell us if this is worthwhile to keep.
Added:
spamassassin/trunk/rulesrc/sandbox/wtogami/20_uri_skipped.cf
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm?rev=1054351&r1=1054350&r2=1054351&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm Sun Jan 2 05:25:13 2011
@@ -306,7 +306,9 @@ sub new {
$self->{finished} = { };
$self->register_eval_rule ("check_uridnsbl");
+ $self->register_eval_rule ("domains_skipped");
$self->set_config($samain->{conf});
+ $self->{skipped} = 0;
return $self;
}
@@ -389,6 +391,9 @@ sub parsed_metadata {
# Generate the full list of html-parsed domains.
my $uris = $scanner->get_uri_detail_list();
+ # Reset the skipped counter
+ $self->{skipped} = 0;
+
# go from uri => info to uri_ordered
# 0: a
# 1: form
@@ -430,6 +435,7 @@ sub parsed_metadata {
while (my($host,$domain) = each( %{$info->{hosts}} )) {
if ($skip_domains->{$domain}) {
dbg("uridnsbl: domain $domain in skip list");
+ $self->{skipped}++;
} else {
# use hostname as a key, and drag along the stipped domain name part
$uri_ordered[$entry]->{$host} = $domain;
@@ -1151,6 +1157,23 @@ sub res_bgsend {
# ---------------------------------------------------------------------------
+sub domains_skipped {
+ my ($self, $pms) = @_;
+ my $skipped = defined $self->{skipped} ? $self->{skipped} : 0;
+ if ($skipped >= 20) {
+ $pms->got_hit('URI_SKIPPED_20');
+ } elsif ($skipped >= 15) {
+ $pms->got_hit('URI_SKIPPED_15');
+ } elsif ($skipped >= 10) {
+ $pms->got_hit('URI_SKIPPED_10');
+ } elsif ($skipped >= 5) {
+ $pms->got_hit('URI_SKIPPED_5');
+ }
+ return 0;
+}
+
+# ---------------------------------------------------------------------------
+
# capability checks for "if can()":
#
sub has_tflags_domains_only { 1 }
Added: spamassassin/trunk/rulesrc/sandbox/wtogami/20_uri_skipped.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/wtogami/20_uri_skipped.cf?rev=1054351&view=auto
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/wtogami/20_uri_skipped.cf (added)
+++ spamassassin/trunk/rulesrc/sandbox/wtogami/20_uri_skipped.cf Sun Jan 2 05:25:13 2011
@@ -0,0 +1,19 @@
+body URI_SKIPPED_20 eval:domains_skipped()
+describe URI_SKIPPED_20 Whitelisted URI's skipped: 20+
+score URI_SKIPPED_20 0.01
+tflags net nopublish
+
+body URI_SKIPPED_15 eval:domains_skipped()
+describe URI_SKIPPED_15 Whitelisted URI's skipped: 15-19
+score URI_SKIPPED_15 0.01
+tflags net nopublish
+
+body URI_SKIPPED_10 eval:domains_skipped()
+describe URI_SKIPPED_10 Whitelisted URI's skipped: 10-14
+score URI_SKIPPED_10 0.01
+tflags net nopublish
+
+body URI_SKIPPED_5 eval:domains_skipped()
+describe URI_SKIPPED_5 Whitelisted URI's skipped: 5-9
+score URI_SKIPPED_5 0.01
+tflags net nopublish