You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by st...@binnacle.cx on 2012/12/21 00:25:04 UTC

Project Honeypot rules?

Hello,

Do any rules for URIBL and/or sending-IP
filtering based on the Project Honeypot
HTTP:BL exist?  Googled but came up dry.

I see a perl module 'Antispam-httpBL'
is available to provides access to their
database.

If rules don't exist, can anyone comment
on how much trouble adding a URIBL to SA
would be for someone with medium perl
competency and zero SA experience?  Does
a consistent framework for doing so exist?

Thanks!

Re: Project Honeypot rules?

Posted by John Hardin <jh...@impsec.org>.

On Thu, 20 Dec 2012, starlight.2012q4@binnacle.cx wrote:

> Do any rules for URIBL and/or sending-IP filtering based on the Project 
> Honeypot HTTP:BL exist?  Googled but came up dry.

Not in the base product.

The HTTP:BL DNSBL query format includes an access key, and the base DNSBL 
lookup code has no way to provide that.

> I see a perl module 'Antispam-httpBL' is available to provides access to 
> their database.
>
> If rules don't exist, can anyone comment on how much trouble adding a 
> URIBL to SA would be for someone with medium perl competency and zero SA 
> experience?  Does a consistent framework for doing so exist?

There is a plugin framework, and the existing DNS lookups are implemented 
as a plugin. You might be able to use the existing DNS plugin as a 
template for a new plugin, or might instead extend the existing plugin to 
add eval rules that would accept an access key and add that to the DNS 
query string.

It seems to me like it would be a pretty straightforward mod of the 
existing plugin to add some new variants that paste an extra string onto 
the DNS query before sending it.

Take a look at 
http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DNSEval.pm?view=log

See also http://www.apache.org/dev/contributors.html , and you'd submit 
patches via creating a bug at https://issues.apache.org/SpamAssassin/

Welcome aboard! :)

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
   does quite what I want. I wish Christopher Robin was here."
                                            -- Peter da Silva in a.s.r
-----------------------------------------------------------------------
  5 days until Christmas