You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by st...@binnacle.cx on 2012/12/21 00:25:04 UTC
Project Honeypot rules?
Hello,
Do any rules for URIBL and/or sending-IP
filtering based on the Project Honeypot
HTTP:BL exist? Googled but came up dry.
I see a perl module 'Antispam-httpBL'
is available to provides access to their
database.
If rules don't exist, can anyone comment
on how much trouble adding a URIBL to SA
would be for someone with medium perl
competency and zero SA experience? Does
a consistent framework for doing so exist?
Thanks!
Re: Project Honeypot rules?
Posted by John Hardin <jh...@impsec.org>.
On Thu, 20 Dec 2012, starlight.2012q4@binnacle.cx wrote:
> Do any rules for URIBL and/or sending-IP filtering based on the Project
> Honeypot HTTP:BL exist? Googled but came up dry.
Not in the base product.
The HTTP:BL DNSBL query format includes an access key, and the base DNSBL
lookup code has no way to provide that.
> I see a perl module 'Antispam-httpBL' is available to provides access to
> their database.
>
> If rules don't exist, can anyone comment on how much trouble adding a
> URIBL to SA would be for someone with medium perl competency and zero SA
> experience? Does a consistent framework for doing so exist?
There is a plugin framework, and the existing DNS lookups are implemented
as a plugin. You might be able to use the existing DNS plugin as a
template for a new plugin, or might instead extend the existing plugin to
add eval rules that would accept an access key and add that to the DNS
query string.
It seems to me like it would be a pretty straightforward mod of the
existing plugin to add some new variants that paste an extra string onto
the DNS query before sending it.
Take a look at
http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DNSEval.pm?view=log
See also http://www.apache.org/dev/contributors.html , and you'd submit
patches via creating a bug at https://issues.apache.org/SpamAssassin/
Welcome aboard! :)
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
5 days until Christmas