View | Details | Raw Unified | Return to bug 1375
Collapse All | Expand All

(-)spamassassin/lib/Mail/SpamAssassin/Conf.pm (+20 lines)
Lines 107-112 Link Here
107
use constant TYPE_URI_EVALS     => 0x0011;
107
use constant TYPE_URI_EVALS     => 0x0011;
108
use constant TYPE_META_TESTS    => 0x0012;
108
use constant TYPE_META_TESTS    => 0x0012;
109
use constant TYPE_RBL_EVALS     => 0x0013;
109
use constant TYPE_RBL_EVALS     => 0x0013;
110
use constant TYPE_URIIP_TESTS     => 0x0014;
111
use constant TYPE_URIIP_EVALS     => 0x0015;
112
use constant TYPE_URIIP_RBL_TESTS => 0x0016;
113
use constant TYPE_URIIP_RBL_EVALS => 0x0017;
110
114
111
$VERSION = 'bogus';     # avoid CPAN.pm picking up version strings later
115
$VERSION = 'bogus';     # avoid CPAN.pm picking up version strings later
112
116
Lines 2121-2126 Link Here
2121
      next;
2125
      next;
2122
    }
2126
    }
2123
2127
2128
# URI IP addresses
2129
    if (/^uriip\s+(\S+)\s+(?:rbl)?eval:(.*)$/) {
2130
      my ($name, $fn) = ($1, $2);
2131
2132
      if ($fn =~ /^check_uriip_rbl/) {
2133
	$self->add_test ($name, $fn, TYPE_URIIP_RBL_EVALS);
2134
      }
2135
#     else {
2136
#	$self->add_test ($name, $fn, TYPE_URIIP_EVALS);
2137
#     }
2138
      next;
2139
    }
2140
2124
=item rawbody SYMBOLIC_TEST_NAME /pattern/modifiers
2141
=item rawbody SYMBOLIC_TEST_NAME /pattern/modifiers
2125
2142
2126
Define a raw-body pattern test.  C<pattern> is a Perl regular expression.
2143
Define a raw-body pattern test.  C<pattern> is a Perl regular expression.
Lines 2633-2638 Link Here
2633
	elsif ($type == TYPE_RBL_EVALS) {
2650
	elsif ($type == TYPE_RBL_EVALS) {
2634
	  $self->{rbl_evals}->{$name} = \@args;
2651
	  $self->{rbl_evals}->{$name} = \@args;
2635
	}
2652
	}
2653
	elsif ($type == TYPE_URIIP_RBL_EVALS) {
2654
	  $self->{uriip_rbl_evals}->{$name} = \@args;
2655
	}
2636
	elsif ($type == TYPE_RAWBODY_EVALS) {
2656
	elsif ($type == TYPE_RAWBODY_EVALS) {
2637
	  $self->{rawbody_evals}->{$name} = \@args;
2657
	  $self->{rawbody_evals}->{$name} = \@args;
2638
	}
2658
	}
(-)spamassassin/lib/Mail/SpamAssassin/EvalTests.pm (+12 lines)
Lines 1329-1334 Link Here
1329
  $self->check_rbl_backend($rule, $set, $rbl_server, 'TXT', $subtest);
1329
  $self->check_rbl_backend($rule, $set, $rbl_server, 'TXT', $subtest);
1330
}
1330
}
1331
1331
1332
sub check_uriip_rbl {
1333
  my ($self, $rule, $set, $rbl_server, $subtest) = @_;
1334
  my @ips = @{$self->{uriips}};
1335
  eval {
1336
    foreach my $ip (@ips) {
1337
      next unless ($ip =~ /(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/);
1338
      $self->do_rbl_lookup($rule, $set, 'A', $rbl_server,
1339
			   "$4.$3.$2.$1.$rbl_server", $subtest);
1340
    }
1341
  };
1342
}
1343
1332
# run for first message 
1344
# run for first message 
1333
sub check_rbl_sub {
1345
sub check_rbl_sub {
1334
  my ($self, $rule, $set, $subtest) = @_;
1346
  my ($self, $rule, $set, $subtest) = @_;
(-)spamassassin/lib/Mail/SpamAssassin/PerMsgStatus.pm (-1 / +58 lines)
Lines 122-127 Link Here
122
    $self->{conf}->set_score_set ($set|2);
122
    $self->{conf}->set_score_set ($set|2);
123
  }
123
  }
124
124
125
  # IPs of spamvertised URIs
126
  $self->{uriips} = [ ];
127
125
  # pre-chew Received headers
128
  # pre-chew Received headers
126
  $self->parse_received_headers();
129
  $self->parse_received_headers();
127
130
Lines 1743-1754 Link Here
1743
  return @{$self->{uri_list}};
1746
  return @{$self->{uri_list}};
1744
}
1747
}
1745
1748
1749
sub do_resolve_uri {
1750
  my ($self, $uri) = @_;
1751
  my @ips = ();
1752
1753
  $uri =~ s/^http:\/\///;
1754
  $uri =~ s/^mailto:\/\///;
1755
  $uri =~ s/\/.*$//;
1756
  $uri =~ s/^.*\@//;
1757
1758
  @ips = $self->lookup_all_ips($uri);
1759
1760
  return @ips;
1761
}
1762
1763
sub do_body_uriip_tests {
1764
  my ($self, @ips) = @_;
1765
  local ($_);
1766
1767
  dbg ("running uriip tests; score so far=".$self->{hits});
1768
  foreach my $ip (@ips) {
1769
    dbg ("Testing spamvertised IP '$ip'");
1770
    push(@{$self->{uriips}}, $ip);
1771
  }
1772
1773
  my $evalhash = $self->{conf}->{uriip_rbl_evals};
1774
  my ($rulename, @args);
1775
  my $debugenabled = $Mail::SpamAssassin::DEBUG->{enabled};
1776
1777
  while (my ($rulename, $test) = each %{$evalhash}) {
1778
    my $score = $self->{conf}->{scores}->{$rulename};
1779
    next unless $score;
1780
1781
    $self->{test_log_msgs} = ();
1782
1783
    my ($function, @args) = @{$test};
1784
    my $result;
1785
    eval {
1786
      $result = $self->$function($rulename, @args);
1787
    };
1788
1789
    if ($@) {
1790
      warn "Failed to run $rulename URIIP RBL SpamAssassin test, skipping:\n".
1791
		"\t($@)\n";
1792
      $self->{rule_errors}++;
1793
      next;
1794
    }
1795
  }
1796
}
1797
1746
sub do_body_uri_tests {
1798
sub do_body_uri_tests {
1747
  my ($self, $textary) = @_;
1799
  my ($self, $textary) = @_;
1748
  local ($_);
1800
  local ($_);
1749
1801
1750
  dbg ("running uri tests; score so far=".$self->{hits});
1802
  dbg ("running uri tests; score so far=".$self->{hits});
1751
  my @uris = $self->get_uri_list();
1803
  my @uris = $self->get_uri_list();
1804
  my @ips  = ();
1805
1806
  foreach my $uri (@uris) {
1807
    push (@ips, $self->do_resolve_uri($uri));
1808
  }
1809
  $self->do_body_uriip_tests(@ips);
1752
1810
1753
  my $doing_user_rules = 
1811
  my $doing_user_rules = 
1754
    $self->{conf}->{user_rules_to_compile}->{Mail::SpamAssassin::Conf::TYPE_URI_TESTS};
1812
    $self->{conf}->{user_rules_to_compile}->{Mail::SpamAssassin::Conf::TYPE_URI_TESTS};
Lines 2166-2172 Link Here
2166
    $self->{test_log_msgs} = ();	# clear test state
2224
    $self->{test_log_msgs} = ();	# clear test state
2167
2225
2168
    my ($function, @args) = @{$test};
2226
    my ($function, @args) = @{$test};
2169
2170
    my $result;
2227
    my $result;
2171
    eval {
2228
    eval {
2172
       $result = $self->$function($rulename, @args);
2229
       $result = $self->$function($rulename, @args);
(-)spamassassin/rules/20_uriip_tests.cf (+196 lines)
Line 0 Link Here
1
# SpamAssassin rules file: RBL tests of spamvertised IPs
2
#
3
# Please don't modify this file as your changes will be overwritten with
4
# the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead.
5
# See 'perldoc Mail::SpamAssassin::Conf' for details.
6
#
7
# This program is free software; you can redistribute it and/or modify
8
# it under the terms of either the Artistic License or the GNU General
9
# Public License as published by the Free Software Foundation; either
10
# version 1 of the License, or (at your option) any later version.
11
#
12
# See the file "License" in the top level of the SpamAssassin source
13
# distribution for more details.
14
#
15
###########################################################################
16
17
require_version @@VERSION@@
18
19
# Don't activate too many of these rulesets, as the number of DNS
20
# queries per email will become very high!
21
22
### Spamvertised sites listed on "common" DNSBLs ###
23
#
24
# Spamhaus Block List
25
#
26
uriip HOSTED_SBL eval:check_uriip_rbl('sbl', 'sbl.spamhaus.org.')
27
describe HOSTED_SBL URL ist hosted at a site listed in the Spamhaus Block List.
28
tflags HOSTED_SBL net
29
30
# Spam Prevention Early Warning System
31
#
32
uriip HOSTED_SPEWS_L1 eval:check_uriip_rbl('spews', 'l1.spews.dnsbl.sorbs.net.')
33
describe HOSTED_SPEWS_L1 URL ist hosted at a site listed in the SPEWS (Level 1) blacklist.
34
tflags HOSTED_SPEWS_L1 net
35
#
36
uriip HOSTED_SPEWS_L2 eval:check_uriip_rbl('spews', 'l2.spews.dnsbl.sorbs.net.')
37
describe HOSTED_SPEWS_L2 URL ist hosted at a site listed in the SPEWS (Level 2) blacklist.
38
tflags HOSTED_SPEWS_L2 net
39
40
41
# Habeas(TM) violators blacklist
42
#
43
uriip HOSTED_HABEAS_VIOLATOR eval:check_uriip_rbl('hil', 'sa-hil.habeas.com.')
44
describe HOSTED_HABEAS_VIOLATOR Uses a URL whose IP has been caught as Habeas violator
45
tflags HOSTED_HABEAS_VIOLATOR net
46
47
48
### ISPs known to tolerate spamvertised sites ###
49
#
50
#uriip HOSTED_AT_ABOVE eval:check_uriip_rbl('above', 'above.blackholes.us.')
51
#describe HOSTED_AT_ABOVE Uses a URL hosted at AboveNet
52
#tflags HOSTED_AT_ABOVE net
53
54
#uriip HOSTED_AT_ATT eval:check_uriip_rbl('att', 'att.blackholes.us.')
55
#describe HOSTED_AT_ATT Uses a URL hosted at AT&T
56
#tflags HOSTED_AT_ATT net
57
58
#uriip HOSTED_AT_BELLSOUTH eval:check_uriip_rbl('bellsouth', 'bellsouth.blackholes.us.')
59
#describe HOSTED_AT_BELLSOUTH Uses a URL hosted at Bellsouth
60
#tflags HOSTED_AT_BELLSOUTH net
61
62
uriip HOSTED_AT_CHINANET eval:check_uriip_rbl('chinanet', 'chinanet.blackholes.us.')
63
describe HOSTED_AT_CHINANET Uses a URL hosted at Chinanet
64
tflags HOSTED_AT_CHINANET net
65
66
#uriip HOSTED_AT_CIBERLYNX eval:check_uriip_rbl('ciberlynx', 'ciberlynx.blackholes.us.')
67
#describe HOSTED_AT_CIBERLYNX Uses a URL hosted at Ciberlynx
68
#tflags HOSTED_AT_CIBERLYNX net
69
70
#uriip HOSTED_AT_COGENTCO eval:check_uriip_rbl('cogentco', 'cogentco.blackholes.us.')
71
#describe HOSTED_AT_COGENTCO Uses a URL hosted at Cogent
72
#tflags HOSTED_AT_COGENTCO net
73
74
#uriip HOSTED_AT_COMCAST eval:check_uriip_rbl('comcast', 'comcast.blackholes.us.')
75
#describe HOSTED_AT_COMCAST Uses a URL hosted at Comcast
76
#tflags HOSTED_AT_COMCAST net
77
78
#uriip HOSTED_AT_COVAD eval:check_uriip_rbl('covad', 'covad.blackholes.us.')
79
#describe HOSTED_AT_COVAD Uses a URL hosted at Covad
80
#tflags HOSTED_AT_COVAD net
81
82
#uriip HOSTED_AT_CW eval:check_uriip_rbl('cw', 'cw.blackholes.us.')
83
#describe HOSTED_AT_CW Uses a URL hosted at Cable & Wireless
84
#tflags HOSTED_AT_CW net
85
86
#uriip HOSTED_AT_HE eval:check_uriip_rbl('he', 'he.blackholes.us.')
87
#describe HOSTED_AT_HE Uses a URL hosted at HE.net
88
#tflags HOSTED_AT_HE net
89
90
#uriip HOSTED_AT_HOSTCENTRIC eval:check_uriip_rbl('hostcentric', 'hostcentric.blackholes.us.')
91
#describe HOSTED_AT_HOSTCENTRIC Uses a URL hosted at Hostcentric
92
#tflags HOSTED_AT_HOSTCENTRIC net
93
94
#uriip HOSTED_AT_INTERBUSINESS eval:check_uriip_rbl('interbusiness', 'interbusiness.blackholes.us.')
95
#describe HOSTED_AT_INTERBUSINESS Uses a URL hosted at Interbusiness
96
#tflags HOSTED_AT_INTERBUSINESS net
97
98
#uriip HOSTED_AT_INTERNAP eval:check_uriip_rbl('internap', 'internap.blackholes.us.')
99
#describe HOSTED_AT_INTERNAP Uses a URL hosted at Internap
100
#tflags HOSTED_AT_INTERNAP net
101
102
#uriip HOSTED_AT_LEVEL3 eval:check_uriip_rbl('level3', 'level3.blackholes.us.')
103
#describe HOSTED_AT_LEVEL3 Uses a URL hosted at Level3
104
#tflags HOSTED_AT_LEVEL3 net
105
106
#uriip HOSTED_AT_QWEST eval:check_uriip_rbl('qwest', 'qwest.blackholes.us.')
107
#describe HOSTED_AT_QWEST Uses a URL hosted at QWest
108
#tflags HOSTED_AT_QWEST net
109
110
#uriip HOSTED_AT_RACKSPACE eval:check_uriip_rbl('rackspace', 'rackspace.blackholes.us.')
111
#describe HOSTED_AT_RACKSPACE Uses a URL hosted at Rackspace
112
#tflags HOSTED_AT_RACKSPACE net
113
114
#uriip HOSTED_AT_ROGERS eval:check_uriip_rbl('rogers', 'rogers.blackholes.us.')
115
#describe HOSTED_AT_ROGERS Uses a URL hosted at Rogers
116
#tflags HOSTED_AT_ROGERS net
117
118
#uriip HOSTED_AT_RR eval:check_uriip_rbl('rr', 'rr.blackholes.us.')
119
#describe HOSTED_AT_RR Uses a URL hosted at RoadRunner
120
#tflags HOSTED_AT_RR net
121
122
#uriip HOSTED_AT_SERVEPATH eval:check_uriip_rbl('servepath', 'servepath.blackholes.us.')
123
#describe HOSTED_AT_SERVEPATH Uses a URL hosted at ServePath
124
#tflags HOSTED_AT_SERVEPATH net
125
126
#uriip HOSTED_AT_SPRINT eval:check_uriip_rbl('sprint', 'sprint.blackholes.us.')
127
#describe HOSTED_AT_SPRINT Uses a URL hosted at Sprint
128
#tflags HOSTED_AT_SPRINT net
129
130
#uriip HOSTED_AT_TELUS eval:check_uriip_rbl('telus', 'telus.blackholes.us.')
131
#describe HOSTED_AT_TELUS Uses a URL hosted at Telus
132
#tflags HOSTED_AT_TELUS net
133
134
#uriip HOSTED_AT_VALUENET eval:check_uriip_rbl('valuenet', 'valuenet.blackholes.us.')
135
#describe HOSTED_AT_VALUENET Uses a URL hosted at ValueNet
136
#tflags HOSTED_AT_VALUENET net
137
138
uriip HOSTED_AT_VERIO eval:check_uriip_rbl('verio', 'verio.blackholes.us.')
139
describe HOSTED_AT_VERIO Uses a URL hosted at Verio
140
tflags HOSTED_AT_VERIO net
141
142
#uriip HOSTED_AT_VERIZON eval:check_uriip_rbl('verizon', 'verizon.blackholes.us.')
143
#describe HOSTED_AT_VERIZON Uses a URL hosted at Verizon
144
#tflags HOSTED_AT_VERIZON net
145
146
#uriip HOSTED_AT_WANADOOFR eval:check_uriip_rbl('wanadoo-fr', 'wanadoo-fr.blackholes.us.')
147
#describe HOSTED_AT_WANADOOFR Uses a URL hosted at Wanadoo France
148
#tflags HOSTED_AT_WANADOOFR net
149
150
#uriip HOSTED_AT_XO eval:check_uriip_rbl('xo', 'xo.blackholes.us.')
151
#describe HOSTED_AT_XO Uses a URL hosted at XO.com
152
#tflags HOSTED_AT_XO net
153
154
155
### Countries with severe spam problems ###
156
#
157
#uriip HOSTED_IN_ARGENTINA eval:check_uriip_rbl('argentina', 'argentina.blackholes.us.')
158
#describe HOSTED_IN_ARGENTINA Uses a URL hosted in Argentina
159
#tflags HOSTED_IN_ARGENTINA net
160
161
#uriip HOSTED_IN_BRAZIL eval:check_uriip_rbl('brazil', 'brazil.blackholes.us.')
162
#describe HOSTED_IN_BRAZIL Uses a URL hosted in Brazil
163
#tflags HOSTED_IN_BRAZIL net
164
165
uriip HOSTED_IN_CHINA eval:check_uriip_rbl('china', 'china.blackholes.us.')
166
describe HOSTED_IN_CHINA Uses a URL hosted in China
167
tflags HOSTED_IN_CHINA net
168
169
uriip HOSTED_IN_KOREA eval:check_uriip_rbl('korea', 'korea.blackholes.us.')
170
describe HOSTED_IN_KOREA Uses a URL hosted in Korea
171
tflags HOSTED_IN_KOREA net
172
173
#uriip HOSTED_IN_MALAYSIA eval:check_uriip_rbl('malaysia', 'malaysia.blackholes.us.')
174
#describe HOSTED_IN_MALAYSIA Uses a URL hosted in Malaysia
175
#tflags HOSTED_IN_MALAYSIA net
176
177
#uriip HOSTED_IN_NIGERIA eval:check_uriip_rbl('nigeria', 'nigeria.blackholes.us.')
178
#describe HOSTED_IN_NIGERIA Uses a URL hosted in Nigeria
179
#tflags HOSTED_IN_NIGERIA net
180
181
uriip HOSTED_IN_RUSSIA eval:check_uriip_rbl('russia', 'russia.blackholes.us.')
182
describe HOSTED_IN_RUSSIA Uses a URL hosted in Russia
183
tflags HOSTED_IN_RUSSIA net
184
185
#uriip HOSTED_IN_SINGAPORE eval:check_uriip_rbl('singapore', 'singapore.blackholes.us.')
186
#describe HOSTED_IN_SINGAPORE Uses a URL hosted in Singapore
187
#tflags HOSTED_IN_SINGAPORE net
188
189
#uriip HOSTED_IN_TAIWAN eval:check_uriip_rbl('taiwan', 'taiwan.blackholes.us.')
190
#describe HOSTED_IN_TAIWAN Uses a URL hosted in Taiwan
191
#tflags HOSTED_IN_TAIWAN net
192
193
#uriip HOSTED_IN_THAILAND eval:check_uriip_rbl('thailand', 'thailand.blackholes.us.')
194
#describe HOSTED_IN_THAILAND Uses a URL hosted in Thailand
195
#tflags HOSTED_IN_THAILAND net
196
(-)spamassassin/rules/50_scores.cf (-1 / +51 lines)
Lines 1-7 Link Here
1
# SpamAssassin score file
1
# SpamAssassin score file
2
#
2
#
3
# Please don't modify this file as your changes will be overwritten with
3
# Please don't modify this file as your changes will be overwritten with
4
# the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead.
4
# the next update. Use /etc/spamassassin/local.cf instead.
5
# See 'perldoc Mail::SpamAssassin::Conf' for details.
5
# See 'perldoc Mail::SpamAssassin::Conf' for details.
6
#
6
#
7
# This program is free software; you can redistribute it and/or modify
7
# This program is free software; you can redistribute it and/or modify
Lines 999-1004 Link Here
999
score USER_IN_MORE_SPAM_TO -20.000
999
score USER_IN_MORE_SPAM_TO -20.000
1000
score USER_IN_ALL_SPAM_TO -100.000
1000
score USER_IN_ALL_SPAM_TO -100.000
1001
1001
1002
# Spamvertised IPs within black-hat netblocks
1003
1004
# Be careful with the scores - some legitimate emails may contain
1005
# (informational) links to spamvertised sites - score them high enough
1006
# but not too high.
1007
1008
# These ones have been proven as *very* useful.
1009
score HOSTED_SBL 4.0
1010
score HOSTED_SPEWS_L1 4.0
1011
score HOSTED_SPEWS_L2 2.0
1012
score HOSTED_HABEAS_VIOLATOR 4.0
1013
1014
# Only to be activated if a regional or ISP-specific spam problem is
1015
# evolving (yet that's what SBL and SPEWS are good for).
1016
score HOSTED_AT_ABOVE 1.5
1017
score HOSTED_AT_ATT 1.5
1018
score HOSTED_AT_BELLSOUTH 1.5
1019
score HOSTED_AT_CHINANET 4.0
1020
score HOSTED_AT_CIBERLYNX 4.0
1021
score HOSTED_AT_COGENTCO 2.0
1022
score HOSTED_AT_COMCAST 2.0
1023
score HOSTED_AT_COVAD 1.5
1024
score HOSTED_AT_CW 1.5
1025
score HOSTED_AT_HE 1.5
1026
score HOSTED_AT_HOSTCENTRIC 1.5
1027
score HOSTED_AT_INTERBUSINESS 2.0
1028
score HOSTED_AT_INTERNAP 2.0
1029
score HOSTED_AT_LEVEL3 1.5
1030
score HOSTED_AT_QWEST 2.0
1031
score HOSTED_AT_RACKSPACE 2.0
1032
score HOSTED_AT_ROGERS 2.0
1033
score HOSTED_AT_RR 2.0
1034
score HOSTED_AT_SERVEPATH 2.0
1035
score HOSTED_AT_SPRINT 2.0
1036
score HOSTED_AT_TELUS 1.5
1037
score HOSTED_AT_VALUENET 1.5
1038
score HOSTED_AT_VERIO 2.5
1039
1040
score HOSTED_IN_ARGENTINA 1.5
1041
score HOSTED_IN_BRAZIL 1.5
1042
score HOSTED_IN_CHINA 3.0
1043
score HOSTED_IN_KOREA 2.5
1044
score HOSTED_IN_MALAYSIA 1.5
1045
score HOSTED_IN_NIGERIA 2.0
1046
score HOSTED_IN_RUSSIA 2.0
1047
score HOSTED_IN_SINGAPORE 1.5
1048
score HOSTED_IN_TAIWAN 1.5
1049
score HOSTED_IN_THAILAND 1.5
1050
1051
1002
#
1052
#
1003
# Habeas: http://www.habeas.com/
1053
# Habeas: http://www.habeas.com/
1004
#
1054
#

Return to bug 1375