Attachment #964 for bug #1375

View | Details | Raw Unified | Return to bug 1375
Collapse All | Expand All




  }
}

sub check_rbl_uris {
  my ($self, $rule, $set, $rbl_server) = @_;

  return 0 if $self->{conf}->{skip_rbl_checks};
  return 0 unless $self->is_dns_available();

  my @uris = $self->get_uri_list();

  my %domains;
  for my $uri (@uris) {
    if ($uri =~ /^mailto:.*\@([^\@\s>]+)/i) {
      $uri = lc($1);
      next unless $uri =~ /\S\.\S\S/;
      $domains{$uri} = 1;
      $domains{hostname_to_domain2($uri)} = 1;
    }
    elsif ($uri =~ m@^\w+://(.+?)/?@i) {
      $uri = lc($1);
      next unless $uri =~ /\S\.\S\S/;
      $domains{$uri} = 1;
      $domains{hostname_to_domain2($uri)} = 1;
    }
  }
  return unless scalar keys %domains;

  $self->load_resolver();
  for my $domain (keys %domains) {
    print STDERR "checking $domain\n";
    $self->do_rbl_lookup($rule, $set, 'A', $rbl_server, "$domain.$rbl_server");
  }
}

###########################################################################

sub check_for_unique_subject_id {




# bandwidth-pigs
header T_FROM_IN_PIGS		rbleval:check_rbl_from('pigs', 'bandwidth-pigs.monkeys.com.')
tflags T_FROM_IN_PIGS net
# in.dnsbl.org
header T_FROM_IN_IN_DNSBL	rbleval:check_rbl_from('in-dnsbl', 'in.dnsbl.org.')
tflags T_FROM_IN_IN_DNSBL net

# temporary
header T_FROM_IN_RFCI_ABUSE	rbleval:check_rbl_from('rfci-abuse', 'abuse.rfc-ignorant.org.')
header T_FROM_IN_RFCI_POSTMASTER	rbleval:check_rbl_from('rfci-postmaster', 'postmaster.rfc-ignorant.org.')
header T_FROM_IN_RFCI_WHOIS	rbleval:check_rbl_from('rfci-whois', 'whois.rfc-ignorant.org.')

# bug 1375: do RBL look-ups on URLs
header T_URI_IN_RFCI_ABUSE	rbleval:check_rbl_uris('rfci-abuse', 'abuse.rfc-ignorant.org.')
header T_URI_IN_RFCI_DSN	rbleval:check_rbl_uris('rfci-dsn', 'dsn.rfc-ignorant.org.')
header T_URI_IN_RFCI_POSTMASTER	rbleval:check_rbl_uris('rfci-postmaster', 'postmaster.rfc-ignorant.org.')
header T_URI_IN_RFCI_WHOIS	rbleval:check_rbl_uris('rfci-whois', 'whois.rfc-ignorant.org.')
tflags T_URI_IN_RFCI_ABUSE net
tflags T_URI_IN_RFCI_DSN net
tflags T_URI_IN_RFCI_POSTMASTER net
tflags T_URI_IN_RFCI_WHOIS net

header T_URI_IN_DEADBEEF	rbleval:check_rbl_uris('deadbeef', 'bl.deadbeef.com.')
header T_URI_IN_IN_DNSBL	rbleval:check_rbl_uris('in-dnsbl', 'in.dnsbl.org.')
header T_URI_IN_PIGS		rbleval:check_rbl_uris('pigs', 'bandwidth-pigs.monkeys.com.')
tflags T_URI_IN_DEADBEEF net
tflags T_URI_IN_IN_DNSBL net
tflags T_URI_IN_PIGS net

meta T_RFC_IGNORANT_A1	(T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS > 1)
meta T_RFC_IGNORANT_A2	(T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS > 2)
meta T_RFC_IGNORANT_A3	(T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS > 3)

meta T_RFC_IGNORANT_B1	(T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 1)
meta T_RFC_IGNORANT_B2	(T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 2)
meta T_RFC_IGNORANT_B3	(T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 3)

meta T_RFC_IGNORANT_C1	(T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS + T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 1)
meta T_RFC_IGNORANT_C2	(T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS + T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 2)
meta T_RFC_IGNORANT_C3	(T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS + T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 3)
meta T_RFC_IGNORANT_C4	(T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS + T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 4)
meta T_RFC_IGNORANT_C5	(T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS + T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 5)
meta T_RFC_IGNORANT_C6	(T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS + T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 6)
meta T_RFC_IGNORANT_C7	(T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS + T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 7)

# OK, a whole batch of faked-HELO detection rules.  These work by checking
# for hosts HELOing in a certain domain, but without rDNS matching that.

Return to bug 1375

Lines 1214-1219 Link Here

(-)lib/Mail/SpamAssassin/EvalTests.pm (+32 lines)
1214	}	1214	}
1215	}	1215	}
1216		1216
		1217	sub check_rbl_uris {
		1218	my ($self, $rule, $set, $rbl_server) = @_;
		1219
		1220	return 0 if $self->{conf}->{skip_rbl_checks};
		1221	return 0 unless $self->is_dns_available();
		1222
		1223	my @uris = $self->get_uri_list();
		1224
		1225	my %domains;
		1226	for my $uri (@uris) {
		1227	if ($uri =~ /^mailto:.*\@([^\@\s>]+)/i) {
		1228	$uri = lc($1);
		1229	next unless $uri =~ /\S\.\S\S/;
		1230	$domains{$uri} = 1;
		1231	$domains{hostname_to_domain2($uri)} = 1;
		1232	}
		1233	elsif ($uri =~ m@^\w+://(.+?)/?@i) {
		1234	$uri = lc($1);
		1235	next unless $uri =~ /\S\.\S\S/;
		1236	$domains{$uri} = 1;
		1237	$domains{hostname_to_domain2($uri)} = 1;
		1238	}
		1239	}
		1240	return unless scalar keys %domains;
		1241
		1242	$self->load_resolver();
		1243	for my $domain (keys %domains) {
		1244	print STDERR "checking $domain\n";
		1245	$self->do_rbl_lookup($rule, $set, 'A', $rbl_server, "$domain.$rbl_server");
		1246	}
		1247	}
		1248
1217	###########################################################################	1249	###########################################################################
1218		1250
1219	sub check_for_unique_subject_id {	1251	sub check_for_unique_subject_id {

Lines 580-585 Link Here

(-)rules/70_cvs_rules_under_test.cf (+41 lines)
580	# bandwidth-pigs	580	# bandwidth-pigs
581	header T_FROM_IN_PIGS rbleval:check_rbl_from('pigs', 'bandwidth-pigs.monkeys.com.')	581	header T_FROM_IN_PIGS rbleval:check_rbl_from('pigs', 'bandwidth-pigs.monkeys.com.')
582	tflags T_FROM_IN_PIGS net	582	tflags T_FROM_IN_PIGS net
		583	# in.dnsbl.org
		584	header T_FROM_IN_IN_DNSBL rbleval:check_rbl_from('in-dnsbl', 'in.dnsbl.org.')
		585	tflags T_FROM_IN_IN_DNSBL net
		586
		587	# temporary
		588	header T_FROM_IN_RFCI_ABUSE rbleval:check_rbl_from('rfci-abuse', 'abuse.rfc-ignorant.org.')
		589	header T_FROM_IN_RFCI_POSTMASTER rbleval:check_rbl_from('rfci-postmaster', 'postmaster.rfc-ignorant.org.')
		590	header T_FROM_IN_RFCI_WHOIS rbleval:check_rbl_from('rfci-whois', 'whois.rfc-ignorant.org.')
		591
		592	# bug 1375: do RBL look-ups on URLs
		593	header T_URI_IN_RFCI_ABUSE rbleval:check_rbl_uris('rfci-abuse', 'abuse.rfc-ignorant.org.')
		594	header T_URI_IN_RFCI_DSN rbleval:check_rbl_uris('rfci-dsn', 'dsn.rfc-ignorant.org.')
		595	header T_URI_IN_RFCI_POSTMASTER rbleval:check_rbl_uris('rfci-postmaster', 'postmaster.rfc-ignorant.org.')
		596	header T_URI_IN_RFCI_WHOIS rbleval:check_rbl_uris('rfci-whois', 'whois.rfc-ignorant.org.')
		597	tflags T_URI_IN_RFCI_ABUSE net
		598	tflags T_URI_IN_RFCI_DSN net
		599	tflags T_URI_IN_RFCI_POSTMASTER net
		600	tflags T_URI_IN_RFCI_WHOIS net
		601
		602	header T_URI_IN_DEADBEEF rbleval:check_rbl_uris('deadbeef', 'bl.deadbeef.com.')
		603	header T_URI_IN_IN_DNSBL rbleval:check_rbl_uris('in-dnsbl', 'in.dnsbl.org.')
		604	header T_URI_IN_PIGS rbleval:check_rbl_uris('pigs', 'bandwidth-pigs.monkeys.com.')
		605	tflags T_URI_IN_DEADBEEF net
		606	tflags T_URI_IN_IN_DNSBL net
		607	tflags T_URI_IN_PIGS net
		608
		609	meta T_RFC_IGNORANT_A1 (T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS > 1)
		610	meta T_RFC_IGNORANT_A2 (T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS > 2)
		611	meta T_RFC_IGNORANT_A3 (T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS > 3)
		612
		613	meta T_RFC_IGNORANT_B1 (T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 1)
		614	meta T_RFC_IGNORANT_B2 (T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 2)
		615	meta T_RFC_IGNORANT_B3 (T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 3)
		616
		617	meta T_RFC_IGNORANT_C1 (T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS + T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 1)
		618	meta T_RFC_IGNORANT_C2 (T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS + T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 2)
		619	meta T_RFC_IGNORANT_C3 (T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS + T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 3)
		620	meta T_RFC_IGNORANT_C4 (T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS + T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 4)
		621	meta T_RFC_IGNORANT_C5 (T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS + T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 5)
		622	meta T_RFC_IGNORANT_C6 (T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS + T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 6)
		623	meta T_RFC_IGNORANT_C7 (T_URI_IN_RFCI_ABUSE + T_URI_IN_RFCI_DSN + T_URI_IN_RFCI_POSTMASTER + T_URI_IN_RFCI_WHOIS + T_FROM_IN_RFCI_ABUSE + T_FROM_IN_RFCI_DSN + T_FROM_IN_RFCI_POSTMASTER + T_FROM_IN_RFCI_WHOIS > 7)
583		624
584	# OK, a whole batch of faked-HELO detection rules. These work by checking	625	# OK, a whole batch of faked-HELO detection rules. These work by checking
585	# for hosts HELOing in a certain domain, but without rDNS matching that.	626	# for hosts HELOing in a certain domain, but without rDNS matching that.