7993 – Plugin HashBL.pm: allow usage of HBL from Spamhaus

Bug 7993 - Plugin HashBL.pm: allow usage of HBL from Spamhaus

Summary: Plugin HashBL.pm: allow usage of HBL from Spamhaus

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Plugins (show other bugs)
Version:	4.0.0
Hardware:	All All

Importance:	P2 enhancement
Target Milestone:	4.0.0
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2022-05-16 15:15 UTC by Michael Storz
Modified:	2022-05-17 05:44 UTC (History)
CC List:	3 users (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Storz 2022-05-16 15:15:41 UTC

Currently, if you want to use Spamhaus's HBL, you need to use Spamhaus's SH.pm plugin. Since this plugin is implemented extremely inefficiently, it has no caching implemented, it would be good if you could use the plugin HashBL.pm for this. HashBL.pm has implemented only md5 and sha1 as hash functions, SH.pm on the other hand uses sha256. Therefore the line

use Digest::SHA qw(sha1_hex);

should be extended to

use Digest::SHA qw(sha1_hex sha256);

In addition, encode_base32 from MIME::Base32 is required. SH.pm simply copied this function into the plugin.

In sub _hash another branch is needed with 

return encode_base32(sha256($value));

Of course the options have to be adjusted as well.

Comment 1 Henrik Krohns 2022-05-16 15:33:09 UTC

Is there Perl/Apache conflict for directly copying a single function from CPAN?

I'd hate to require one more obscure module, so we should make our own Util/encode_base32 from scratch if required.. ;-)

Comment 2 Henrik Krohns 2022-05-16 15:33:41 UTC

^ I mean license conflict

Comment 3 Michael Storz 2022-05-16 16:49:47 UTC

I would make it optional and only complain if sha256 is used and module MIME::Base32 is not available. I'm not sure if you can reprogram the function. I definitely do not understand how this function works.

Comment 4 Kevin A. McGrail 2022-05-16 16:58:40 UTC

Henrik, copying anything from anywhere with a non-ASLv2 license could cause issues, yes.  Often times I ask the author and have many times over the years gotten quick permission for stuff like this.

Comment 5 Henrik Krohns 2022-05-17 05:44:37 UTC

The base-family encoding is really simple when you understand it. I committed a super simple unoptimized Util/base32_encode (Revision 1900976).

sha256 option added:

Committed revision 1900977.