Hello,
I do full uris dns lookups through a simple SA plugin. The core lines in
the function are:
sub check_fulluris {
my ($self, $msg) = @_;
my $pms = $msg->{permsgstatus};
my $body = $msg->{msg}->get_pristine_body();
foreach my $this_url (uniq( $body =~
/(http|https):\/\/(.*?)\//g )) {
# code to do dns lookups
}
}
and in the .cf
urirhssub TEST_FULL_URIS mypersonal.dnsbl. A 127.0.0.2
body TEST_FULL_URIS eval:check_fulluris('TEST_FULL_URIS')
As for my personal reason of doing full hostnames lookups, I find it
easier to mantain a rbldnsd zone with hacked websites/landing pages of
marketers than to write uri rules in the .cf each time
Hope it helps
Daniele Duca
On 16/02/2018 22:08, jahlives wrote:
Hi list
I'm looking for a way in spamassassin to run a full-uri-host rbl lookup
for a specific rule. I do not want to discuss about sense or non-sense
of full-uri-hosts lookups ;-)
lets assume I have two rules which query my own rbl
urirhssub HIT_DOMAIN my.rbl.tld. A 127.0.0.2
body HIT_DOMAIN eval:check_uridnsbl('HIT_DOMAIN')
urifullsub HIT_FULL my.rbl.tld. A 127.0.0.4
body HIT_FULL eval:check_uridnsbl('HIT_FULL')
I know urifullsub does not exist, should just visualize what I try to
achieve :-)
now for a uri like www.sub.domain.tld both rules should be tested. The
first one for domain.tld (which sa does with rh lookups) and the second
one with the full-uri-host (www.sub.domain.tld)
I read about aux_tlds but I think this does not help me as if I add
domain.tld to aux_tlds the first query above would be fired with
sub.domain.tld
I thought that the second query could be solved using askdns plugin in a
way like this
askdns HIT_FULL _URIFULLHOST_.my.rbl.tld. A 127.0.0.4
But how to get access to urifullhost? :-)
Currently I use a plugin of my antispam glue to perform the full uri
host lookups on uris found. This plugin adds a X-Header upon hit on
which spamassassin fires and scores.
So I have a solution to this "problem" but it would be nice to do both
queries from spamassassin :-)
Cheers
tobi
