Le 15/11/2012 22:16, Per-Erik Persson a écrit :
>
> Is there a way to add spamassin rules without editing the config
> and reloading the process?
>
> To be more specific, I can set up a RBL of my own and add
> suspicious servers found in the header, no problems to do that.
> This can be done today with our current setup of
> hostadministration tools without writing one single line of code
> more that defining the RBL in spamassassin. I just do a
> copy-paste-enter and suddenly the malicious spamming server will
> not end up in my mailbox anymore :-)
>
> But if I want to insert a rule to shoot down a malicious link to a
> phishingsite listed in the body of the email I need to do the
> following steps.
>
> update the config with an uricheck testdrive it distribute it to
> the spamassassin servers reload services watch syslogs to be sure
> the reload succeeded
>
> Does anyone know of a way to kill a malicious url in the example
> above in an easier way without granting tools and permissions to
> people that most likely will shoot themselves in the foot?
>
>
not sure I understand what you mean, but...
if the goal is to block URLs, then setup rbldnsd and use a rule like this:
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
urirhssub URIBL_MINE uri.bl.example.com. A 2
body URIBL_MINE eval:check_uridnsbl('URIBL_MINE')
describe URIBL_MINE Contains an URL listed in MY blocklist
tflags URIBL_MINE net
score URIBL_MINE 10.0
endif #ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
the rbldnsd "zone" file for uri.bl.example.com would contain things like:
# Start of authority record (TTL 3000), with serial (0) computed as
# a timestamp of data file
$SOA 3000 localhost admin.example.com 0 600 300 86400 300
$NS 3000 localhost
#
:127.0.0.2:blocked, see http://blockeduri.example.com/ipbl/lookup?$
## Test entry
example.com :2:Test entry
*.example.com :2:Test entry
spammer.net :2:spam domain
*.spammer.net :2:spam domain
