On Fri, 2013-06-21 at 15:21 +0200, Fabio Sangiovanni wrote:
> I normally already scan the BCCed message *only*. The main submission
> channel doesn't have an antispam system on its own; instead, an
> out-of-band antispam stack (postfix + amavisd-new + spamassassin) is in
> place; it receives BCCed messages and takes care of checks in an
> unobtrusive way, just for screening purposes.
>
Understood.
> What I'm trying to do is to implement uribldns checks against one single
> type of header, containing an email address.
> Example:
>
> [mail headers]
> [...]
> X-My-Own-Header: <localp...@domain.tld>
> [...]
>
> [mail body]
>
> I need rules to have spamassassin check domain.tld against some URIBL
> lists (eg. Spamhaus DBL). Is this even possible?
>
I don't see why not.
If you want to stay inside the SA framework you can write a rule that
triggers on your own header and processes its payload. The processing
might be as simple as calling the existing URIBL module: I've not looked
at it to see if that would be possible. More likely you'd need to modify
the Perl URIBL module and change it to work with your payload format
rather than the parts of a message that it currently uses.
Alternatively, as you only want to look at your header, consider
omitting SA entirely and using simple code to ignore everything except
your header. For instance, you might decide to follow the high volume
route of taking the periodic FTP downloads from the URIBLs. This would
let you use a straightforward program along these lines:
Start by loading the URIBL lists into array(s)
repeat
{
if there are waiting messages
{
for each message
{
extract the URI from X-My-Own-Header
if URI matches array content
{
take your blacklisting action
}
delete the message (done last so there's no data loss)
}
}
else
{
sleep a few seconds
}
}
This would be stopped and restarted each time a new set of BL lists were
downloaded, but would be so fast the pause should not matter. Thats the
sort of thing that could be designed and written in well under a day
using awk, Perl or Python.
Or you could take a little longer and write something in Perl, C or Java
that would notice a new download appearing, pause while it automatically
updated its blacklist array(s), then continue with its comparisons.
HTH
Martin
