Alex wrote: > Hi, > > I've collected a bunch of URIs that I'd like to incorporate into my > rulebase. I know how to create a DNSBL, but I don't specifically know > how to create a URIBL. Can I use rbldnsd for this? Or would I have to > extract the IP or hostname from the URL, then also use a bunch of uri > rules? If so, is there a way of automating this, given a list of URIs? > > For example, I have URIs like: > > http://109.73.134.241/dgq01px > http://51steel1.org/s4b5ztgcx > http://amessofblues1.com/m0dqfx
Do you want to use the full URI (including the /dgq01px or /s4b5ztgcx parts), or just the domain names? If you want the full URI, I think you're pretty much stuck collecting them up in a huge list of uri rules, unless you want to write a custom plugin to do a custom DNS lookup. (Not sure some of the new DNS lookup widgets will go quite far enough to support something like this directly.) If you only want the domain name, you can feed those into a local DNSBL. > I'm also then not sure which of uri* rule definition should be used. > I've used urirhsbl before for a local host blocklist, but now after > reading the man page again for the first time in a while, I'm not even > sure that's correct. "uri" rules are standard SA regular expression rules that only look at things that SA has extracted from the message as a URI. The others are DNSBL lookup rules, with a lot of variations on how the lookup should be done, and the results broken down. The Mail::SpamAssassin::Plugin::URIDNSBL man page has all the details, but my experience has been that for local use, you generally only need uridnsbl and/or uridnssub. > I'm also unclear about rbldnsd config for dnset, where hostnames would > be used. Here is my current command-line: Other responses have gone into more detail on this, which I probably tested for myself at one point when I set up local DNS blacklists. I also wrote some basic tools to feed both relay IP and URI domain data into these local lists; I've published them at https://secure.deepnet.cx/trac/dnsbl. Note that these are mainly data-entry/export utilities, and they're a little rough around the edges, but these are substantially what I've been using in production for quite a few years now. -kgd
