HashBL − query hashed (and unhashed) DNS blocklists
loadplugin
Mail::SpamAssassin::Plugin::HashBL
# NON−WORKING usage examples below, replace
xxx.example.invalid with real list
# See documentation below for detailed usage
header HASHBL_EMAIL
eval:check_hashbl_emails('ebl.example.invalid')
describe HASHBL_EMAIL Message contains email address found
on EBL
priority HASHBL_EMAIL −100 # required priority to
launch async lookups early
tflags HASHBL_EMAIL net
hashbl_acl_freemail gmail.com
header HASHBL_OSENDR
eval:check_hashbl_emails('rbl.example.invalid/A',
'md5/max=10/shuffle', 'X−Original−Sender',
'ˆ127\.', 'freemail')
describe HASHBL_OSENDR Message contains email address found
on HASHBL
priority HASHBL_OSENDR −100 # required priority to
launch async lookups early
tflags HASHBL_OSENDR net
body HASHBL_BTC
eval:check_hashbl_bodyre('btcbl.example.invalid',
'sha1/max=10/shuffle',
'\b([13][a−km−zA−HJ−NP−Z1−9]{25,34})\b')
describe HASHBL_BTC Message contains BTC address found on
BTCBL
priority HASHBL_BTC −100 # required priority to launch
async lookups early
tflags HASHBL_BTC net
header HASHBL_URI
eval:check_hashbl_uris('rbl.example.invalid', 'sha1',
'127.0.0.32')
describe HASHBL_URI Message contains uri found on rbl
priority HASHBL_URI −100 # required priority to launch
async lookups early
tflags HASHBL_URI net
This plugin support multiple types of hashed or unhashed DNS blocklists.
OPTS refers to multiple generic options:
raw do not hash
data, query as is
md5 hash query with MD5
sha1 hash query with SHA1
case keep case before hashing, default is to lowercase
max=x maximum number of queries
shuffle if max exceeded, random shuffle queries before
truncating to limit
Multiple options can be separated with slash or other non-word character. If OPTS is empty (’’) or missing, default is used.
HEADERS refers to slash separated list of Headers to process:
ALL all headers
ALLFROM all From headers as returned by
$pms−>all_from_addrs()
EnvelopeFrom message envelope from (Return−Path etc)
HeaderName any header as used with $pms−>get()
if HEADERS is
empty (’’) or missing, default is used.
header RULE
check_hashbl_emails(’bl.example.invalid/A’,
’OPTS’,
’HEADERS/body’, ’ˆ127\.’)
Check email addresses from DNS list, "body" can be specified along with headers to search body for emails. Optional subtest regexp to match DNS answer. Note that eval rule type must always be "header".
DNS query type can be appended to list with /A (default) or /TXT.
Additional supported OPTS:
nodot strip
username dots from email
notag strip username tags from email
nouri ignore emails inside uris
noquote ignore emails inside < > or possible
quotings
Default OPTS: sha1/notag/noquote/max=10/shuffle
Default HEADERS: ALLFROM/Reply−To/body
For existing public email blacklist, see: http://msbl.org/ebl.html
# Working
example, see http://msbl.org/ebl.html before usage
header HASHBL_EMAIL eval:check_hashbl_emails('ebl.msbl.org')
describe HASHBL_EMAIL Message contains email address found
on EBL
priority HASHBL_EMAIL −100 # required priority to
launch async lookups early
tflags HASHBL_EMAIL net
header RULE
check_hashbl_uris(’bl.example.invalid/A’,
’OPTS’,
’ˆ127\.’)
Check uris from DNS list, optional subtest regexp to match DNS answer.
DNS query type can be appended to list with /A (default) or /TXT.
Default OPTS: sha1/max=10/shuffle
body RULE
check_hashbl_bodyre(’bl.example.invalid/A’,
’OPTS’,
’\b(match)\b’, ’ˆ127\.’)
Search body for matching regexp and query the string captured. Regexp must have a single capture ( ) for the string ($1). Optional subtest regexp to match DNS answer. Note that eval rule type must be "body" or "rawbody".