[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-users
Subject:    Re: How to create a URIBL
From:       Kris Deugau <kdeugau () vianet ! ca>
Date:       2016-10-19 16:34:38
Message-ID: 5807A09E.1010204 () vianet ! ca
[Download RAW message or body]

Alex wrote:
> Hi,
> 
> I've collected a bunch of URIs that I'd like to incorporate into my
> rulebase. I know how to create a DNSBL, but I don't specifically know
> how to create a URIBL. Can I use rbldnsd for this? Or would I have to
> extract the IP or hostname from the URL, then also use a bunch of uri
> rules? If so, is there a way of automating this, given a list of URIs?
> 
> For example, I have URIs like:
> 
> http://109.73.134.241/dgq01px
> http://51steel1.org/s4b5ztgcx
> http://amessofblues1.com/m0dqfx

Do you want to use the full URI (including the /dgq01px or /s4b5ztgcx
parts), or just the domain names?

If you want the full URI, I think you're pretty much stuck collecting
them up in a huge list of uri rules, unless you want to write a custom
plugin to do a custom DNS lookup.  (Not sure some of the new DNS lookup
widgets will go quite far enough to support something like this directly.)

If you only want the domain name, you can feed those into a local DNSBL.

> I'm also then not sure which of uri* rule definition should be used.
> I've used urirhsbl before for a local host blocklist, but now after
> reading the man page again for the first time in a while, I'm not even
> sure that's correct.

"uri" rules are standard SA regular expression rules that only look at
things that SA has extracted from the message as a URI.

The others are DNSBL lookup rules, with a lot of variations on how the
lookup should be done, and the results broken down.  The
Mail::SpamAssassin::Plugin::URIDNSBL man page has all the details, but
my experience has been that for local use, you generally only need
uridnsbl and/or uridnssub.

> I'm also unclear about rbldnsd config for dnset, where hostnames would
> be used. Here is my current command-line:

Other responses have gone into more detail on this, which I probably
tested for myself at one point when I set up local DNS blacklists.

I also wrote some basic tools to feed both relay IP and URI domain data
into these local lists;  I've published them at
https://secure.deepnet.cx/trac/dnsbl.  Note that these are mainly
data-entry/export utilities, and they're a little rough around the
edges, but these are substantially what I've been using in production
for quite a few years now.

-kgd
[prev in list] [next in list] [prev in thread] [next in thread]