Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package perl-Mail-SpamAssassin-Plugin-dqs for openSUSE:Factory checked in at 2022-11-16 15:44:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Mail-SpamAssassin-Plugin-dqs (Old) and /work/SRC/openSUSE:Factory/.perl-Mail-SpamAssassin-Plugin-dqs.new.1597 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Mail-SpamAssassin-Plugin-dqs" Wed Nov 16 15:44:13 2022 rev:2 rq:1036212 version:1.2.2 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Mail-SpamAssassin-Plugin-dqs/perl-Mail-SpamAssassin-Plugin-dqs.changes 2022-02-09 20:40:55.442623394 +0100 +++ /work/SRC/openSUSE:Factory/.perl-Mail-SpamAssassin-Plugin-dqs.new.1597/perl-Mail-SpamAssassin-Plugin-dqs.changes 2022-11-16 15:44:15.848060506 +0100 @@ -1,0 +2,8 @@ +Wed Nov 16 10:28:49 UTC 2022 - Johannes Weberhofer <jweberho...@weberhofer.at> + +- spamassassin-dqs version 1.2.2 + + * Removed useless syslog functions and made the plugin compatible with MDaemon + * Minor fixes + +------------------------------------------------------------------- Old: ---- v1.2.0.tar.gz New: ---- v1.2.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Mail-SpamAssassin-Plugin-dqs.spec ++++++ --- /var/tmp/diff_new_pack.v6tkTV/_old 2022-11-16 15:44:16.388063158 +0100 +++ /var/tmp/diff_new_pack.v6tkTV/_new 2022-11-16 15:44:16.392063177 +0100 @@ -17,7 +17,7 @@ Name: perl-Mail-SpamAssassin-Plugin-dqs -Version: 1.2.0 +Version: 1.2.2 Release: 0 Summary: SpamAssassin plugin for Spamhaus Data Query Service (DQS) License: Apache-2.0 ++++++ v1.2.0.tar.gz -> v1.2.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spamassassin-dqs-1.2.0/Changelog.md new/spamassassin-dqs-1.2.2/Changelog.md --- old/spamassassin-dqs-1.2.0/Changelog.md 2021-09-09 16:46:07.000000000 +0200 +++ new/spamassassin-dqs-1.2.2/Changelog.md 2022-04-20 18:23:07.000000000 +0200 @@ -1,5 +1,15 @@ Changelog for SpamAssassin DQS Plugin +- 200422 + - Removed useless syslog functions and made the plugin compatible with MDaemon + - Minor fixes + - Tagged version 1.2.1 + +- 310122 + - Added functions to check whole hostnames in DBL + - Minor fixes + - Tagged version 1.2.0 + - 140721 - Fixed scores on the abused section - Tagged version 1.1.3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spamassassin-dqs-1.2.0/README.md new/spamassassin-dqs-1.2.2/README.md --- old/spamassassin-dqs-1.2.0/README.md 2021-09-09 16:46:07.000000000 +0200 +++ new/spamassassin-dqs-1.2.2/README.md 2022-04-20 18:23:07.000000000 +0200 @@ -1,4 +1,3 @@ - # Using DQS with SpamAssassin This repository contains the configuration files and a plugin written for SpamAssassin, (https://spamassassin.apache.org/) for use with Spamhaus Technology Data Query Service (DQS) product. @@ -19,6 +18,7 @@ - Installation instructions - [Install from Github](#install-from-github) - [Install from FreeBSD ports](#install-from-freebsd-ports) +- [Testing your setup](#testing-your-setup) - [Plugin internals](#plugin-internals) - [Final recommendations](#final-recommendations) - [Support and feedback](#support-and-feedback) @@ -256,6 +256,12 @@ $ sudo make install ``` +## Testing your setup + +Once you succesfully installed the plugin, you could head to [http://blt.spamhaus.com](http://blt.spamhaus.com) and test if you have correctly installed everything. + +**Please read the docs carefully**, as a "delivered" response with a red flag **doesn't always mean you missed something**; it depends on your setup. You should always check all the headers of any email that the BLT sends and look for spam headers, usually, but not always: "X-Spam-Flag: Yes" or "X-Spam: Yes". + *** ## Plugin internals @@ -283,6 +289,9 @@ * `check_sh_bodyuri_ns` This function scans the email body and looks for URLs; when one is found it takes the domain's authoritative nameservers IPs and checks them in SBL (beta, not used, but you are encouraged to try it). + * `check_sh_hostname` + This function extracts whole hostnames starting from URLs in the email body and is used to check them in the abused-legit component of DBL + * `check_sh_crypto` This functions looks for cryptowallets in the email body and checks them in HBL. As of today, we support the following cryptos: - BTC diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spamassassin-dqs-1.2.0/SH.pm new/spamassassin-dqs-1.2.2/SH.pm --- old/spamassassin-dqs-1.2.0/SH.pm 2021-09-09 16:46:07.000000000 +0200 +++ new/spamassassin-dqs-1.2.2/SH.pm 2022-04-20 18:23:07.000000000 +0200 @@ -18,7 +18,7 @@ # at <spamassassin at spamteq.com> for questions/suggestions related # with this plug-in exclusively. -# version 20200825 +# version 20220420 package Mail::SpamAssassin::Plugin::SH; @@ -32,7 +32,6 @@ use Socket; use Mail::SpamAssassin::Logger; use Digest::SHA qw(sha256 ); -use Sys::Syslog qw( :DEFAULT setlogsock); our @ISA = qw(Mail::SpamAssassin::Plugin); @@ -83,18 +82,46 @@ $self->register_eval_rule ( 'check_sh_attachment' ); # Check email hashes $self->register_eval_rule ( 'check_sh_emails' ); - + # Finds URIs in the email body and checks their hostnames + $self->register_eval_rule ( 'check_sh_hostname' ); return $self; } -sub log_syslog { - my ($priority, $msg) = @_; - return 0 unless ($priority =~ /info|err|debug/); - setlogsock('unix'); - openlog("SHPlugin",'pid','mail'); - syslog($priority, $msg); - closelog(); - return 1; +sub check_sh_hostname { + + my ($self, $pms, $bodyref, $list, $subtest) = @_; + my $conf = $pms->{conf}; + return 0 unless $self->{sh_available}; + return 0 unless defined $list; + + my $skip_domains = $conf->{uridnsbl_skip_domains}; + $skip_domains = {} if !$skip_domains; + + my $body = join('', @{$bodyref}); + my $rulename = $pms->get_current_eval_rule_name(); + + my @uris; + (@uris) = _get_body_uris($self,$pms,$bodyref); + + foreach my $this_hostname (@uris) { + if (!($skip_domains->{$this_hostname})) { + dbg("SHPlugin: (check_sh_hostname) checking ".$this_hostname); + my $lookup = $this_hostname.".".$list; + my $key = "SH:$lookup"; + my $ent = { + key => $key, + zone => $list, + type => 'SH', + rulename => $rulename, + addr => $this_hostname, + }; + $ent = $pms->{async}->bgsend_and_start_lookup($lookup, 'A', undef, $ent, sub { + my ($ent, $pkt) = @_; + $self->_finish_lookup($pms, $ent, $pkt, $subtest); + }, master_deadline => $pms->{master_deadline}); + } + } + return 0; } sub finish_parsing_end { @@ -181,12 +208,15 @@ sub _get_body_uris { my ($self,$pms, $bodyref) = @_; - my $body = join('', @{$bodyref}); my %seen; my @uris; - foreach my $this_uri ( $body =~ /[a-zA-Z][a-zA-Z0-9+\-.]*:\/\/(?:[a-zA-Z0-9\-._~%!$&'()*+,;=]+@)?([a-zA-Z0-9\-._~%]+|âµ\[[a-zA-Z0-9\-._~%!$&'()*+,;=:]+\])/g) { - push (@uris, lc $this_uri) unless defined $seen{lc $this_uri}; - $seen{lc $this_uri} = 1; + my @parsed = $pms->get_uri_list(); + foreach ( @parsed ) { + my ($domain, $host) = $self->{main}->{registryboundaries}->uri_to_domain($_); + if ( $host ) { + push (@uris, lc $host) unless defined $seen{lc $host}; + $seen{lc $host} = 1; + } } foreach my $this_uri (@uris) { dbg("SHPlugin: (_get_body_uris) found ".$this_uri." in body"); @@ -352,7 +382,7 @@ # This extraction code has been heavily copypasted and slightly adapted from https://github.com/smfreegard/HashBL/blob/master/HashBL.pm my %seen; my @headers_domains; - my @headers = ('EnvelopeFrom', 'Sender', 'From', 'Reply-To'); + my @headers = ('EnvelopeFrom', 'Sender', 'From', 'Reply-To', 'Resent-Sender','X-Envelope-From','Return-Path'); foreach my $header (@headers) { if ($pms->get($header . ':addr')) { my $this_domain = $self->{'main'}->{'registryboundaries'}->uri_to_domain($pms->get( $header.':addr' )); @@ -371,7 +401,7 @@ # This extraction code has been heavily copypasted and slightly adapted from https://github.com/smfreegard/HashBL/blob/master/HashBL.pm my %seen; my @headers_emails; - my @headers = ('EnvelopeFrom', 'Sender', 'From', 'Reply-To'); + my @headers = ('EnvelopeFrom', 'Sender', 'From', 'Reply-To', 'Resent-Sender','X-Envelope-From','Return-Path'); foreach my $header (@headers) { my $email = lc($pms->get($header . ':addr')); if ($email) { @@ -774,7 +804,6 @@ my @answer = $pkt->answer; foreach my $rr (@answer) { if ($rr->address =~ /$re/) { - if ($ent->{rulename} =~ /SH_EMAIL/) { log_syslog("info","Matched email: ".$ent->{addr}); } dbg("SHPlugin: Hit on Item $ent->{addr} for $ent->{rulename}"); $pms->test_log($ent->{addr}); $pms->got_hit($ent->{rulename}, '', ruletype => 'eval'); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spamassassin-dqs-1.2.0/sh.cf new/spamassassin-dqs-1.2.2/sh.cf --- old/spamassassin-dqs-1.2.0/sh.cf 2021-09-09 16:46:07.000000000 +0200 +++ new/spamassassin-dqs-1.2.2/sh.cf 2022-04-20 18:23:07.000000000 +0200 @@ -1,4 +1,4 @@ -# Spamhaus's SpamAssassin setup version 20210909 +# Spamhaus's SpamAssassin setup version 20220420 ifplugin Mail::SpamAssassin::Plugin::SH @@ -70,19 +70,19 @@ endif # if can endif # Mail::SpamAssassin::Plugin::URIDNSBL - body SH_BODYURI_REVERSE_SBL eval:check_sh_bodyuri_a('your_DQS_key.zen.dq.spamhaus.net', '^127\.0\.0\.2') + body SH_BODYURI_REVERSE_SBL eval:check_sh_bodyuri_a('your_DQS_key.zen.dq.spamhaus.net', '^127\.0\.0\.2$') priority SH_BODYURI_REVERSE_SBL -100 describe SH_BODYURI_REVERSE_SBL The corresponding A record of an URI contained in the body is listed in SBL - body SH_BODYURI_REVERSE_CSS eval:check_sh_bodyuri_a('your_DQS_key.zen.dq.spamhaus.net', '^127\.0\.0\.3') + body SH_BODYURI_REVERSE_CSS eval:check_sh_bodyuri_a('your_DQS_key.zen.dq.spamhaus.net', '^127\.0\.0\.3$') priority SH_BODYURI_REVERSE_CSS -100 describe SH_BODYURI_REVERSE_CSS The corresponding A record of an URI contained in the body is listed in CSS - body SH_BODYURI_REVERSE_DROP eval:check_sh_bodyuri_a('your_DQS_key.zen.dq.spamhaus.net', '^127\.0\.0\.9') + body SH_BODYURI_REVERSE_DROP eval:check_sh_bodyuri_a('your_DQS_key.zen.dq.spamhaus.net', '^127\.0\.0\.9$') priority SH_BODYURI_REVERSE_DROP -100 describe SH_BODYURI_REVERSE_DROP The corresponding A record of an URI contained in the body is listed in DROP - body SH_BODYURI_REVERSE_XBL eval:check_sh_bodyuri_a('your_DQS_key.zen.dq.spamhaus.net', '^127\.0\.0\.4') + body SH_BODYURI_REVERSE_XBL eval:check_sh_bodyuri_a('your_DQS_key.zen.dq.spamhaus.net', '^127\.0\.0\.4$') priority SH_BODYURI_REVERSE_XBL -100 describe SH_BODYURI_REVERSE_XBL The corresponding A record of an URI contained in the body is listed in XBL @@ -165,4 +165,8 @@ header RCVD_IN_ZEN_BLOCKED_OPENDNS eval:check_rbl('zendqs-lastexternal', 'your_DQS_key.zen.dq.spamhaus.net.', '^127\.255\.255\.254$') header RCVD_IN_ZEN_BLOCKED eval:check_rbl('zendqs-lastexternal', 'your_DQS_key.zen.dq.spamhaus.net.', '^127\.255\.255\.255$') + body SH_DBL_ABUSED_FULLHOST eval:check_sh_hostname('your_DQS_key.dbl.dq.spamhaus.net', '^127\.0\.1\.10[2-6]$') + priority SH_DBL_ABUSED_FULLHOST -100 + describe SH_DBL_ABUSED_FULLHOST A hostname found in the email body is listed in DBL as abused_legit + endif # Mail::SpamAssassin::Plugin::SH diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spamassassin-dqs-1.2.0/sh_hbl.cf new/spamassassin-dqs-1.2.2/sh_hbl.cf --- old/spamassassin-dqs-1.2.0/sh_hbl.cf 2021-09-09 16:46:07.000000000 +0200 +++ new/spamassassin-dqs-1.2.2/sh_hbl.cf 2022-04-20 18:23:07.000000000 +0200 @@ -1,4 +1,4 @@ -# Spamhaus's SpamAssassin setup version 20210909 +# Spamhaus's SpamAssassin setup version 20220420 ifplugin Mail::SpamAssassin::Plugin::SH diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spamassassin-dqs-1.2.0/sh_hbl_scores.cf new/spamassassin-dqs-1.2.2/sh_hbl_scores.cf --- old/spamassassin-dqs-1.2.0/sh_hbl_scores.cf 2021-09-09 16:46:07.000000000 +0200 +++ new/spamassassin-dqs-1.2.2/sh_hbl_scores.cf 2022-04-20 18:23:07.000000000 +0200 @@ -1,4 +1,4 @@ -# Spamhaus's SpamAssassin setup version 20210909 +# Spamhaus's SpamAssassin setup version 20220420 ifplugin Mail::SpamAssassin::Plugin::SH diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spamassassin-dqs-1.2.0/sh_scores.cf new/spamassassin-dqs-1.2.2/sh_scores.cf --- old/spamassassin-dqs-1.2.0/sh_scores.cf 2021-09-09 16:46:07.000000000 +0200 +++ new/spamassassin-dqs-1.2.2/sh_scores.cf 2022-04-20 18:23:07.000000000 +0200 @@ -1,4 +1,4 @@ -# Spamhaus's SpamAssassin setup version 20210909 +# Spamhaus's SpamAssassin setup version 20220420 ifplugin Mail::SpamAssassin::Plugin::SH @@ -47,6 +47,8 @@ score SH_HELO_DBL 8 score SH_HELO_DBL_ABUSED 0.001 score SH_AUTHBL_AND_DBL_ABUSED 6 + score SH_ZRD_BODY_FRESH 6 + score SH_ZRD_BODY_VERY_FRESH 8 # DQS wont block queries for open dns usage score URIBL_DBL_BLOCKED_OPENDNS 0 @@ -58,5 +60,7 @@ score URIBL_ZEN_BLOCKED 0.001 score RCVD_IN_ZEN_BLOCKED 0.001 + score SH_DBL_ABUSED_FULLHOST 6 + endif # Mail::SpamAssassin::Plugin::SH