http://bugzilla.spamassassin.org/show_bug.cgi?id=1375
------- Additional Comments From [EMAIL PROTECTED] 2004-01-20 16:40 -------
(From update of attachment 1715)
>diff -ruN spamassassin/lib/Mail/SpamAssassin/Conf.pm
>spamassassin.new/lib/Mail/SpamAssassin/Conf.pm
>--- spamassassin/lib/Mail/SpamAssassin/Conf.pm 2003-12-17 16:06:29.000000000
>+0100
>+++ spamassassin.new/lib/Mail/SpamAssassin/Conf.pm 2004-01-20
>23:57:19.000000000 +0100
>@@ -107,6 +107,10 @@
> use constant TYPE_URI_EVALS => 0x0011;
> use constant TYPE_META_TESTS => 0x0012;
> use constant TYPE_RBL_EVALS => 0x0013;
>+use constant TYPE_URIIP_TESTS => 0x0014;
>+use constant TYPE_URIIP_EVALS => 0x0015;
>+use constant TYPE_URIIP_RBL_TESTS => 0x0016;
>+use constant TYPE_URIIP_RBL_EVALS => 0x0017;
>
> $VERSION = 'bogus'; # avoid CPAN.pm picking up version strings later
>
>@@ -2121,6 +2125,19 @@
> next;
> }
>
>+# URI IP addresses
>+ if (/^uriip\s+(\S+)\s+(?:rbl)?eval:(.*)$/) {
>+ my ($name, $fn) = ($1, $2);
>+
>+ if ($fn =~ /^check_uriip_rbl/) {
>+ $self->add_test ($name, $fn, TYPE_URIIP_RBL_EVALS);
>+ }
>+# else {
>+# $self->add_test ($name, $fn, TYPE_URIIP_EVALS);
>+# }
>+ next;
>+ }
>+
> =item rawbody SYMBOLIC_TEST_NAME /pattern/modifiers
>
> Define a raw-body pattern test. C<pattern> is a Perl regular expression.
>@@ -2633,6 +2650,9 @@
> elsif ($type == TYPE_RBL_EVALS) {
> $self->{rbl_evals}->{$name} = [EMAIL PROTECTED];
> }
>+ elsif ($type == TYPE_URIIP_RBL_EVALS) {
>+ $self->{uriip_rbl_evals}->{$name} = [EMAIL PROTECTED];
>+ }
> elsif ($type == TYPE_RAWBODY_EVALS) {
> $self->{rawbody_evals}->{$name} = [EMAIL PROTECTED];
> }
>diff -ruN spamassassin/lib/Mail/SpamAssassin/EvalTests.pm
>spamassassin.new/lib/Mail/SpamAssassin/EvalTests.pm
>--- spamassassin/lib/Mail/SpamAssassin/EvalTests.pm 2003-12-17
>09:09:00.000000000 +0100
>+++ spamassassin.new/lib/Mail/SpamAssassin/EvalTests.pm 2004-01-20
>23:57:19.000000000 +0100
>@@ -1329,6 +1329,18 @@
> $self->check_rbl_backend($rule, $set, $rbl_server, 'TXT', $subtest);
> }
>
>+sub check_uriip_rbl {
>+ my ($self, $rule, $set, $rbl_server, $subtest) = @_;
>+ my @ips = @{$self->{uriips}};
>+ eval {
>+ foreach my $ip (@ips) {
>+ next unless ($ip =~ /(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/);
>+ $self->do_rbl_lookup($rule, $set, 'A', $rbl_server,
>+ "$4.$3.$2.$1.$rbl_server", $subtest);
>+ }
>+ };
>+}
>+
> # run for first message
> sub check_rbl_sub {
> my ($self, $rule, $set, $subtest) = @_;
>diff -ruN spamassassin/lib/Mail/SpamAssassin/PerMsgStatus.pm
>spamassassin.new/lib/Mail/SpamAssassin/PerMsgStatus.pm
>--- spamassassin/lib/Mail/SpamAssassin/PerMsgStatus.pm 2003-12-17
>16:06:29.000000000 +0100
>+++ spamassassin.new/lib/Mail/SpamAssassin/PerMsgStatus.pm 2004-01-20
>23:57:19.000000000 +0100
>@@ -122,6 +122,9 @@
> $self->{conf}->set_score_set ($set|2);
> }
>
>+ # IPs of spamvertised URIs
>+ $self->{uriips} = [ ];
>+
> # pre-chew Received headers
> $self->parse_received_headers();
>
>@@ -1743,12 +1746,67 @@
> return @{$self->{uri_list}};
> }
>
>+sub do_resolve_uri {
>+ my ($self, $uri) = @_;
>+ my @ips = ();
>+
>+ $uri =~ s/^http:\/\///;
>+ $uri =~ s/^mailto:\/\///;
>+ $uri =~ s/\/.*$//;
>+ $uri =~ s/^.*\@//;
>+
>+ @ips = $self->lookup_all_ips($uri);
>+
>+ return @ips;
>+}
>+
>+sub do_body_uriip_tests {
>+ my ($self, @ips) = @_;
>+ local ($_);
>+
>+ dbg ("running uriip tests; score so far=".$self->{hits});
>+ foreach my $ip (@ips) {
>+ dbg ("Testing spamvertised IP '$ip'");
>+ push(@{$self->{uriips}}, $ip);
>+ }
>+
>+ my $evalhash = $self->{conf}->{uriip_rbl_evals};
>+ my ($rulename, @args);
>+ my $debugenabled = $Mail::SpamAssassin::DEBUG->{enabled};
>+
>+ while (my ($rulename, $test) = each %{$evalhash}) {
>+ my $score = $self->{conf}->{scores}->{$rulename};
>+ next unless $score;
>+
>+ $self->{test_log_msgs} = ();
>+
>+ my ($function, @args) = @{$test};
>+ my $result;
>+ eval {
>+ $result = $self->$function($rulename, @args);
>+ };
>+
>+ if ($@) {
>+ warn "Failed to run $rulename URIIP RBL SpamAssassin test, skipping:\n".
>+ "\t($@)\n";
>+ $self->{rule_errors}++;
>+ next;
>+ }
>+ }
>+}
>+
> sub do_body_uri_tests {
> my ($self, $textary) = @_;
> local ($_);
>
> dbg ("running uri tests; score so far=".$self->{hits});
> my @uris = $self->get_uri_list();
>+ my @ips = ();
>+
>+ foreach my $uri (@uris) {
>+ push (@ips, $self->do_resolve_uri($uri));
>+ }
>+ $self->do_body_uriip_tests(@ips);
>
> my $doing_user_rules =
>
> $self->{conf}->{user_rules_to_compile}->{Mail::SpamAssassin::Conf::TYPE_URI_TESTS};
>@@ -2166,7 +2224,6 @@
> $self->{test_log_msgs} = (); # clear test state
>
> my ($function, @args) = @{$test};
>-
> my $result;
> eval {
> $result = $self->$function($rulename, @args);
>diff -ruN spamassassin/rules/20_uriip_tests.cf
>spamassassin.new/rules/20_uriip_tests.cf
>--- spamassassin/rules/20_uriip_tests.cf 1970-01-01 01:00:00.000000000
>+0100
>+++ spamassassin.new/rules/20_uriip_tests.cf 2004-01-20 23:58:36.000000000
>+0100
>@@ -0,0 +1,196 @@
>+# SpamAssassin rules file: RBL tests of spamvertised IPs
>+#
>+# Please don't modify this file as your changes will be overwritten with
>+# the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead.
>+# See 'perldoc Mail::SpamAssassin::Conf' for details.
>+#
>+# This program is free software; you can redistribute it and/or modify
>+# it under the terms of either the Artistic License or the GNU General
>+# Public License as published by the Free Software Foundation; either
>+# version 1 of the License, or (at your option) any later version.
>+#
>+# See the file "License" in the top level of the SpamAssassin source
>+# distribution for more details.
>+#
>+###########################################################################
>+
>+require_version @@VERSION@@
>+
>+# Don't activate too many of these rulesets, as the number of DNS
>+# queries per email will become very high!
>+
>+### Spamvertised sites listed on "common" DNSBLs ###
>+#
>+# Spamhaus Block List
>+#
>+uriip HOSTED_SBL eval:check_uriip_rbl('sbl', 'sbl.spamhaus.org.')
>+describe HOSTED_SBL URL ist hosted at a site listed in the Spamhaus Block
>List.
>+tflags HOSTED_SBL net
>+
>+# Spam Prevention Early Warning System
>+#
>+uriip HOSTED_SPEWS_L1 eval:check_uriip_rbl('spews',
>'l1.spews.dnsbl.sorbs.net.')
>+describe HOSTED_SPEWS_L1 URL ist hosted at a site listed in the SPEWS (Level
>1) blacklist.
>+tflags HOSTED_SPEWS_L1 net
>+#
>+uriip HOSTED_SPEWS_L2 eval:check_uriip_rbl('spews',
>'l2.spews.dnsbl.sorbs.net.')
>+describe HOSTED_SPEWS_L2 URL ist hosted at a site listed in the SPEWS (Level
>2) blacklist.
>+tflags HOSTED_SPEWS_L2 net
>+
>+
>+# Habeas(TM) violators blacklist
>+#
>+uriip HOSTED_HABEAS_VIOLATOR eval:check_uriip_rbl('hil', 'sa-hil.habeas.com.')
>+describe HOSTED_HABEAS_VIOLATOR Uses a URL whose IP has been caught as Habeas
>violator
>+tflags HOSTED_HABEAS_VIOLATOR net
>+
>+
>+### ISPs known to tolerate spamvertised sites ###
>+#
>+#uriip HOSTED_AT_ABOVE eval:check_uriip_rbl('above', 'above.blackholes.us.')
>+#describe HOSTED_AT_ABOVE Uses a URL hosted at AboveNet
>+#tflags HOSTED_AT_ABOVE net
>+
>+#uriip HOSTED_AT_ATT eval:check_uriip_rbl('att', 'att.blackholes.us.')
>+#describe HOSTED_AT_ATT Uses a URL hosted at AT&T
>+#tflags HOSTED_AT_ATT net
>+
>+#uriip HOSTED_AT_BELLSOUTH eval:check_uriip_rbl('bellsouth',
>'bellsouth.blackholes.us.')
>+#describe HOSTED_AT_BELLSOUTH Uses a URL hosted at Bellsouth
>+#tflags HOSTED_AT_BELLSOUTH net
>+
>+uriip HOSTED_AT_CHINANET eval:check_uriip_rbl('chinanet',
>'chinanet.blackholes.us.')
>+describe HOSTED_AT_CHINANET Uses a URL hosted at Chinanet
>+tflags HOSTED_AT_CHINANET net
>+
>+#uriip HOSTED_AT_CIBERLYNX eval:check_uriip_rbl('ciberlynx',
>'ciberlynx.blackholes.us.')
>+#describe HOSTED_AT_CIBERLYNX Uses a URL hosted at Ciberlynx
>+#tflags HOSTED_AT_CIBERLYNX net
>+
>+#uriip HOSTED_AT_COGENTCO eval:check_uriip_rbl('cogentco',
>'cogentco.blackholes.us.')
>+#describe HOSTED_AT_COGENTCO Uses a URL hosted at Cogent
>+#tflags HOSTED_AT_COGENTCO net
>+
>+#uriip HOSTED_AT_COMCAST eval:check_uriip_rbl('comcast',
>'comcast.blackholes.us.')
>+#describe HOSTED_AT_COMCAST Uses a URL hosted at Comcast
>+#tflags HOSTED_AT_COMCAST net
>+
>+#uriip HOSTED_AT_COVAD eval:check_uriip_rbl('covad', 'covad.blackholes.us.')
>+#describe HOSTED_AT_COVAD Uses a URL hosted at Covad
>+#tflags HOSTED_AT_COVAD net
>+
>+#uriip HOSTED_AT_CW eval:check_uriip_rbl('cw', 'cw.blackholes.us.')
>+#describe HOSTED_AT_CW Uses a URL hosted at Cable & Wireless
>+#tflags HOSTED_AT_CW net
>+
>+#uriip HOSTED_AT_HE eval:check_uriip_rbl('he', 'he.blackholes.us.')
>+#describe HOSTED_AT_HE Uses a URL hosted at HE.net
>+#tflags HOSTED_AT_HE net
>+
>+#uriip HOSTED_AT_HOSTCENTRIC eval:check_uriip_rbl('hostcentric',
>'hostcentric.blackholes.us.')
>+#describe HOSTED_AT_HOSTCENTRIC Uses a URL hosted at Hostcentric
>+#tflags HOSTED_AT_HOSTCENTRIC net
>+
>+#uriip HOSTED_AT_INTERBUSINESS eval:check_uriip_rbl('interbusiness',
>'interbusiness.blackholes.us.')
>+#describe HOSTED_AT_INTERBUSINESS Uses a URL hosted at Interbusiness
>+#tflags HOSTED_AT_INTERBUSINESS net
>+
>+#uriip HOSTED_AT_INTERNAP eval:check_uriip_rbl('internap',
>'internap.blackholes.us.')
>+#describe HOSTED_AT_INTERNAP Uses a URL hosted at Internap
>+#tflags HOSTED_AT_INTERNAP net
>+
>+#uriip HOSTED_AT_LEVEL3 eval:check_uriip_rbl('level3',
>'level3.blackholes.us.')
>+#describe HOSTED_AT_LEVEL3 Uses a URL hosted at Level3
>+#tflags HOSTED_AT_LEVEL3 net
>+
>+#uriip HOSTED_AT_QWEST eval:check_uriip_rbl('qwest', 'qwest.blackholes.us.')
>+#describe HOSTED_AT_QWEST Uses a URL hosted at QWest
>+#tflags HOSTED_AT_QWEST net
>+
>+#uriip HOSTED_AT_RACKSPACE eval:check_uriip_rbl('rackspace',
>'rackspace.blackholes.us.')
>+#describe HOSTED_AT_RACKSPACE Uses a URL hosted at Rackspace
>+#tflags HOSTED_AT_RACKSPACE net
>+
>+#uriip HOSTED_AT_ROGERS eval:check_uriip_rbl('rogers',
>'rogers.blackholes.us.')
>+#describe HOSTED_AT_ROGERS Uses a URL hosted at Rogers
>+#tflags HOSTED_AT_ROGERS net
>+
>+#uriip HOSTED_AT_RR eval:check_uriip_rbl('rr', 'rr.blackholes.us.')
>+#describe HOSTED_AT_RR Uses a URL hosted at RoadRunner
>+#tflags HOSTED_AT_RR net
>+
>+#uriip HOSTED_AT_SERVEPATH eval:check_uriip_rbl('servepath',
>'servepath.blackholes.us.')
>+#describe HOSTED_AT_SERVEPATH Uses a URL hosted at ServePath
>+#tflags HOSTED_AT_SERVEPATH net
>+
>+#uriip HOSTED_AT_SPRINT eval:check_uriip_rbl('sprint',
>'sprint.blackholes.us.')
>+#describe HOSTED_AT_SPRINT Uses a URL hosted at Sprint
>+#tflags HOSTED_AT_SPRINT net
>+
>+#uriip HOSTED_AT_TELUS eval:check_uriip_rbl('telus', 'telus.blackholes.us.')
>+#describe HOSTED_AT_TELUS Uses a URL hosted at Telus
>+#tflags HOSTED_AT_TELUS net
>+
>+#uriip HOSTED_AT_VALUENET eval:check_uriip_rbl('valuenet',
>'valuenet.blackholes.us.')
>+#describe HOSTED_AT_VALUENET Uses a URL hosted at ValueNet
>+#tflags HOSTED_AT_VALUENET net
>+
>+uriip HOSTED_AT_VERIO eval:check_uriip_rbl('verio', 'verio.blackholes.us.')
>+describe HOSTED_AT_VERIO Uses a URL hosted at Verio
>+tflags HOSTED_AT_VERIO net
>+
>+#uriip HOSTED_AT_VERIZON eval:check_uriip_rbl('verizon',
>'verizon.blackholes.us.')
>+#describe HOSTED_AT_VERIZON Uses a URL hosted at Verizon
>+#tflags HOSTED_AT_VERIZON net
>+
>+#uriip HOSTED_AT_WANADOOFR eval:check_uriip_rbl('wanadoo-fr',
>'wanadoo-fr.blackholes.us.')
>+#describe HOSTED_AT_WANADOOFR Uses a URL hosted at Wanadoo France
>+#tflags HOSTED_AT_WANADOOFR net
>+
>+#uriip HOSTED_AT_XO eval:check_uriip_rbl('xo', 'xo.blackholes.us.')
>+#describe HOSTED_AT_XO Uses a URL hosted at XO.com
>+#tflags HOSTED_AT_XO net
>+
>+
>+### Countries with severe spam problems ###
>+#
>+#uriip HOSTED_IN_ARGENTINA eval:check_uriip_rbl('argentina',
>'argentina.blackholes.us.')
>+#describe HOSTED_IN_ARGENTINA Uses a URL hosted in Argentina
>+#tflags HOSTED_IN_ARGENTINA net
>+
>+#uriip HOSTED_IN_BRAZIL eval:check_uriip_rbl('brazil',
>'brazil.blackholes.us.')
>+#describe HOSTED_IN_BRAZIL Uses a URL hosted in Brazil
>+#tflags HOSTED_IN_BRAZIL net
>+
>+uriip HOSTED_IN_CHINA eval:check_uriip_rbl('china', 'china.blackholes.us.')
>+describe HOSTED_IN_CHINA Uses a URL hosted in China
>+tflags HOSTED_IN_CHINA net
>+
>+uriip HOSTED_IN_KOREA eval:check_uriip_rbl('korea', 'korea.blackholes.us.')
>+describe HOSTED_IN_KOREA Uses a URL hosted in Korea
>+tflags HOSTED_IN_KOREA net
>+
>+#uriip HOSTED_IN_MALAYSIA eval:check_uriip_rbl('malaysia',
>'malaysia.blackholes.us.')
>+#describe HOSTED_IN_MALAYSIA Uses a URL hosted in Malaysia
>+#tflags HOSTED_IN_MALAYSIA net
>+
>+#uriip HOSTED_IN_NIGERIA eval:check_uriip_rbl('nigeria',
>'nigeria.blackholes.us.')
>+#describe HOSTED_IN_NIGERIA Uses a URL hosted in Nigeria
>+#tflags HOSTED_IN_NIGERIA net
>+
>+uriip HOSTED_IN_RUSSIA eval:check_uriip_rbl('russia', 'russia.blackholes.us.')
>+describe HOSTED_IN_RUSSIA Uses a URL hosted in Russia
>+tflags HOSTED_IN_RUSSIA net
>+
>+#uriip HOSTED_IN_SINGAPORE eval:check_uriip_rbl('singapore',
>'singapore.blackholes.us.')
>+#describe HOSTED_IN_SINGAPORE Uses a URL hosted in Singapore
>+#tflags HOSTED_IN_SINGAPORE net
>+
>+#uriip HOSTED_IN_TAIWAN eval:check_uriip_rbl('taiwan',
>'taiwan.blackholes.us.')
>+#describe HOSTED_IN_TAIWAN Uses a URL hosted in Taiwan
>+#tflags HOSTED_IN_TAIWAN net
>+
>+#uriip HOSTED_IN_THAILAND eval:check_uriip_rbl('thailand',
>'thailand.blackholes.us.')
>+#describe HOSTED_IN_THAILAND Uses a URL hosted in Thailand
>+#tflags HOSTED_IN_THAILAND net
>+
>diff -ruN spamassassin/rules/50_scores.cf spamassassin.new/rules/50_scores.cf
>--- spamassassin/rules/50_scores.cf 2003-12-17 07:14:52.000000000 +0100
>+++ spamassassin.new/rules/50_scores.cf 2004-01-20 23:57:19.000000000
>+0100
>@@ -999,6 +999,56 @@
> score USER_IN_MORE_SPAM_TO -20.000
> score USER_IN_ALL_SPAM_TO -100.000
>
>+# Spamvertised IPs within black-hat netblocks
>+
>+# Be careful with the scores - some legitimate emails may contain
>+# (informational) links to spamvertised sites - score them high enough
>+# but not too high.
>+
>+# These ones have been proven as *very* useful.
>+score HOSTED_SBL 4.0
>+score HOSTED_SPEWS_L1 4.0
>+score HOSTED_SPEWS_L2 2.0
>+score HOSTED_HABEAS_VIOLATOR 4.0
>+
>+# Only to be activated if a regional or ISP-specific spam problem is
>+# evolving (yet that's what SBL and SPEWS are good for).
>+score HOSTED_AT_ABOVE 1.5
>+score HOSTED_AT_ATT 1.5
>+score HOSTED_AT_BELLSOUTH 1.5
>+score HOSTED_AT_CHINANET 4.0
>+score HOSTED_AT_CIBERLYNX 4.0
>+score HOSTED_AT_COGENTCO 2.0
>+score HOSTED_AT_COMCAST 2.0
>+score HOSTED_AT_COVAD 1.5
>+score HOSTED_AT_CW 1.5
>+score HOSTED_AT_HE 1.5
>+score HOSTED_AT_HOSTCENTRIC 1.5
>+score HOSTED_AT_INTERBUSINESS 2.0
>+score HOSTED_AT_INTERNAP 2.0
>+score HOSTED_AT_LEVEL3 1.5
>+score HOSTED_AT_QWEST 2.0
>+score HOSTED_AT_RACKSPACE 2.0
>+score HOSTED_AT_ROGERS 2.0
>+score HOSTED_AT_RR 2.0
>+score HOSTED_AT_SERVEPATH 2.0
>+score HOSTED_AT_SPRINT 2.0
>+score HOSTED_AT_TELUS 1.5
>+score HOSTED_AT_VALUENET 1.5
>+score HOSTED_AT_VERIO 2.5
>+
>+score HOSTED_IN_ARGENTINA 1.5
>+score HOSTED_IN_BRAZIL 1.5
>+score HOSTED_IN_CHINA 3.0
>+score HOSTED_IN_KOREA 2.5
>+score HOSTED_IN_MALAYSIA 1.5
>+score HOSTED_IN_NIGERIA 2.0
>+score HOSTED_IN_RUSSIA 2.0
>+score HOSTED_IN_SINGAPORE 1.5
>+score HOSTED_IN_TAIWAN 1.5
>+score HOSTED_IN_THAILAND 1.5
>+
>+
> #
> # Habeas: http://www.habeas.com/
> #
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
