Dears, well, I just did version 0.01 of the URIWhois plugin.
Its purpose is mainly to detect some spam containing URIs to sites in brand-new domains, or having some conflict in whois and dns records, or being driven by specific dns servers. So, it is meant to do something I believe someone else is already doing in their SA, but this plugin is completely asynchronous in order to minimize any performance impact. Also, it caches whois results. But the best thing is that, if you run more SA copies on the same computer (in example, you use amavis), when one is asked to issue a whois query for a domain which another copy is already quering, the first SA copy waits for the results obtained by the latter! Finally, it is easily configurable to adapt to your own mileage: you may even avoid whois queries by not using some of the rules. More details by perldoc. Please note this is not stable stuff. It is... well, what's before alpha? The URIWhois plugin needs SA v.3.002003 (or above?) and would surely appreciate a quite recent copy of BerkeleyDB (I'm using 0.31 with v.4.5 of the berkeleydb libraries). You can download it from here: http://www.tomassoni.biz/download/URIWhois-0.01.tar.bz2 (come on, it is 17 KB...). Untar it on the /etc/spamassassin directory and you are (almost) done. Review settings from the /etc/spamassassin/URIWhois.cf file. I would like to have this code reviewed by you, since I'm not that much used to the async thingeries in SA. Enjoy! Giampaolo