Mail::SpamAssassin::Plugin::URILocalBL (3)

Leading comments

Automatically generated by Pod::Man 4.07 (Pod::Simple 3.32)

Standard preamble:
========================================================================

(The comments found at the beginning of the groff file "man3/Mail::SpamAssassin::Plugin::URILocalBL.3pm".)

NAME

URILocalBL - blacklist URIs using local information (ISP names, address lists, and country codes)

SYNOPSIS

This plugin creates some new rule test types, such as ``uri_block_cc'', ``uri_block_cidr'', and ``uri_block_isp''. These rules apply to the URIs found in the portion of a message, i.e. <a href=...> markup.

  loadplugin    Mail::SpamAssassin::Plugin::URILocalBL

Why local blacklisting? There are a few excellent, effective, and well-maintained

's out there. But they have several drawbacks:

*

blacklists can cover tens of thousands of entries, and you can't select which ones you use;

*

verifying that it's correctly configured can be non-trivial;

*

new blacklisting entries may take a while to be detected and entered, so it's not instantaneous.

Sometimes all you want is a quick, easy, and very surgical blacklisting of a particular site or a particular

This plugin is defined for that exact usage case.

RULE DEFINITIONS AND PRIVILEGED SETTINGS

The format for defining a rule is as follows:

  uri_block_cc SYMBOLIC_TEST_NAME cc1 cc2 cc3 cc4

or:

  uri_block_cidr SYMBOLIC_TEST_NAME a.a.a.a b.b.b.b/cc d.d.d.d-e.e.e.e

or:

  uri_block_isp SYMBOLIC_TEST_NAME "DataRancid" "McCarrier" "Phishers-r-Us"

Example rule for matching a

in China:

  uri_block_cc TEST1 cn

This would block the

www.baidu.com/index.htm Similarly, to match a Spam-haven netblock:

  uri_block_cidr TEST2 65.181.64.0/18

would match a netblock where several phishing sites were recently hosted.

And to block all

blocks registered to an one might use:

  uri_block_isp TEST3 "ColoCrossing"

if one didn't trust

's pointing to that organization's clients. Lastly, if there's a country that you want to block but there's an explicit host you wish to exempt from that blacklist, you can use:

  uri_block_exclude TEST1 www.baidu.com

if you wish to exempt

's referring to this host. The same syntax is applicable to and blocks as well.

DEPENDENCIES

The Country-Code based filtering requires the Geo::IP module, which uses either the fremium GeoLiteCountry database, or the commercial version of it called GeoIP from MaxMind.com.

The

based filtering requires the same module, plus the GeoIPISP database. There is no fremium version of this database, so commercial licensing is required.