NAME HashBL - query hashed (and unhashed) DNS blocklists SYNOPSIS loadplugin Mail::SpamAssassin::Plugin::HashBL # NON-WORKING usage examples below, replace xxx.example.invalid with real list # See documentation below for detailed usage header HASHBL_EMAIL eval:check_hashbl_emails('ebl.example.invalid') describe HASHBL_EMAIL Message contains email address found on EBL priority HASHBL_EMAIL -100 # required priority to launch async lookups early tflags HASHBL_EMAIL net hashbl_acl_freemail gmail.com header HASHBL_OSENDR eval:check_hashbl_emails('rbl.example.invalid/A', 'md5/max=10/shuffle', 'X-Original-Sender', '^127\.', 'freemail') describe HASHBL_OSENDR Message contains email address found on HASHBL priority HASHBL_OSENDR -100 # required priority to launch async lookups early tflags HASHBL_OSENDR net body HASHBL_BTC eval:check_hashbl_bodyre('btcbl.example.invalid', 'sha1/max=10/shuffle', '\b([13][a-km-zA-HJ-NP-Z1-9]{25,34})\b') describe HASHBL_BTC Message contains BTC address found on BTCBL priority HASHBL_BTC -100 # required priority to launch async lookups early tflags HASHBL_BTC net header HASHBL_URI eval:check_hashbl_uris('rbl.example.invalid', 'sha1', '127.0.0.32') describe HASHBL_URI Message contains uri found on rbl priority HASHBL_URI -100 # required priority to launch async lookups early tflags HASHBL_URI net DESCRIPTION This plugin support multiple types of hashed or unhashed DNS blocklists. OPTS refers to multiple generic options: raw do not hash data, query as is md5 hash query with MD5 sha1 hash query with SHA1 case keep case before hashing, default is to lowercase max=x maximum number of queries shuffle if max exceeded, random shuffle queries before truncating to limit Multiple options can be separated with slash or other non-word character. If OPTS is empty ('') or missing, default is used. HEADERS refers to slash separated list of Headers to process: ALL all headers ALLFROM all From headers as returned by $pms->all_from_addrs() EnvelopeFrom message envelope from (Return-Path etc) HeaderName any header as used with $pms->get() if HEADERS is empty ('') or missing, default is used. header RULE check_hashbl_emails('bl.example.invalid/A', 'OPTS', 'HEADERS/body', '^127\.') Check email addresses from DNS list, "body" can be specified along with headers to search body for emails. Optional subtest regexp to match DNS answer. Note that eval rule type must always be "header". DNS query type can be appended to list with /A (default) or /TXT. Additional supported OPTS: nodot strip username dots from email notag strip username tags from email nouri ignore emails inside uris noquote ignore emails inside < > or possible quotings Default OPTS: sha1/notag/noquote/max=10/shuffle Default HEADERS: ALLFROM/Reply-To/body For existing public email blacklist, see: http://msbl.org/ebl.html # Working example, see http://msbl.org/ebl.html before usage header HASHBL_EMAIL eval:check_hashbl_emails('ebl.msbl.org') describe HASHBL_EMAIL Message contains email address found on EBL priority HASHBL_EMAIL -100 # required priority to launch async lookups early tflags HASHBL_EMAIL net header RULE check_hashbl_uris('bl.example.invalid/A', 'OPTS', '^127\.') Check uris from DNS list, optional subtest regexp to match DNS answer. DNS query type can be appended to list with /A (default) or /TXT. Default OPTS: sha1/max=10/shuffle body RULE check_hashbl_bodyre('bl.example.invalid/A', 'OPTS', '\b(match)\b', '^127\.') Search body for matching regexp and query the string captured. Regexp must have a single capture ( ) for the string ($1). Optional subtest regexp to match DNS answer. Note that eval rule type must be "body" or "rawbody".