Qpsmtpd:uribl

From SME Server
Jump to navigation Jump to search

Qpsmtpd#Plugins

NAME

uribl - URIBL blocking plugin for qpsmtpd

DESCRIPTION

This plugin implements DNSBL lookups for URIs found in spam, such as that implemented by SURBL (see <http://surbl.org/>). Incoming messages are scanned for URIs, which are then checked against one or more URIBLs in a fashion similar to DNSBL systems.

CONFIGURATION

To enable the plugin, add it to ~qpsmtpd/config/plugins. The list of URIBLs to check should be placed in uribl_zones in the config directory (typically ~qpsmtpd/config).

The format of the uribl_zones file is a list of URIBL DNS zones, one per line, consisting of one or more columns separated by whitespace. The first column (the only mandatoy one) should consist of the URIBL zone.

The second column may contain a comma-delimited list of integers selecting mask values to be applied to the A record(s) returned from a URIBL. This enables the use of composite DNSBLs, such as multi.surbl.org, where several lists are combined so they may be accessed with a single query; any returns are checked against the mask of lists you're interested in. If unspecified, or if a negative number is given, all lists in a composite URIBL will be checked. URIBL operators prefer that you use the composite lists to reduce their own query load, and it's more efficient for qpsmtpd as well.

The third column specifies an action, which overrides the default action configured with the action setting discussed below.

For example:

    multi.surbl.org    2,8    deny
    ob.surbl.org    1    add-header

You may specify the following config option(s) in the qpsmtpd/config file:

action
Specifies what to do when a URI is matched in a URIBL. Available options are add-header (the default) deny and denysoft. If set to add-header, an X-URIBL-Match: header will be added explaining the URIBL entry found. If set to 'deny,' the delivery will be declined with a hard failure. If set to denysoft, the delivery will be soft failed (this is probably not a good idea.)
timeout
Timeout for DNS requests, in seconds. The default is 30 seconds. DNS requests are issued asynchronously and in parallel for all hosts found in URIs in the mail; the same timeout will apply to each; see the Net::DNS documentation for details.
scan-headers
If set true, any headers found in the URIs will be checked as well. Disabled by default.

CAUTIONS

When used in deny or denysoft mode, a URIBL check can block not only the original spam containing a listed URI, but mail unintentionally carrying that URI, such as forwarded complaints. The uribl checks should only be used in these modes if you know what you're doing.

The URI scanner used by the uribl plugin is quite aggressive, and attempts to detect all forms of URIs supported by typical MUAs (even those that lack a protocol specification, for example.) However, it does not attempt to detect URIs that have been mangled beyond programmatic reconstruction. Even so, it may issue spurious lookups on unintended URIs, especially those in non-text sections of the mail.

COPYRIGHT

uribl is copyright 2004-2007 by Devin Carraway <qpsmtpd@devin.com>. It may be used and redistributed under the same terms as qpsmtpd itself.