Use this forum for discussions about SpamAssassin and anti-spam in general.
-
RvdH
- Senior user
- Posts: 1163
- Joined: 2008-06-27 14:42
- Location: Netherlands
Post
by RvdH » 2019-03-01 14:29
Useful SpamAssassin Plugins
The purpose of this topic is to share information on (custom) plugins that can be used with SpamAssassin used by forum members here
DecodeShortURLs
This plugin looks for URLs shortened by a list of URL shortening services and upon finding a matching URL will connect using to the shortening service and do an HTTP HEAD lookup and retrieve the location header which points to the actual shortened URL, it then adds this URL to the list of URIs extracted by SpamAssassin which can then be accessed by other plug-ins, such as URIDNSBL.
Code: Select all
https://github.com/smfreegard/DecodeShortURLs
(This is version 0.3 a improved version over the 0.1 version included in SA 3.4.2)
This plugin is used to lookup e-mail addresses on the msbl.org blacklists.
Code: Select all
https://github.com/smfreegard/HashBL
Well, this is my contribution....what do other's here use? Either default disabled plugins or custom plugins
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
-
SorenR
- Senior user
- Posts: 4067
- Joined: 2006-08-21 15:38
- Location: Denmark
Post
by SorenR » 2019-03-01 17:27
Botnet looks for possible botnet sources of email by checking various DNS values that indicate things such as other ISP's clients or workstations, or misconfigured DNS settings that are more likely to happen with client or workstation addresses than servers.
Code: Select all
https://github.com/eilandert/Botnet.pm
NOTE: HashBL is already part of SA 3.4.2 standard plugins. All you need to do is create the config HashBL.cf
Code: Select all
loadplugin Mail::SpamAssassin::Plugin::HashBL
ifplugin Mail::SpamAssassin::Plugin::HashBL
header HASHBL_EMAIL eval:check_hashbl_emails('ebl.msbl.org')
describe HASHBL_EMAIL Message contains email address found on the EBL
score HASHBL_EMAIL 0.1
meta HASHBL_EMAIL_BLACK (0)
describe HASHBL_EMAIL_BLACK Message contains email address found on the EBL Black list
score HASHBL_EMAIL_BLACK 3.0
meta HASHBL_EMAIL_GREY (0)
describe HASHBL_EMAIL_GREY Message contains email address found on the EBL Grey list
score HASHBL_EMAIL_GREY 1.0
endif
Just about a week ago I copied the entire .\Mail directory with plugins and the works from 3.4.2 SOURCE to my 3.4.0 installation overwriting the old files. So far everything is still working
SørenR.
Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.
-
RvdH
- Senior user
- Posts: 1163
- Joined: 2008-06-27 14:42
- Location: Netherlands
Post
by RvdH » 2019-03-01 19:26
SorenR wrote: ↑2019-03-01 17:27
NOTE: HashBL is already part of SA 3.4.2 standard plugins. All you need to do is create the config HashBL.cf
Nah, it isn't...SA 3.4.2 uses 0.001 and the github link for HASHBL above is 0.003 that includes the splitting into BLACK/GREY rules
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
