Thomas,
I am not sure whether anyone else would find this useful, but I thought I
would bring it up.
I find it useful to add a header entry for each URI found in the message.
I monitor certain types of messages (that make it through ASSP) and forward
a copy to a spam account. Those messages are then inspected, sometimes very
briefly. Those messages that are spam are dragged into a disk folder. At an
appropriate moment, I run a script that for each message, grabs the
originating IP address and the URI found in the message, checks for
duplicates, then adds the IP addresses to a DNSBL and adds the URI to a
URIBL. The script is a work-in-progress. Currently (because I can go numb
looking at messages) it provides for a "Protected IP Range" list and a
"Protected URI" list, so I can prevent listing IP addresses for Google, etc
and prevent listing URI like w3.org and schemas.microsoft.com.
The advantage is the script is a LOT faster than doing those things manually
and the script is not subject to fumble finger.
The code solution I added to assp.pl is a fixed solution. That is, it cannot
be enabled or disabled specifically. It does use the URI logging flag, so
can be disabled/enabled with URI logging. I am fine with that for my usage,
as I always have logging on.
Also, it adds a header entry for each URI encounter in the same manner as
logging. I am okay with that for my usage, but others may want only one
entry per URI.
An example header:
X-Assp-Detected-URI: hotmail.com
There are two instances in the code that start with:
mlog($fh,"info: registered URI $uri for check")
>From This
========================
mlog($fh,"info: registered URI $uri for check") if
(($URIBLLog == 2 && ! exists $domains{ lc $uri }) or
$URIBLLog == 3);
========================
To This
========================
mlog($fh,"info: registered URI $uri for check") if
(($URIBLLog == 2 && ! exists $domains{ lc $uri }) or
$URIBLLog == 3);
$this->{myheader}.=sprintf("X-Assp-Detected-URI:
%s\r\n",$uri) if (($URIBLLog == 2 && ! exists $domains{ lc $uri }) or
$URIBLLog == 3);
========================
For what is worth....
Michael Thomas
Mathbox
978-687-3300
Toll Free: 1-877-MATHBOX (1-877-628-4269)
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and,
should the need arise, upgrade to a full multi-node Oracle RAC database
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
