Hi Michael,
nice idea - but : what, if there is a large number of URI's in the mail -
depending on your setting of 'URIBLmaxdomains' the 'X-Assp-Detected-URI:'
heaeder lines could easy oversize the header in a way that the MTA behind
will reject the mail? If you use the ASSP-OCR Plugin, the URIBLok sub will
be called twice (again for the extracted OCR data).
The added lines are depending on the setting of 'URIBLLog' !??
$this->{myheader}.=sprintf("X-Assp-Detected-URI:
%s\r\n",$uri) if (! exists $domains{ lc $uri } && $URIBLmaxdomains &&
scalar keys(%domains) <= $URIBLmaxdomains ) ;
I think this will do it better - but it is not a solution for the
'oversize header' problem if 'URIBLmaxdomains' is set to a large value.
You've added the code at a place where URI's are registered for checking -
so even good and bad URI's are added to 'myheader'. Would it be better to
only add header lines for bad URI's?
Thomas
Von: "Michael Thomas" <[email protected]>
An: "'ASSP development mailing list'"
<[email protected]>
Datum: 02.01.2011 01:03
Betreff: [Assp-test] Enhancement Suggestion
Thomas,
I am not sure whether anyone else would find this useful, but I thought I
would bring it up.
I find it useful to add a header entry for each URI found in the message.
I monitor certain types of messages (that make it through ASSP) and
forward
a copy to a spam account. Those messages are then inspected, sometimes
very
briefly. Those messages that are spam are dragged into a disk folder. At
an
appropriate moment, I run a script that for each message, grabs the
originating IP address and the URI found in the message, checks for
duplicates, then adds the IP addresses to a DNSBL and adds the URI to a
URIBL. The script is a work-in-progress. Currently (because I can go numb
looking at messages) it provides for a "Protected IP Range" list and a
"Protected URI" list, so I can prevent listing IP addresses for Google,
etc
and prevent listing URI like w3.org and schemas.microsoft.com.
The advantage is the script is a LOT faster than doing those things
manually
and the script is not subject to fumble finger.
The code solution I added to assp.pl is a fixed solution. That is, it
cannot
be enabled or disabled specifically. It does use the URI logging flag, so
can be disabled/enabled with URI logging. I am fine with that for my
usage,
as I always have logging on.
Also, it adds a header entry for each URI encounter in the same manner as
logging. I am okay with that for my usage, but others may want only one
entry per URI.
An example header:
X-Assp-Detected-URI(1): hotmail.com
There are two instances in the code that start with:
mlog($fh,"info: registered URI $uri for check")
>From This
========================
mlog($fh,"info: registered URI $uri for check") if
(($URIBLLog == 2 && ! exists $domains{ lc $uri }) or
$URIBLLog == 3);
========================
To This
========================
mlog($fh,"info: registered URI $uri for check") if
(($URIBLLog == 2 && ! exists $domains{ lc $uri }) or
$URIBLLog == 3);
$this->{myheader}.=sprintf("X-Assp-Detected-URI:
%s\r\n",$uri) if (($URIBLLog == 2 && ! exists $domains{ lc $uri }) or
$URIBLLog == 3);
========================
For what is worth....
Michael Thomas
Mathbox
978-687-3300
Toll Free: 1-877-MATHBOX (1-877-628-4269)
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment,
and,
should the need arise, upgrade to a full multi-node Oracle RAC database
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and,
should the need arise, upgrade to a full multi-node Oracle RAC database
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
