Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package perl-Mail-SpamAssassin-Plugin-dqs
for openSUSE:Factory checked in at 2022-11-16 15:44:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-Mail-SpamAssassin-Plugin-dqs (Old)
and
/work/SRC/openSUSE:Factory/.perl-Mail-SpamAssassin-Plugin-dqs.new.1597 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Mail-SpamAssassin-Plugin-dqs"
Wed Nov 16 15:44:13 2022 rev:2 rq:1036212 version:1.2.2
Changes:
--------
---
/work/SRC/openSUSE:Factory/perl-Mail-SpamAssassin-Plugin-dqs/perl-Mail-SpamAssassin-Plugin-dqs.changes
2022-02-09 20:40:55.442623394 +0100
+++
/work/SRC/openSUSE:Factory/.perl-Mail-SpamAssassin-Plugin-dqs.new.1597/perl-Mail-SpamAssassin-Plugin-dqs.changes
2022-11-16 15:44:15.848060506 +0100
@@ -1,0 +2,8 @@
+Wed Nov 16 10:28:49 UTC 2022 - Johannes Weberhofer <[email protected]>
+
+- spamassassin-dqs version 1.2.2
+
+ * Removed useless syslog functions and made the plugin compatible with
MDaemon
+ * Minor fixes
+
+-------------------------------------------------------------------
Old:
----
v1.2.0.tar.gz
New:
----
v1.2.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Mail-SpamAssassin-Plugin-dqs.spec ++++++
--- /var/tmp/diff_new_pack.v6tkTV/_old 2022-11-16 15:44:16.388063158 +0100
+++ /var/tmp/diff_new_pack.v6tkTV/_new 2022-11-16 15:44:16.392063177 +0100
@@ -17,7 +17,7 @@
Name: perl-Mail-SpamAssassin-Plugin-dqs
-Version: 1.2.0
+Version: 1.2.2
Release: 0
Summary: SpamAssassin plugin for Spamhaus Data Query Service (DQS)
License: Apache-2.0
++++++ v1.2.0.tar.gz -> v1.2.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spamassassin-dqs-1.2.0/Changelog.md
new/spamassassin-dqs-1.2.2/Changelog.md
--- old/spamassassin-dqs-1.2.0/Changelog.md 2021-09-09 16:46:07.000000000
+0200
+++ new/spamassassin-dqs-1.2.2/Changelog.md 2022-04-20 18:23:07.000000000
+0200
@@ -1,5 +1,15 @@
Changelog for SpamAssassin DQS Plugin
+- 200422
+ - Removed useless syslog functions and made the plugin compatible with
MDaemon
+ - Minor fixes
+ - Tagged version 1.2.1
+
+- 310122
+ - Added functions to check whole hostnames in DBL
+ - Minor fixes
+ - Tagged version 1.2.0
+
- 140721
- Fixed scores on the abused section
- Tagged version 1.1.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spamassassin-dqs-1.2.0/README.md
new/spamassassin-dqs-1.2.2/README.md
--- old/spamassassin-dqs-1.2.0/README.md 2021-09-09 16:46:07.000000000
+0200
+++ new/spamassassin-dqs-1.2.2/README.md 2022-04-20 18:23:07.000000000
+0200
@@ -1,4 +1,3 @@
-
# Using DQS with SpamAssassin
This repository contains the configuration files and a plugin written for
SpamAssassin, (https://spamassassin.apache.org/) for use with Spamhaus
Technology Data Query Service (DQS) product.
@@ -19,6 +18,7 @@
- Installation instructions
- [Install from Github](#install-from-github)
- [Install from FreeBSD ports](#install-from-freebsd-ports)
+- [Testing your setup](#testing-your-setup)
- [Plugin internals](#plugin-internals)
- [Final recommendations](#final-recommendations)
- [Support and feedback](#support-and-feedback)
@@ -256,6 +256,12 @@
$ sudo make install
```
+## Testing your setup
+
+Once you succesfully installed the plugin, you could head to
[http://blt.spamhaus.com](http://blt.spamhaus.com) and test if you have
correctly installed everything.
+
+**Please read the docs carefully**, as a "delivered" response with a red flag
**doesn't always mean you missed something**; it depends on your setup. You
should always check all the headers of any email that the BLT sends and look
for spam headers, usually, but not always: "X-Spam-Flag: Yes" or "X-Spam: Yes".
+
***
## Plugin internals
@@ -283,6 +289,9 @@
* `check_sh_bodyuri_ns`
This function scans the email body and looks for URLs; when one is found it
takes the domain's authoritative nameservers IPs and checks them in SBL (beta,
not used, but you are encouraged to try it).
+ * `check_sh_hostname`
+ This function extracts whole hostnames starting from URLs in the email body
and is used to check them in the abused-legit component of DBL
+
* `check_sh_crypto`
This functions looks for cryptowallets in the email body and checks them in
HBL. As of today, we support the following cryptos:
- BTC
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spamassassin-dqs-1.2.0/SH.pm
new/spamassassin-dqs-1.2.2/SH.pm
--- old/spamassassin-dqs-1.2.0/SH.pm 2021-09-09 16:46:07.000000000 +0200
+++ new/spamassassin-dqs-1.2.2/SH.pm 2022-04-20 18:23:07.000000000 +0200
@@ -18,7 +18,7 @@
# at <spamassassin at spamteq.com> for questions/suggestions related
# with this plug-in exclusively.
-# version 20200825
+# version 20220420
package Mail::SpamAssassin::Plugin::SH;
@@ -32,7 +32,6 @@
use Socket;
use Mail::SpamAssassin::Logger;
use Digest::SHA qw(sha256 );
-use Sys::Syslog qw( :DEFAULT setlogsock);
our @ISA = qw(Mail::SpamAssassin::Plugin);
@@ -83,18 +82,46 @@
$self->register_eval_rule ( 'check_sh_attachment' );
# Check email hashes
$self->register_eval_rule ( 'check_sh_emails' );
-
+ # Finds URIs in the email body and checks their hostnames
+ $self->register_eval_rule ( 'check_sh_hostname' );
return $self;
}
-sub log_syslog {
- my ($priority, $msg) = @_;
- return 0 unless ($priority =~ /info|err|debug/);
- setlogsock('unix');
- openlog("SHPlugin",'pid','mail');
- syslog($priority, $msg);
- closelog();
- return 1;
+sub check_sh_hostname {
+
+ my ($self, $pms, $bodyref, $list, $subtest) = @_;
+ my $conf = $pms->{conf};
+ return 0 unless $self->{sh_available};
+ return 0 unless defined $list;
+
+ my $skip_domains = $conf->{uridnsbl_skip_domains};
+ $skip_domains = {} if !$skip_domains;
+
+ my $body = join('', @{$bodyref});
+ my $rulename = $pms->get_current_eval_rule_name();
+
+ my @uris;
+ (@uris) = _get_body_uris($self,$pms,$bodyref);
+
+ foreach my $this_hostname (@uris) {
+ if (!($skip_domains->{$this_hostname})) {
+ dbg("SHPlugin: (check_sh_hostname) checking ".$this_hostname);
+ my $lookup = $this_hostname.".".$list;
+ my $key = "SH:$lookup";
+ my $ent = {
+ key => $key,
+ zone => $list,
+ type => 'SH',
+ rulename => $rulename,
+ addr => $this_hostname,
+ };
+ $ent = $pms->{async}->bgsend_and_start_lookup($lookup, 'A', undef, $ent,
sub {
+ my ($ent, $pkt) = @_;
+ $self->_finish_lookup($pms, $ent, $pkt, $subtest);
+ }, master_deadline => $pms->{master_deadline});
+ }
+ }
+ return 0;
}
sub finish_parsing_end {
@@ -181,12 +208,15 @@
sub _get_body_uris {
my ($self,$pms, $bodyref) = @_;
- my $body = join('', @{$bodyref});
my %seen;
my @uris;
- foreach my $this_uri ( $body =~
/[a-zA-Z][a-zA-Z0-9+\-.]*:\/\/(?:[a-zA-Z0-9\-._~%!$&'()*+,;=]+@)?([a-zA-Z0-9\-._~%]+|âµ\[[a-zA-Z0-9\-._~%!$&'()*+,;=:]+\])/g)
{
- push (@uris, lc $this_uri) unless defined $seen{lc $this_uri};
- $seen{lc $this_uri} = 1;
+ my @parsed = $pms->get_uri_list();
+ foreach ( @parsed ) {
+ my ($domain, $host) =
$self->{main}->{registryboundaries}->uri_to_domain($_);
+ if ( $host ) {
+ push (@uris, lc $host) unless defined $seen{lc $host};
+ $seen{lc $host} = 1;
+ }
}
foreach my $this_uri (@uris) {
dbg("SHPlugin: (_get_body_uris) found ".$this_uri." in body");
@@ -352,7 +382,7 @@
# This extraction code has been heavily copypasted and slightly adapted from
https://github.com/smfreegard/HashBL/blob/master/HashBL.pm
my %seen;
my @headers_domains;
- my @headers = ('EnvelopeFrom', 'Sender', 'From', 'Reply-To');
+ my @headers = ('EnvelopeFrom', 'Sender', 'From', 'Reply-To',
'Resent-Sender','X-Envelope-From','Return-Path');
foreach my $header (@headers) {
if ($pms->get($header . ':addr')) {
my $this_domain =
$self->{'main'}->{'registryboundaries'}->uri_to_domain($pms->get(
$header.':addr' ));
@@ -371,7 +401,7 @@
# This extraction code has been heavily copypasted and slightly adapted from
https://github.com/smfreegard/HashBL/blob/master/HashBL.pm
my %seen;
my @headers_emails;
- my @headers = ('EnvelopeFrom', 'Sender', 'From', 'Reply-To');
+ my @headers = ('EnvelopeFrom', 'Sender', 'From', 'Reply-To',
'Resent-Sender','X-Envelope-From','Return-Path');
foreach my $header (@headers) {
my $email = lc($pms->get($header . ':addr'));
if ($email) {
@@ -774,7 +804,6 @@
my @answer = $pkt->answer;
foreach my $rr (@answer) {
if ($rr->address =~ /$re/) {
- if ($ent->{rulename} =~ /SH_EMAIL/) { log_syslog("info","Matched email:
".$ent->{addr}); }
dbg("SHPlugin: Hit on Item $ent->{addr} for $ent->{rulename}");
$pms->test_log($ent->{addr});
$pms->got_hit($ent->{rulename}, '', ruletype => 'eval');
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spamassassin-dqs-1.2.0/sh.cf
new/spamassassin-dqs-1.2.2/sh.cf
--- old/spamassassin-dqs-1.2.0/sh.cf 2021-09-09 16:46:07.000000000 +0200
+++ new/spamassassin-dqs-1.2.2/sh.cf 2022-04-20 18:23:07.000000000 +0200
@@ -1,4 +1,4 @@
-# Spamhaus's SpamAssassin setup version 20210909
+# Spamhaus's SpamAssassin setup version 20220420
ifplugin Mail::SpamAssassin::Plugin::SH
@@ -70,19 +70,19 @@
endif # if can
endif # Mail::SpamAssassin::Plugin::URIDNSBL
- body SH_BODYURI_REVERSE_SBL
eval:check_sh_bodyuri_a('your_DQS_key.zen.dq.spamhaus.net', '^127\.0\.0\.2')
+ body SH_BODYURI_REVERSE_SBL
eval:check_sh_bodyuri_a('your_DQS_key.zen.dq.spamhaus.net', '^127\.0\.0\.2$')
priority SH_BODYURI_REVERSE_SBL -100
describe SH_BODYURI_REVERSE_SBL The corresponding A record of an URI
contained in the body is listed in SBL
- body SH_BODYURI_REVERSE_CSS
eval:check_sh_bodyuri_a('your_DQS_key.zen.dq.spamhaus.net', '^127\.0\.0\.3')
+ body SH_BODYURI_REVERSE_CSS
eval:check_sh_bodyuri_a('your_DQS_key.zen.dq.spamhaus.net', '^127\.0\.0\.3$')
priority SH_BODYURI_REVERSE_CSS -100
describe SH_BODYURI_REVERSE_CSS The corresponding A record of an URI
contained in the body is listed in CSS
- body SH_BODYURI_REVERSE_DROP
eval:check_sh_bodyuri_a('your_DQS_key.zen.dq.spamhaus.net', '^127\.0\.0\.9')
+ body SH_BODYURI_REVERSE_DROP
eval:check_sh_bodyuri_a('your_DQS_key.zen.dq.spamhaus.net', '^127\.0\.0\.9$')
priority SH_BODYURI_REVERSE_DROP -100
describe SH_BODYURI_REVERSE_DROP The corresponding A record of an URI
contained in the body is listed in DROP
- body SH_BODYURI_REVERSE_XBL
eval:check_sh_bodyuri_a('your_DQS_key.zen.dq.spamhaus.net', '^127\.0\.0\.4')
+ body SH_BODYURI_REVERSE_XBL
eval:check_sh_bodyuri_a('your_DQS_key.zen.dq.spamhaus.net', '^127\.0\.0\.4$')
priority SH_BODYURI_REVERSE_XBL -100
describe SH_BODYURI_REVERSE_XBL The corresponding A record of an URI
contained in the body is listed in XBL
@@ -165,4 +165,8 @@
header RCVD_IN_ZEN_BLOCKED_OPENDNS eval:check_rbl('zendqs-lastexternal',
'your_DQS_key.zen.dq.spamhaus.net.', '^127\.255\.255\.254$')
header RCVD_IN_ZEN_BLOCKED eval:check_rbl('zendqs-lastexternal',
'your_DQS_key.zen.dq.spamhaus.net.', '^127\.255\.255\.255$')
+ body SH_DBL_ABUSED_FULLHOST
eval:check_sh_hostname('your_DQS_key.dbl.dq.spamhaus.net',
'^127\.0\.1\.10[2-6]$')
+ priority SH_DBL_ABUSED_FULLHOST -100
+ describe SH_DBL_ABUSED_FULLHOST A hostname found in the email body is
listed in DBL as abused_legit
+
endif # Mail::SpamAssassin::Plugin::SH
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spamassassin-dqs-1.2.0/sh_hbl.cf
new/spamassassin-dqs-1.2.2/sh_hbl.cf
--- old/spamassassin-dqs-1.2.0/sh_hbl.cf 2021-09-09 16:46:07.000000000
+0200
+++ new/spamassassin-dqs-1.2.2/sh_hbl.cf 2022-04-20 18:23:07.000000000
+0200
@@ -1,4 +1,4 @@
-# Spamhaus's SpamAssassin setup version 20210909
+# Spamhaus's SpamAssassin setup version 20220420
ifplugin Mail::SpamAssassin::Plugin::SH
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spamassassin-dqs-1.2.0/sh_hbl_scores.cf
new/spamassassin-dqs-1.2.2/sh_hbl_scores.cf
--- old/spamassassin-dqs-1.2.0/sh_hbl_scores.cf 2021-09-09 16:46:07.000000000
+0200
+++ new/spamassassin-dqs-1.2.2/sh_hbl_scores.cf 2022-04-20 18:23:07.000000000
+0200
@@ -1,4 +1,4 @@
-# Spamhaus's SpamAssassin setup version 20210909
+# Spamhaus's SpamAssassin setup version 20220420
ifplugin Mail::SpamAssassin::Plugin::SH
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spamassassin-dqs-1.2.0/sh_scores.cf
new/spamassassin-dqs-1.2.2/sh_scores.cf
--- old/spamassassin-dqs-1.2.0/sh_scores.cf 2021-09-09 16:46:07.000000000
+0200
+++ new/spamassassin-dqs-1.2.2/sh_scores.cf 2022-04-20 18:23:07.000000000
+0200
@@ -1,4 +1,4 @@
-# Spamhaus's SpamAssassin setup version 20210909
+# Spamhaus's SpamAssassin setup version 20220420
ifplugin Mail::SpamAssassin::Plugin::SH
@@ -47,6 +47,8 @@
score SH_HELO_DBL 8
score SH_HELO_DBL_ABUSED 0.001
score SH_AUTHBL_AND_DBL_ABUSED 6
+ score SH_ZRD_BODY_FRESH 6
+ score SH_ZRD_BODY_VERY_FRESH 8
# DQS wont block queries for open dns usage
score URIBL_DBL_BLOCKED_OPENDNS 0
@@ -58,5 +60,7 @@
score URIBL_ZEN_BLOCKED 0.001
score RCVD_IN_ZEN_BLOCKED 0.001
+ score SH_DBL_ABUSED_FULLHOST 6
+
endif # Mail::SpamAssassin::Plugin::SH
