Re: Plugin for filtering based on local criteria

Tue, 17 Jun 2014 08:26:04 -0700 

Philip,
Do you have a CLA with the ASF? From checking, I don't believe so. Can you please take a look at http://wiki.apache.org/spamassassin/AboutClas 


What might help you is that since this is a plugin, we could open a bug, 
add it to trunk, etc.  for people to more readily test it. it wouldn't 
be enabled by default but should allow more people to readily implement 
it and provide feedback.



However, for me I know I am curious if you could do a bit more 
description on why this is good to implement, what time of spam you use 
it to block, etc. in the pm?


Regards,
KAM

On 6/15/2014 10:47 PM, Philip Prindeville wrote:

Here’s a first attempt at a module.  I based it on Plugin::URIDetail.

It depends on Net::CIDR::Lite and Geo::IP.  If it detects a valid (though not 
necessarily current) ISP database, it will publish a handler for that. Same 
with the IP-Lite (or licensed IP) database from MaxMind.

We’ve been using the MaxMind database for a couple of years on a commercial 
project with good success.

Currently the filtering is done by country code, ISP name, and explicit CIDR 
blocks.

The last test is the least costly, but also the most fine grained… you can 
configure rules to run in whichever order suits your needs best.

I personally sort by country (cn ru bg vn ro ng ir) and then by ISP (won’t name 
them here, but one of them is Over tHere in France), and lastly by CIDR block.

The only real wart on these plugins is that they all index their databases by 
IP address, and do their own (implicit or explicit) name or IP mapping.  
Obviously, this is both blocking and repetitive.

Not sure why PerMsgStatus.pm can’t do the asynchronous name lookups when 
get_uri_detail_list() runs so we have that handy for each of the plugins.  If I 
had the mappings already available, I’d definitely use that.

That is, instead of having:

hosts => {
    ‘nqtel.com’ => ‘nqtel.com’
}

why not instead have:

hosts =>
    ‘nqtel.com’ => [ ‘107.158.259.74’ ]
}

or even both, e.g. [ ‘nqtel.com’, ‘107.158.259.74’ ] (i.e. the domain at index 
0 followed by the list of A records).

One other shortcoming I noticed was the somewhat limited list of error returns 
such as MISSING_REQUIRED_VALUE, INVALID_VALUE, INVALID_HEADER_FIELD_NAME… what 
about MISSING_DEPENDENCY or MISSING_RESOURCE?

What if we want to filter on Geo::IP’s ISP database, but the database isn’t 
present?

I don’t do a lot of volume (maybe 10 messages per second peak), so doing 
blocking lookups isn’t a problem.  But obviously this might be an issue for 
some high volume sites.

Feedback is welcome.

-Philip
























					Reply via email to