search

spamhaus / rspamd-dqs

Spamhaus code for RSPAMD Plugin. See https://docs.spamhaustech.com/40-real-world-usage/Rspamd/000-intro.html for instructions
Apache License 2.0
59 stars 11 forks source link

Use ZRD for domains of urls in mail? #21

Open drott opened 1 year ago

drott commented 1 year ago

Hostnames in URLs of the content seem to be checked against the DBL list, but not the ZRD list. I suggest to add that (if I am not missing anything.)

I see some spam that contains links to newly registered domains but are not sent from these domains or do not contain email addresses to ZRD-contained lists.

Would it make sense to add a check against ZRD for hostnames of URLs in the content, maybe in this form (untested example)?

    spamhaus_zrd_links {
    ignore_defaults = true;
    no_ip = true;
    rbl = "your_DQS_key.zrd.dq.spamhaus.net";
    selector = 'urls:get_host'
        disable_monitoring = true;
         returncodes = {
           SH_LINK_ZRD_VERY_FRESH_DOMAIN = [
             "127.0.2.[2-4]+"
           ];
           SH_LINK_ZRD_FRESH_DOMAIN = [
             "127.0.2.[5-9]+",
             "127.0.2.1[0-9]+",
             "127.0.2.2[0-4]+"
           ];
         SH_LINK_ZRD_DONT_QUERY_IPS = [ "127.0.2.255" ];
       }
    }
pmcintyre commented 3 months ago

Has already been in the plugin since at least 2019.

drott commented 3 months ago

Has already been in the plugin since at least 2019.

What do you refer to by "plugin" here? Something in upstream rspamd so that it wouldn't need custom configuration as done by the scripts/configs in this repo?