aboutsummaryrefslogtreecommitdiffstats
path: root/doc/markdown/modules
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2016-01-12 14:40:12 +0000
committerVsevolod Stakhov <vsevolod@highsecure.ru>2016-01-12 14:40:12 +0000
commitbcd1b3861b6433b5c0f56878e01feeaae1964b62 (patch)
tree764c886036754ea2cae8ef99adb2440c6b373236 /doc/markdown/modules
parentb8911abf816f2b3c4b752656cef4d6f277cbecd9 (diff)
downloadrspamd-bcd1b3861b6433b5c0f56878e01feeaae1964b62.tar.gz
rspamd-bcd1b3861b6433b5c0f56878e01feeaae1964b62.zip
Update surbl documentation
Diffstat (limited to 'doc/markdown/modules')
-rw-r--r--doc/markdown/modules/surbl.md36
1 files changed, 31 insertions, 5 deletions
diff --git a/doc/markdown/modules/surbl.md b/doc/markdown/modules/surbl.md
index 6ce883e8a..30655b794 100644
--- a/doc/markdown/modules/surbl.md
+++ b/doc/markdown/modules/surbl.md
@@ -2,7 +2,8 @@
This module performs scanning of URL's found in messages against a list of known
DNS lists. It can add different symbols depending on the DNS replies from a
-specific DNS URL list.
+specific DNS URL list. It is also possible to resolve domains of URLs and then
+check the IP addresses against the normal `RBL` style list.
## Module configuration
@@ -51,7 +52,7 @@ surbl {
suffix = "dbl.spamhaus.org";
symbol = "DBL";
# Do not check numeric URL's
- options = "noip";
+ noip = true;
}
rule {
suffix = "uribl.spameatingmonkey.net";
@@ -59,7 +60,7 @@ surbl {
bits {
SEM_URIBL = 2;
}
- options = "noip";
+ noip = true;
}
rule {
suffix = "fresh15.spameatingmonkey.net";
@@ -67,7 +68,7 @@ surbl {
bits {
SEM_URIBL_FRESH15 = 2;
}
- options = "noip";
+ noip = true;
}
}
~~~
@@ -131,4 +132,29 @@ This encoding can save DNS requests to query multiple lists one at a time.
Some other lists use direct encoding of lists by some specific addresses. In this
case you should define results decoding principle in `ips` section not `bits` since
bitwise rules are not applicable to these lists. In `ips` section you explicitly
-match the ip returned by a list and its meaning. \ No newline at end of file
+match the ip returned by a list and its meaning.
+
+## IP lists
+
+From rspamd 1.1 it is also possible to do two step checks:
+
+1. Resolve IP addresses of each URL
+2. Check each IP resolved against SURBL list
+
+In general this procedure could be represented as following:
+
+* Check `A` or `AAAA` records for `example.com`
+* For each ip address resolve it using reverse octets composition: so if IP address of `example.com` is `1.2.3.4`, then checks would be for `4.3.2.1.uribl.tld`
+
+For example, [SBL list](https://www.spamhaus.org/sbl/) of `spamhaus` project provides such functions using `ZEN` multi list. This is included in rspamd default configuration:
+
+~~~nginx
+ rule {
+ suffix = "zen.spamhaus.org";
+ symbol = "ZEN_URIBL";
+ resolve_ip = true;
+ ips {
+ URIBL_SBL = "127.0.0.2";
+ }
+ }
+~~~ \ No newline at end of file