|o||blacklists can cover tens of thousands of entries, and you cant select which ones you use;|
|o||verifying that its correctly configured can be non-trivial;|
|o||new blacklisting entries may take a while to be detected and entered, so its not instantaneous.|
The format for defining a rule is as follows:
uri_block_cc SYMBOLIC_TEST_NAME cc1 cc2 cc3 cc4
uri_block_cidr SYMBOLIC_TEST_NAME a.a.a.a b.b.b.b/cc d.d.d.d-e.e.e.e
uri_block_isp SYMBOLIC_TEST_NAME "DataRancid" "McCarrier" "Phishers-r-Us"
Example rule for matching a URI in China:
uri_block_cc TEST1 cn
This would block the URL http://www.baidu.com/index.htm. Similarly, to match a Spam-haven netblock:
uri_block_cidr TEST2 184.108.40.206/18
would match a netblock where several phishing sites were recently hosted.
And to block all CIDR blocks registered to an ISP, one might use:
uri_block_isp TEST3 "ColoCrossing"
if one didnt trust URLs pointing to that organizations clients. Lastly, if theres a country that you want to block but theres an explicit host you wish to exempt from that blacklist, you can use:
uri_block_exclude TEST1 www.baidu.com
The Country-Code based filtering requires the Geo::IP module, which uses either the fremium GeoLiteCountry database, or the commercial version of it called GeoIP from MaxMind.com.
The ISP based filtering requires the same module, plus the GeoIPISP database. There is no fremium version of this database, so commercial licensing is required.
|perl v5.20.3||MAIL::SPAMASSASSIN::PLUGIN::URILOCALBL (3)||2016-04-07|