Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Spamassassin Wiki" for change notification.
The following page has been changed by dbonengel:
http://wiki.apache.org/spamassassin/iXhash
The comment on the change is:
A few Changes to keep in line with the original NiXSpam-Code.
------------------------------------------------------------------------------
=head1 SYNOPSIS
loadplugin Mail::SpamAssassin::Plugin::iXhash /path/to/iXhash.pm
-
+
body IXHASH eval:ixhashtest('ix.dnsbl.manitu.net')
describe IXHASH This mail has been classified as spam @ iX Magazine, Germany
tflags IXHASH net
@@ -33, +33 @@
iXhash.pm is a plugin for SpamAssassin 3.0.0 and up. It takes the body of a mail, removes parts from it and then computes a MD5 hash value from the rest.
These values will then be looked up via DNS. Call it a 'poor man's DCC', if you want.
- This plugin is based on the procmail-based project 'NiXSpam', developed by Bert Unger.
+ This plugin is based on the procmail-based project 'NiX Spam', developed by Bert Ungerer.
For more information see http://www.heise.de/ix/nixspam/. The procmail code producing the hashes only can be found here:
ftp://ftp.ix.de/pub/ix/ix_listings/2004/05/checksums
- Parts of the code were submitted via heise forum by 'kungfuhasi'
+ Parts of the code were submitted via heise forum by 'kungfuhasi'
See http://www.heise.de/ix/foren/go.shtml?read=1&msg_id=7246759&forum_id=48292.
Martin Blapp (mb@imp.ch) found a problem occuring on Perl 5.8.7. - and a way to bypass it. Thanks a lot!
- The hashes from spam received by Heise/iX magazine are available at ix.dnsbl.manitu.net,
+ The hashes from spam received by Heise/iX magazine are available at ix.dnsbl.manitu.net,
- kindly provided by Manuel Schmitt.
+ kindly provided by Manuel Schmitt.
- The hashes from spam received by LogIn & Solutions AG and some of its customers are availabe at nospam.login-solutions.de.
+ The hashes from spam received by LogIn & Solutions AG and some of its customers are available at nospam.login-solutions.de.
+ A second list based on input from another source can be accessed at nospam.login-solutions.ag.
- It's not too difficult to create your own blacklist provided you have enough input (read: spam). Well, even I managed to do
+ It's not too difficult to create your own blacklist provided you have enough input (read: spam). Well, even I managed to do
- so. If you do likewise please drop that info somewhere so other people can use that one too.
+ so. If you do likewise please drop that info somewhere so other people can use that one too
-
=cut
@@ -83, +83 @@
sub ixhashtest {
my ($self, $permsgstatus,$muell,$dnsserver) = @_;
- dbg("IXHASH: IxHash querying Server $dnsserver");
+ dbg("IXHASH: IxHash querying Server $dnsserver");
my ($digest,$answer,$ixdigest,$body) = "";
my @body = $permsgstatus->{msg}->get_body();
my $resolver = Net::DNS::Resolver->new;
@@ -104, +104 @@
# Generate first MD5 over Body
$body_copy = $body;
# All space class chars just one time
+ # This bypasses a problem in Perl 5.8.7 where Perl segfaults
+ # if there are more than 2.600 identical chars to be replaced
+ $body_copy =~ s/([[:space:]]{100})(?:\1+)/$1/g;
# NOTE: This is the look-forward: (?:\1+)
$body_copy =~ s/([[:space:]])(?:\1+)/$1/g;
# remove graph class chars and some specials
@@ -113, +116 @@
dbg ("IXHASH: Computed hash-value $digest via method 1");
dbg ("IXHASH: Now checking $digest.$dnsserver");
# Resolver-Objekt nehmen und Hash abtesten
- $answer = $resolver->send($digest.'.'.$dnsserver, "A", "IN");
+ $answer = $resolver->search($digest.'.'.$dnsserver, "A", "IN");
if ($answer) {
foreach $rr ($answer->answer) {
next unless $rr->type eq "A";
@@ -125, +128 @@
}
# IF-Condition selbstgemacht - hoffentlich stimmts
# The original procmail code says:
- # This checksum requires at least 2 of the following characters:
+ # This checksum requires at least 3 of the following characters:
# >* 1^1 ([<>()|@*'!?,]|:/)
# (To match something like "Already seen? http://host.domain.tld/")
- if ($body =~ /((([<>\(\)\|@\*'!?,])|(:\/)).*?){2,}/m ) {
+ if ($body =~ /((([<>\(\)\|@\*'!?,])|(:\/)).*?){3,}/m ) {
# Genearation of 2nd Digest
$body_copy = $body;
$body_copy =~ s/[[:cntrl:][:alnum:]%&#;=]+//g;
@@ -143, +146 @@
dbg ("IXHASH: Computed hash-value $digest via method 2");
dbg ("IXHASH: Now checking $digest.$dnsserver");
# Hash abtesten
- $answer = $resolver->send($digest.'.'.$dnsserver, "A", "IN");
+ $answer = $resolver->search($digest.'.'.$dnsserver, "A", "IN");
if ($answer) {
foreach $rr ($answer->answer) {
next unless $rr->type eq "A";
@@ -151, +154 @@
$hits = 1 if $rr->address;
return $hits;
}
- }
+ }
}
# Requirement here in procmail:
# >* [^ ][^ ][^ ][^ ]
- # (some non-empty characters in the body/ ein paar nicht-leere Zeichen im Body)
+ # (Min. 8 non-empty characters in the body/ Min. 8 nicht-leere Zeichen im Body)
# sowie: Hash 1 und 2 trafen nicht!
- if (($body =~ /[^\s\t][^\s\t][^\s\t][^\s\t]/) and (length($digest) < 32)) {
+ if (($body =~ /[\S]{8,}/) and (length($digest) < 32)) {
$body_copy = $body;
$body_copy =~ s/[[:cntrl:][:space:]=]+//g;
# Mod submitted by Martin Blapp (mb@imp.ch)
@@ -170, +173 @@
dbg ("IXHASH: Computed hash-value $digest via method 3");
dbg ("IXHASH: Now checking $digest.$dnsserver");
# Hash abtesten
- $answer = $resolver->send($digest.'.'.$dnsserver, "A", "IN");
+ $answer = $resolver->search($digest.'.'.$dnsserver, "A", "IN");
if ($answer) {
foreach $rr ($answer->answer) {
next unless $rr->type eq "A";
@@ -178, +181 @@
$hits = 1 if $rr->address;
return $hits;
}
- }
+ }
}
}
1;
You have subscribed to a wiki page or wiki category on "Spamassassin Wiki" for change notification.
The following page has been changed by dbonengel:
http://wiki.apache.org/spamassassin/iXhash
The comment on the change is:
A few Changes to keep in line with the original NiXSpam-Code.
------------------------------------------------------------------------------
=head1 SYNOPSIS
loadplugin Mail::SpamAssassin::Plugin::iXhash /path/to/iXhash.pm
-
+
body IXHASH eval:ixhashtest('ix.dnsbl.manitu.net')
describe IXHASH This mail has been classified as spam @ iX Magazine, Germany
tflags IXHASH net
@@ -33, +33 @@
iXhash.pm is a plugin for SpamAssassin 3.0.0 and up. It takes the body of a mail, removes parts from it and then computes a MD5 hash value from the rest.
These values will then be looked up via DNS. Call it a 'poor man's DCC', if you want.
- This plugin is based on the procmail-based project 'NiXSpam', developed by Bert Unger.
+ This plugin is based on the procmail-based project 'NiX Spam', developed by Bert Ungerer.
For more information see http://www.heise.de/ix/nixspam/. The procmail code producing the hashes only can be found here:
ftp://ftp.ix.de/pub/ix/ix_listings/2004/05/checksums
- Parts of the code were submitted via heise forum by 'kungfuhasi'
+ Parts of the code were submitted via heise forum by 'kungfuhasi'
See http://www.heise.de/ix/foren/go.shtml?read=1&msg_id=7246759&forum_id=48292.
Martin Blapp (mb@imp.ch) found a problem occuring on Perl 5.8.7. - and a way to bypass it. Thanks a lot!
- The hashes from spam received by Heise/iX magazine are available at ix.dnsbl.manitu.net,
+ The hashes from spam received by Heise/iX magazine are available at ix.dnsbl.manitu.net,
- kindly provided by Manuel Schmitt.
+ kindly provided by Manuel Schmitt.
- The hashes from spam received by LogIn & Solutions AG and some of its customers are availabe at nospam.login-solutions.de.
+ The hashes from spam received by LogIn & Solutions AG and some of its customers are available at nospam.login-solutions.de.
+ A second list based on input from another source can be accessed at nospam.login-solutions.ag.
- It's not too difficult to create your own blacklist provided you have enough input (read: spam). Well, even I managed to do
+ It's not too difficult to create your own blacklist provided you have enough input (read: spam). Well, even I managed to do
- so. If you do likewise please drop that info somewhere so other people can use that one too.
+ so. If you do likewise please drop that info somewhere so other people can use that one too
-
=cut
@@ -83, +83 @@
sub ixhashtest {
my ($self, $permsgstatus,$muell,$dnsserver) = @_;
- dbg("IXHASH: IxHash querying Server $dnsserver");
+ dbg("IXHASH: IxHash querying Server $dnsserver");
my ($digest,$answer,$ixdigest,$body) = "";
my @body = $permsgstatus->{msg}->get_body();
my $resolver = Net::DNS::Resolver->new;
@@ -104, +104 @@
# Generate first MD5 over Body
$body_copy = $body;
# All space class chars just one time
+ # This bypasses a problem in Perl 5.8.7 where Perl segfaults
+ # if there are more than 2.600 identical chars to be replaced
+ $body_copy =~ s/([[:space:]]{100})(?:\1+)/$1/g;
# NOTE: This is the look-forward: (?:\1+)
$body_copy =~ s/([[:space:]])(?:\1+)/$1/g;
# remove graph class chars and some specials
@@ -113, +116 @@
dbg ("IXHASH: Computed hash-value $digest via method 1");
dbg ("IXHASH: Now checking $digest.$dnsserver");
# Resolver-Objekt nehmen und Hash abtesten
- $answer = $resolver->send($digest.'.'.$dnsserver, "A", "IN");
+ $answer = $resolver->search($digest.'.'.$dnsserver, "A", "IN");
if ($answer) {
foreach $rr ($answer->answer) {
next unless $rr->type eq "A";
@@ -125, +128 @@
}
# IF-Condition selbstgemacht - hoffentlich stimmts
# The original procmail code says:
- # This checksum requires at least 2 of the following characters:
+ # This checksum requires at least 3 of the following characters:
# >* 1^1 ([<>()|@*'!?,]|:/)
# (To match something like "Already seen? http://host.domain.tld/")
- if ($body =~ /((([<>\(\)\|@\*'!?,])|(:\/)).*?){2,}/m ) {
+ if ($body =~ /((([<>\(\)\|@\*'!?,])|(:\/)).*?){3,}/m ) {
# Genearation of 2nd Digest
$body_copy = $body;
$body_copy =~ s/[[:cntrl:][:alnum:]%&#;=]+//g;
@@ -143, +146 @@
dbg ("IXHASH: Computed hash-value $digest via method 2");
dbg ("IXHASH: Now checking $digest.$dnsserver");
# Hash abtesten
- $answer = $resolver->send($digest.'.'.$dnsserver, "A", "IN");
+ $answer = $resolver->search($digest.'.'.$dnsserver, "A", "IN");
if ($answer) {
foreach $rr ($answer->answer) {
next unless $rr->type eq "A";
@@ -151, +154 @@
$hits = 1 if $rr->address;
return $hits;
}
- }
+ }
}
# Requirement here in procmail:
# >* [^ ][^ ][^ ][^ ]
- # (some non-empty characters in the body/ ein paar nicht-leere Zeichen im Body)
+ # (Min. 8 non-empty characters in the body/ Min. 8 nicht-leere Zeichen im Body)
# sowie: Hash 1 und 2 trafen nicht!
- if (($body =~ /[^\s\t][^\s\t][^\s\t][^\s\t]/) and (length($digest) < 32)) {
+ if (($body =~ /[\S]{8,}/) and (length($digest) < 32)) {
$body_copy = $body;
$body_copy =~ s/[[:cntrl:][:space:]=]+//g;
# Mod submitted by Martin Blapp (mb@imp.ch)
@@ -170, +173 @@
dbg ("IXHASH: Computed hash-value $digest via method 3");
dbg ("IXHASH: Now checking $digest.$dnsserver");
# Hash abtesten
- $answer = $resolver->send($digest.'.'.$dnsserver, "A", "IN");
+ $answer = $resolver->search($digest.'.'.$dnsserver, "A", "IN");
if ($answer) {
foreach $rr ($answer->answer) {
next unless $rr->type eq "A";
@@ -178, +181 @@
$hits = 1 if $rr->address;
return $hits;
}
- }
+ }
}
}
1;