URIDetail(3) test URIs using detailed URI information


This plugin creates a new rule test type, known as ``uri_detail''. These rules apply to all URIs found in the message.

loadplugin Mail::SpamAssassin::Plugin::URIDetail


The format for defining a rule is as follows:

  uri_detail SYMBOLIC_TEST_NAME key1 =~ /value1/  key2 !~ /value2/ ...

Supported keys are:

"raw" is the raw URI prior to any cleaning (e.g. ``http://spamassassin.apache%2Eorg/'').

"type" is the tag(s) which referenced the raw_uri. parsed is a faked type which specifies that the raw_uri was parsed from the rendered text.

"cleaned" is a list including the raw URI and various cleaned versions of the raw URI (http://spamassassin.apache%2Eorg/, http://spamassassin.apache.org/).

"text" is the anchor text(s) (text between <a> and </a>) that linked to the raw URI.

"domain" is the domain(s) found in the cleaned URIs.

Example rule for matching a URI where the raw URI matches ``%2Ebar'', the domain ``bar.com'' is found, and the type is ``a'' (an anchor tag).

  uri_detail TEST1 raw =~ /%2Ebar/  domain =~ /^bar\.com$/  type =~ /^a$/

Example rule to look for suspicious ``https'' links:

  uri_detail FAKE_HTTPS text =~ /\bhttps:/  cleaned !~ /\bhttps:/

Regular expressions should be delimited by slashes.