10 Sep 2010
Support Center
»
Knowledgebase
»
SURBL HowTo
SURBL HowTo
Solution
SURBL'sÂ
SURBL's
Â
consist from a list of web sites that appeared in spam messages. Using of SURBL would require a content filter engine to extract URI's (web sites) from messages and check them against the lists. More detailed description of SURBL's is available from:
www.surbl.org
.
SURBL support is implemented in MPP as spam scan engine which maps match on a SURBL site to spam level. By default, it will scan all text body parts and attachments for URI's and will check extracted TLDs on surbl sites (but no more then 10 distinct URI's per message).
Minimum configuration / requirements:
1. MPP 4.9.0 or higher
2. in mppd.conf.xml add the following options
Add in the GUI in Services->Antispam->SURBL or by hand in mppd.conf.xml with:
<scan_engines>surbl</scan_engines>
<surbl_sites>multi.surbl.org</surbl_sites>
3. in /usr/local/MPP copy the two level TLD file from:
ftp://ftp.messagepartners.com/pub/mpp4/beta/two-level-tlds
New options description:
<scan_engines>
   New scan engine now available 'surbl'.
<surbl_sites>
   List of surbl sites to query.
   Value: string (comma or space separated list of host names)
   Default: (empty)
<tld_list>
   Path to file that contain a list of top-level domains with two or more components. File contain a space separate list of domain names. The list is loaded on demand if any other functionality would need to use it. Currently the list is used by surbl. Default list is deployed with MPP installation.
   Value: string (path file)
   Default: /usr/local/MPP/two-level-tlds
<spam_level>
   Maps engine-specific result to spam level. For SURBL attribute
   "scanner" must be "surbl" and "site" specifies matched site.
   Value: none | low | medium | high
   Default: high
   Example:
<spam_level scanner="surbl" site="multi.surbl.org">low</spam_level>
<content_access_method>
   Applies perl regular expressions to a specified message body property and in case of match specifies content access method to use for that body. Regular expression has a slightly modified syntax to simplify most usefull things. Namely the following mapping is applied from this modified syntax to perl regular expressions:
       *    -> .*
       .    -> \.
       ,    -> separator of expressions which effectively works as '|'
       space -> separator of expressions which effectively works as '|'
       \*   -> *
       \.   -> .
       \,   -> ,
       \\   -> \
   For each group searching for match will be performed first for own options, then in base (default) group and then in defaults listed bellow. Searching is done on first match principle using first most
   specific keys then trying in turn without each keys. Currently thefollowing keys (as attributes) are used:
scanner="scanner_id".
   Method without selector will always be applied and tag value will be
   ignored.
          Â
   Value: string (modified version of perl regular expression)
   Default:
<content_access_method selector="file_name" method="text/plain">*.txt *.html *.htm</content_access_method>
<content_access_method selector="mime_type" method="text/plain">text/*</content_access_method>
<content_access_method method="skip"/>
          Â
Which effectively mean to treat as plain text all body parts with TXT, HTML, HTM extensions or all text mime types. All other parts will be skipped (ignored).  Â
<surbl_whitelist>
   List of top level domains to exclude from surbl checks and consider
   them as ham.
      Â
   Value: string list (comma or space separated list of TLDs)
   Default: (empty)
<surbl_blacklist>
   List of top level domains to exclude from surbl checks and consider them as spam. If TLD is found in this list then it is reported as they were found on site with special name 'blacklist' and appropriative action will be choose as configure.Â
   Value: string list (comma or space separated list of TLDs)
   Default: (empty)      Â
<surbl_max_uris_number>
   Maximum number of DNS queries per message to perform by SURBL engine. If number is exceeded then all next URIs that reques a query will be ignored. This option is to prevent DOS attacks.
   Value: positive integer
   Default: 10
<mpp_spam_score_scanner>
   With attributes engine="surbl" and site="the.site" specifies score
   for matched surbl site if score is enabled.
Article Details
Article ID:
38
Created On:
18 Feb 2009 11:36 PM
This answer was helpful
This answer was not helpful
User Comments
Add a Comment
Sharing is good. So if you have a comment about this entry please feel free to share. The Comments might be reviewed by our Staff and might require approval before being posted. Questions posted will not be answered, please submit a ticket for support requests.
Fullname:
Email: (Optional)
Comments:
Back
Login
[Lost Password]
Email:
Password:
Remember Me:
Search
-- Entire Support Site --
Knowledgebase
Downloads
Article Options
Add Comment
Print Article
PDF Version
Email Article
Add to Favorites
Home
|
Register
|
Submit a Ticket
|
Knowledgebase
|
Downloads
Language:
English (U.S.)
