table of contents
- bullseye 3.4.6-1
- testing 3.4.6-1
- unstable 4.0.0~rc2-1
- experimental 4.0.0~rc1+take2-2
|Mail::SpamAssassin::Plugin::URIDetail(3pm)||User Contributed Perl Documentation||Mail::SpamAssassin::Plugin::URIDetail(3pm)|
URIDetail - test URIs using detailed URI information
This plugin creates a new rule test type, known as "uri_detail". These rules apply to all URIs found in the message.
RULE DEFINITIONS AND PRIVILEGED SETTINGS¶
The format for defining a rule is as follows:
uri_detail SYMBOLIC_TEST_NAME key1 =~ /value1/i key2 !~ /value2/ ...
Supported keys are:
"raw" is the raw URI prior to any cleaning (e.g. "http://spamassassin.apache%2Eorg/").
"type" is the tag(s) which referenced the raw_uri. parsed is a faked type which specifies that the raw_uri was parsed from the rendered text.
"cleaned" is a list including the raw URI and various cleaned versions of the raw URI (http://spamassassin.apache%2Eorg/, https://spamassassin.apache.org/).
"text" is the anchor text(s) (text between <a> and </a>) that linked to the raw URI.
"domain" is the domain(s) found in the cleaned URIs, as trimmed to registrar boundary by Mail::SpamAssassin::Util::RegistrarBoundaries(3).
"host" is the full host(s) in the cleaned URIs. (Supported since SA 3.4.5)
Example rule for matching a URI where the raw URI matches "%2Ebar", the domain "bar.com" is found, and the type is "a" (an anchor tag).
uri_detail TEST1 raw =~ /%2Ebar/ domain =~ /^bar\.com$/ type =~ /^a$/
Example rule to look for suspicious "https" links:
uri_detail FAKE_HTTPS text =~ /\bhttps:/ cleaned !~ /\bhttps:/
Regular expressions should be delimited by slashes.