.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "Mail::SpamAssassin::Plugin::URIDetail 3pm" .TH Mail::SpamAssassin::Plugin::URIDetail 3pm 2024-01-21 "perl v5.38.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME URIDetail \- test URIs using detailed URI information .SH SYNOPSIS .IX Header "SYNOPSIS" This plugin creates a new rule test type, known as "uri_detail". These rules apply to all URIs found in the message. .PP .Vb 1 \& loadplugin Mail::SpamAssassin::Plugin::URIDetail .Ve .SH "RULE DEFINITIONS AND PRIVILEGED SETTINGS" .IX Header "RULE DEFINITIONS AND PRIVILEGED SETTINGS" The format for defining a rule is as follows: .PP .Vb 1 \& uri_detail SYMBOLIC_TEST_NAME key1 =~ /value1/i key2 !~ /value2/ ... .Ve .PP Supported keys are: .PP \&\f(CW\*(C`raw\*(C'\fR is the raw URI prior to any cleaning (e.g. "http://spamassassin.apache%2Eorg/"). .PP \&\f(CW\*(C`type\*(C'\fR is the tag(s) which referenced the raw_uri. \fIparsed\fR is a faked type which specifies that the raw_uri was parsed from the rendered text. .PP \&\f(CW\*(C`cleaned\*(C'\fR is a list including the raw URI and various cleaned versions of the raw URI (http://spamassassin.apache%2Eorg/, https://spamassassin.apache.org/). .PP \&\f(CW\*(C`text\*(C'\fR is the anchor text(s) (text between and ) that linked to the raw URI. .PP \&\f(CW\*(C`domain\*(C'\fR is the domain(s) found in the cleaned URIs, as trimmed to registrar boundary by \fBMail::SpamAssassin::Util::RegistrarBoundaries\fR\|(3). .PP \&\f(CW\*(C`host\*(C'\fR is the full host(s) in the cleaned URIs. (Supported since SA 3.4.5) .PP Example rule for matching a URI where the raw URI matches "%2Ebar", the domain "bar.com" is found, and the type is "a" (an anchor tag). .PP .Vb 1 \& uri_detail TEST1 raw =~ /%2Ebar/ domain =~ /^bar\e.com$/ type =~ /^a$/ .Ve .PP Example rule to look for suspicious "https" links: .PP .Vb 1 \& uri_detail FAKE_HTTPS text =~ /\ebhttps:/ cleaned !~ /\ebhttps:/ .Ve .PP Regular expressions should be delimited by slashes.