URIDetail - test URIs using detailed URI information
This plugin creates a new rule test type, known as uri_detail. These rules apply to all URIs found in the message.
The format for defining a rule is as follows:
uri_detail SYMBOLIC_TEST_NAME key1 =~ /value1/ key2 !~ /value2/ ...
Supported keys are:
raw is the raw URI prior to any cleaning (e.g. http://spamassassin.apache%2Eorg/).
type is the tag(s) which referenced the raw_uri. parsed is a faked type which specifies that the raw_uri was parsed from the rendered text.
text is the anchor text(s) (text between <a> and </a>) that linked to the raw URI.
domain is the domain(s) found in the cleaned URIs.
Example rule for matching a URI where the raw URI matches %2Ebar, the domain bar.com is found, and the type is a (an anchor tag).
uri_detail TEST1 raw =~ /%2Ebar/ domain =~ /^bar\.com$/ type =~ /^a$/
Example rule to look for suspicious https links:
uri_detail FAKE_HTTPS text =~ /\bhttps:/ cleaned !~ /\bhttps:/
Regular expressions should be delimited by slashes.
|perl v5.8.8||Mail::SpamAssassin::Plugin::URIDetail (3)||2010-03-16|