NAME

Mail::SpamAssassin::Plugin::GoogleSafeBrowsing - SpamAssassin plugin to score mail based on Google blocklists.

SYNOPSIS

loadplugin Mail::SpamAssassin::Plugin::GoogleSafeBrowsing
body GOOGLE_SAFEBROWSING eval:check_google_safebrowsing_blocklists()

DESCRIPTION

Score messages by checking the URIs they contain against Google's safebrowsing tables. See http://code.google.com/apis/safebrowsing/

CONFIGURATION

The GoogleSafeBrowsing SpamAssassin plugin relies on a local cache of the URI tables to scan messages. The local cache should be updated at least once every 30 minutes. The recommended setup looks something like:

Install the required Perl modules:
Net::Google::SafeBrowsing::Blocklist
Net::Google::SafeBrowsing::UpdateRequest
Mail::SpamAssassin::Plugin::GoogleSafeBrowsing
Get an API key from Google

http://code.google.com/apis/safebrowsing/key_signup.html

Use the blocklist_updater Perl script to keep the local cache up to date.

Install a cron job that, every 25 minutes or so, runs something like:

APIKEY=ABCD...
for LIST in goog-black-hash goog-malware-hash; do
  blocklist_updater --apikey "$APIKEY" --blocklist $LIST --dbfile /var/cache/spamassassin/${LIST}-db
done

"goog-black-hash" and "goog-malware-hash" are the only lists Google has for now. goog-black-hash seems to be a list for the worst sites.

Configure spamassassin

Typically in local.cf, include lines: loadplugin Mail::SpamAssassin::Plugin::GoogleSafeBrowsing body GOOGLE_SAFEBROWSING eval:check_google_safebrowsing_blocklists()

google_safebrowsing_dir /var/cache/spamassassin
google_safebrowsing_apikey ABCD...
google_safebrowsing_blocklist goog-black-hash 0.2
google_safebrowsing_blocklist goog-malware-hash 0.1

In this example, for each URI in a message that has a match in goog-black-hash, add 0.2 to the message's spam score.