Justin Mason wrote:
SpamAssassin is currently limited to identifying redirectors that require 'http(s)' to be in the URI. So it won't detect domains redirected to by the zdnet redirector and any other similar ones.
Daryl
Right. And obfuscation of the redirected-to "http" seems to be enough to confuse SA 3 into not extracting the second URI. Maybe we should make a Bugzilla ticket about that?
if you find one that SpamAssassin 3.1.0 doesn't decode correctly, sure ;) I thought we had those nailed.
Ok I checked this with the latest snapshot version of spamassassin (SpamAssassin version 3.1.0-r161778)
it works if the redirector is like
https://www.g00dl1fe.com/42.asp/http:/sheenier.net/soft/
or
https://www.g00dl1fe.com/42.asp/http://sheenier.net/soft/
0.6 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: g00dl1fe.com sheenier.net] 2.0 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: sheenier.net] 1.6 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: g00dl1fe.com sheenier.net] 0.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: g00dl1fe.com sheenier.net] 2.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: g00dl1fe.com sheenier.net] 3.9 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist [URIs: g00dl1fe.com sheenier.net]
But it fails to extract the "rdx56.info" from the redirector of Zdnet.
http://chkpt.zdnet.com/chkpt/howbad/rdx56.info/p/yo
where rdx50.info is listed in JP, WS, OB and SC surbls
I think we need to work on FQDN appearing as string in the url.