From: "Menno van Bennekom" > Hi,
I get spam with a different URL, the redirect has only one '/': <a
href="http://rd.yahoo.com/oashoscy/*http:/hjktccbz.woodwheel.info/mn/num17%22%3E
This is not recognised by BIZ_TLD (in this example my copy, INFO_TLD). I can change that in the regular expression. But I don't think SPAMCOP_URI_RBL recognizes it too because woodwheel is in the database but SA gives no hit. If you click on the link above it works, so it seems the one slash is possible. Can anyone confirm that one slash is not recognized?
This should work with SpamCopURI.
What version are you using? Have you got entry like
spamcop_uri_resolve_open_redirects 1 open_redirect_list_spamcop_uri rd.yahoo.com *.rd.yahoo.com
in spamcop_uri.cf?
John
You are right, SpamCopURI is not bothered by the one slash. I think my configuration (v0.16 and v0.18) is okay, I get lots of hits on ws+sc.surbl.org in other mails on both servers, also with redirects in them. I have done some sniffing and SpamCopURI DOES do the lookup, only for some reason it gets a NXdomain.. See tcpdump: 09:50:20.338446 10.1.40.12.3107 > 194.109.104.104.53: 16981+ A? woodwheel.info.ws.surbl.org. (45) (DF) 09:50:20.357518 194.109.104.104.53 > 10.1.40.12.3107: 16981 NXDomain 0/1/0 (101) 09:50:20.376361 10.1.40.12.3107 > 194.109.104.104.53: 16982+ A? yahoo.com.sc.surbl.org. (40) (DF) 09:50:20.397058 194.109.104.104.53 > 10.1.40.12.3107: 16982 NXDomain* 0/1/0 (108) 09:50:20.405862 10.1.40.12.3107 > 194.109.104.104.53: 16983+ A? woodwheel.info.sc.surbl.org. (45) (DF) 09:50:20.424440 194.109.104.104.53 > 10.1.40.12.3107: 16983 NXDomain 0/1/0 (101)
But http://www.rulesemporium.com/cgi-bin/uribl.cgi says that woodwheel.info is listed in sc.surbl.org... Strange thing. But I'm relieved that uri's with one slash are checked by Spamcopuri so what's left is BIZ_TLD (and INFO_TLD), the standard regexpression doesn't recognise the one slash. If I see more of those uri's I will change that regexp.
Regards Menno