On Thursday, July 29, 2004, 6:40:44 AM, Mariano Absatz wrote:
I was wondering...
I didn't look at the source code for the SpamCopURI or the SA 3.0 plugin but I guess it just looks for URI's within the messages and issues a DNS query to the configured SURBLs for every different canonicalized domain name... is it?
What would happen if a spammer intentionally starts putting hundreds of different invisible random URIs within the message trying to DoS SURBL?
Does the SA plugins check for this condition? Or have a limit as to how many SURBL queries will it issue for a given message?
I believe both SpamCopURI and urirhsbl/urirhssub both limit the number of SURBL queries per message, and hopefully both also ignore unclickable URIs (those with empty anchors).
Perhaps someone more familiar with the current source code can confirm.
Jeff C.