I was wondering...
I didn't look at the source code for the SpamCopURI or the SA 3.0 plugin but I guess it just looks for URI's within the messages and issues a DNS query to the configured SURBLs for every different canonicalized domain name... is it?
What would happen if a spammer intentionally starts putting hundreds of different invisible random URIs within the message trying to DoS SURBL?
Does the SA plugins check for this condition? Or have a limit as to how many SURBL queries will it issue for a given message?
TIA
What would happen if a spammer intentionally starts putting hundreds of different invisible random URIs within the message trying to DoS SURBL?
I can't speak for the plugins you mention, but in my implementation I look exclusively for visible URIs and ignore all others. Then, having such a high number of URIs would definately be an excellent criteria to flag the message as spam just because of this.
IMHO blocking on spamvertised URIs is the most effective aproach to the problem. There is really no way out - not even your scenario provided the server is propperly implemented. We have a local database of spamvertised domains on our server and therefore the performance drawback would not really matter that much. This database is then updated every now and then which obviousely generates less traffic.
Markus
On Thursday, July 29, 2004, 6:40:44 AM, Mariano Absatz wrote:
I was wondering...
I didn't look at the source code for the SpamCopURI or the SA 3.0 plugin but I guess it just looks for URI's within the messages and issues a DNS query to the configured SURBLs for every different canonicalized domain name... is it?
What would happen if a spammer intentionally starts putting hundreds of different invisible random URIs within the message trying to DoS SURBL?
Does the SA plugins check for this condition? Or have a limit as to how many SURBL queries will it issue for a given message?
I believe both SpamCopURI and urirhsbl/urirhssub both limit the number of SURBL queries per message, and hopefully both also ignore unclickable URIs (those with empty anchors).
Perhaps someone more familiar with the current source code can confirm.
Jeff C.
-
Jeff Chan -
Mariano Absatz -
Markus Zingg