[SURBL-Discuss] ANNOUNCE: Mail::SpamAsssassin::SpamCopURI 0.14

Simon Byrnand simon at igrin.co.nz
Fri Apr 23 16:16:38 CEST 2004


>> Well 0.14 (compared to 0.11) has definately cut the DNS queries down to
>> size....... almost.... I notice one strange thing, after resolving a
>> redirected URL it seems to perform a DNS lookup on the actual URL as
>> well
>> as looking it up on SURBL. For example:
>>
>> query: evergreen--munged--wholesaledist.info.ws.surbl.org IN A
>> query: yahoo.com.sc.surbl.org IN A
>> query: rd.yahoo.com IN A
>>
>> The first query is the properly extracted redirect URL, the second query
>> is the base of the URL, yahoo.com, but the third query puzzles me. Why
>> look up rd.yahoo.com itself ?
>
> Hmm.  I think you might be seeing the name server resolution
> for the HTTP GET request.  I am only doing name server lookups
> against the RBL hence all the queries directly related to SpamCopURI
> should have something on the right hand side.

You do an HTTP GET request on the URL ? Ah, that would explain the dns
query, although I'm not sure why you'd want to do an HTTP GET request from
a potentially hostile server ? Or do you only do this with servers listed
as redirectors ?

Regards,
Simon




More information about the Discuss mailing list