[SURBL-Discuss] ANNOUNCE: Mail::SpamAsssassin::SpamCopURI 0.14

Eric Kolve ekolve at comcast.net
Thu Apr 22 21:47:42 CEST 2004


On Fri, Apr 23, 2004 at 03:16:38PM +1200, Simon Byrnand wrote:
> >> Well 0.14 (compared to 0.11) has definately cut the DNS queries down to
> >> size....... almost.... I notice one strange thing, after resolving a
> >> redirected URL it seems to perform a DNS lookup on the actual URL as
> >> well
> >> as looking it up on SURBL. For example:
> >>
> >> query: evergreen--munged--wholesaledist.info.ws.surbl.org IN A
> >> query: yahoo.com.sc.surbl.org IN A
> >> query: rd.yahoo.com IN A
> >>
> >> The first query is the properly extracted redirect URL, the second query
> >> is the base of the URL, yahoo.com, but the third query puzzles me. Why
> >> look up rd.yahoo.com itself ?
> >
> > Hmm.  I think you might be seeing the name server resolution
> > for the HTTP GET request.  I am only doing name server lookups
> > against the RBL hence all the queries directly related to SpamCopURI
> > should have something on the right hand side.
> 
> You do an HTTP GET request on the URL ? Ah, that would explain the dns
> query, although I'm not sure why you'd want to do an HTTP GET request from
> a potentially hostile server ? Or do you only do this with servers listed
> as redirectors ?

Exactly.  I only request from hosts that match the open_redirect_list_spamcop_uri.

So we fetch from drs.yahoo.com, rd.yahoo.com, etc. Never from a site we don't
know about.


--eric


> 
> Regards,
> Simon
> 
> 
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss


More information about the Discuss mailing list