[SURBL-Discuss] ANNOUNCE: Mail::SpamAsssassin::SpamCopURI 0.14
Eric Kolve
ekolve at comcast.net
Thu Apr 22 21:47:42 CEST 2004
On Fri, Apr 23, 2004 at 03:16:38PM +1200, Simon Byrnand wrote:
> >> Well 0.14 (compared to 0.11) has definately cut the DNS queries down to
> >> size....... almost.... I notice one strange thing, after resolving a
> >> redirected URL it seems to perform a DNS lookup on the actual URL as
> >> well
> >> as looking it up on SURBL. For example:
> >>
> >> query: evergreen--munged--wholesaledist.info.ws.surbl.org IN A
> >> query: yahoo.com.sc.surbl.org IN A
> >> query: rd.yahoo.com IN A
> >>
> >> The first query is the properly extracted redirect URL, the second query
> >> is the base of the URL, yahoo.com, but the third query puzzles me. Why
> >> look up rd.yahoo.com itself ?
> >
> > Hmm. I think you might be seeing the name server resolution
> > for the HTTP GET request. I am only doing name server lookups
> > against the RBL hence all the queries directly related to SpamCopURI
> > should have something on the right hand side.
>
> You do an HTTP GET request on the URL ? Ah, that would explain the dns
> query, although I'm not sure why you'd want to do an HTTP GET request from
> a potentially hostile server ? Or do you only do this with servers listed
> as redirectors ?
Exactly. I only request from hosts that match the open_redirect_list_spamcop_uri.
So we fetch from drs.yahoo.com, rd.yahoo.com, etc. Never from a site we don't
know about.
--eric
>
> Regards,
> Simon
>
>
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss
More information about the Discuss
mailing list