[SURBL-Discuss] Re: [SURBL-Announce] ANNOUNCE: Mail::SpamAsssassin::SpamCopURI 0.11

Eric Kolve ekolve at comcast.net
Fri Apr 23 07:43:53 CEST 2004


On Fri, Apr 23, 2004 at 12:55:52AM -0700, Jeff Chan wrote:
> On Tuesday, April 20, 2004, 10:51:55 PM, Eric Kolve wrote:
> > I have just released SpamCopURI version 0.11.  This fixes a few
> > bugs that had been reported and adds open redirect resolution.
> 
> > This basically takes a URL from say rd.yahoo.com and attempts
> > to resolve the Location header without ever fetching from
> > the potential spammy site.
> 
> > Only the URLs that have hosts that match an address list get
> > redirect resolution.  As well, redirect resolution is off
> > by default, but can be enabled in the conf file.  I have
> > placed several open redirect sites in the conf file.
> > The basic requirement is that the redirect return a 300
> > level HTTP response when fetching.  I placed google.com
> > in there even though they don't have their own redirect
> > domain, but this should be fairly safe since most if not
> > all google URLs are either redirects or searches.  Give
> > it a try and tell me what you think.  This is all dependent
> > upon LWP, but if you don't have LWP everything else
> > will function as it did before.
> 
> Eric, you may want to share your redirection resolution
> strategies with the 3.0 developers.  I haven't heard Justin
> getting beyond patterns yet.  ;-)
> 
I will mention it to SA-dev once I and a few others have run
it for a little while. 

I am not sure they will incorporate since I have seen discussion
on their list of handling redirects and generally they are 
not interested in doing any kind of network lookup for fear of 
timeouts, slowdowns, etc. We will see...


--eric


> Jeff C.
> 
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss


More information about the Discuss mailing list