Redirection handling (Was: Re: [SURBL-Discuss] Re: [SURBL-Announce]
ANNOUNCE: Mail::SpamAsssassin::SpamCopURI 0.11)
Jeff Chan
jeffc at surbl.org
Fri Apr 23 15:44:04 CEST 2004
On Friday, April 23, 2004, 6:43:53 AM, Eric Kolve wrote:
> On Fri, Apr 23, 2004 at 12:55:52AM -0700, Jeff Chan wrote:
>> On Tuesday, April 20, 2004, 10:51:55 PM, Eric Kolve wrote:
>> > This basically takes a URL from say rd.yahoo.com and attempts
>> > to resolve the Location header without ever fetching from
>> > the potential spammy site.
>>
>> > Only the URLs that have hosts that match an address list get
>> > redirect resolution. As well, redirect resolution is off
>> > by default, but can be enabled in the conf file. I have
>> > placed several open redirect sites in the conf file.
>> > The basic requirement is that the redirect return a 300
>> > level HTTP response when fetching. I placed google.com
>> > in there even though they don't have their own redirect
>> > domain, but this should be fairly safe since most if not
>> > all google URLs are either redirects or searches. Give
>> > it a try and tell me what you think. This is all dependent
>> > upon LWP, but if you don't have LWP everything else
>> > will function as it did before.
>>
>> Eric, you may want to share your redirection resolution
>> strategies with the 3.0 developers. I haven't heard Justin
>> getting beyond patterns yet. ;-)
>>
> I will mention it to SA-dev once I and a few others have run
> it for a little while.
> I am not sure they will incorporate since I have seen discussion
> on their list of handling redirects and generally they are
> not interested in doing any kind of network lookup for fear of
> timeouts, slowdowns, etc. We will see...
To be honest, I can see both arguments. A simple pattern match
is certainly quicker. Network access to get Location is more
thorough.
Probably I would recommend using simple patterns on high volume
mail servers, and Location on lower-volume personal servers.
Jeff C.
More information about the Discuss
mailing list