Redirection handling (Was: Re: [SURBL-Discuss] Re: [SURBL-Announce] ANNOUNCE: Mail::SpamAsssassin::SpamCopURI 0.11)

Jeff Chan jeffc at
Fri Apr 23 15:44:04 CEST 2004

On Friday, April 23, 2004, 6:43:53 AM, Eric Kolve wrote:
> On Fri, Apr 23, 2004 at 12:55:52AM -0700, Jeff Chan wrote:
>> On Tuesday, April 20, 2004, 10:51:55 PM, Eric Kolve wrote:
>> > This basically takes a URL from say and attempts
>> > to resolve the Location header without ever fetching from
>> > the potential spammy site.
>> > Only the URLs that have hosts that match an address list get
>> > redirect resolution.  As well, redirect resolution is off
>> > by default, but can be enabled in the conf file.  I have
>> > placed several open redirect sites in the conf file.
>> > The basic requirement is that the redirect return a 300
>> > level HTTP response when fetching.  I placed
>> > in there even though they don't have their own redirect
>> > domain, but this should be fairly safe since most if not
>> > all google URLs are either redirects or searches.  Give
>> > it a try and tell me what you think.  This is all dependent
>> > upon LWP, but if you don't have LWP everything else
>> > will function as it did before.
>> Eric, you may want to share your redirection resolution
>> strategies with the 3.0 developers.  I haven't heard Justin
>> getting beyond patterns yet.  ;-)
> I will mention it to SA-dev once I and a few others have run
> it for a little while. 

> I am not sure they will incorporate since I have seen discussion
> on their list of handling redirects and generally they are 
> not interested in doing any kind of network lookup for fear of 
> timeouts, slowdowns, etc. We will see...

To be honest, I can see both arguments.  A simple pattern match
is certainly quicker.  Network access to get Location is more

Probably I would recommend using simple patterns on high volume
mail servers, and Location on lower-volume personal servers.

Jeff C.

More information about the Discuss mailing list