[SURBL-Discuss] Re: URI with one slash not recognised by SA/SPAMCOP_URI?

Menno van Bennekom mvbengro at xs4all.nl
Tue Jun 8 11:16:43 CEST 2004

> From: "Menno van Bennekom" > Hi,
>> I get spam with a different URL, the redirect has only one '/':
>> <a
> href="http://rd.yahoo.com/oashoscy/*http:/hjktccbz.woodwheel.info/mn/num17">
>> This is not recognised by BIZ_TLD (in this example my copy, INFO_TLD).
>> I can change that in the regular expression.
>> But I don't think SPAMCOP_URI_RBL recognizes it too because woodwheel is
>> in the database but SA gives no hit.
>> If you click on the link above it works, so it seems the one slash is
>> possible.
>> Can anyone confirm that one slash is not recognized?
> This should work with SpamCopURI.
> What version are you using?
> Have you got entry like
> spamcop_uri_resolve_open_redirects 1
> open_redirect_list_spamcop_uri   rd.yahoo.com *.rd.yahoo.com
> in spamcop_uri.cf?
> John
You are right, SpamCopURI is not bothered by the one slash.
I think my configuration (v0.16 and v0.18) is okay, I get lots of hits on
ws+sc.surbl.org in other mails on both servers, also with redirects in
I have done some sniffing and SpamCopURI DOES do the lookup, only for some
reason it gets a NXdomain..
See tcpdump:
09:50:20.338446 >  16981+ A?
woodwheel.info.ws.surbl.org. (45) (DF)
09:50:20.357518 >  16981 NXDomain
0/1/0 (101)
09:50:20.376361 >  16982+ A?
yahoo.com.sc.surbl.org. (40) (DF)
09:50:20.397058 >  16982 NXDomain*
0/1/0 (108)
09:50:20.405862 >  16983+ A?
woodwheel.info.sc.surbl.org. (45) (DF)
09:50:20.424440 >  16983 NXDomain
0/1/0 (101)

But http://www.rulesemporium.com/cgi-bin/uribl.cgi says that
woodwheel.info is listed in sc.surbl.org...
Strange thing. But I'm relieved that uri's with one slash are checked by
Spamcopuri so what's left is BIZ_TLD (and INFO_TLD), the standard
regexpression doesn't recognise the one slash.
If I see more of those uri's I will change that regexp.


More information about the Discuss mailing list