[SURBL-Discuss] Domain not identified by SpamCopURI

John Fawcett johnml at michaweb.net
Fri May 14 21:38:40 CEST 2004


I just got the following in a spam message  which was 
not identified by spamcopuri even though the numeric
domain it is in sc.surbl.org

<a href=3D"http://69.63.161.232/?rid=3D1528">

The debug output shows that the uri is found
by the SA modules but that SpamCopURI 
queries for the wrong hostname.

It should be querying 232.161.63.69.sc.surbl.org

> debug: uri tests: Done uriRE
> debug: checking url: http://69.63.161.232/?rid%1528
> debug: querying for 63.161..sc.surbl.org
> debug: Query failed for 63.161..sc.surbl.org

It looks like there are two problem is in SpamCopURI 
(v 0.15) in the routine _spamcop_uri 
 
(1)
    # strip any non alpha characters off of the end
    # this is to fix a bug where url parsing in core SA
    # leaves parens and other junk on the URL that URI
    # parses to the host

This causes the domain to become 69.63.161. 
(including a trailing dot)

(2) The domain is stripped back to a two level domain
even though it is/should be an ip address.
It becomes 63.161. (including a trailing dot)

This domain then does not match an ip address format
so it is not reversed and the lookup is done for 
63.161. added on to .sc.surbl.org, i.e.:

    63.161..sc.surbl.org

Eric, can you help?

John


More information about the Discuss mailing list