[SURBL-Discuss] Redirectors and SURBLs

Justin Mason jm at jmason.org
Mon Apr 18 07:37:38 CEST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Jeff Chan writes:
> On Saturday, April 16, 2005, 11:43:30 PM, Daryl O'Shea wrote:
> > Jeff Chan wrote:
> >> Yes, urirhssub in SpamAssassin 3 will check every visible URI, even
> >> if it's mentioned within a redirector:
> >> 
> >>   http://some.redirector.com/blah/blah/http://some.othersite.com/
> >> 
> >> Both redirector.com and othersite.com above would get checked,
> >> and including some variations on those.  But http://tinyurl.com/blah
> >> won't get the redirected-to site checked since it's invisible in
> >> the original message.
> 
> >> Perhaps the SpamAssassin and SpamCopURI authors can provide more
> >> detailed info, corrections, etc. on the above, but the quick
> >> answer is that some provisions for checking redirected-to sites
> >> is already in place.
> 
> > SpamAssassin is currently limited to identifying redirectors that 
> > require 'http(s)' to be in the URI.  So it won't detect domains 
> > redirected to by the zdnet redirector and any other similar ones.
> 
> > Daryl
> 
> Right.  And obfuscation of the redirected-to "http" seems to be
> enough to confuse SA 3 into not extracting the second URI.  Maybe
> we should make a Bugzilla ticket about that?

if you find one that SpamAssassin 3.1.0 doesn't decode correctly,
sure ;)   I thought we had those nailed.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFCY0eiMJF5cimLx9ARAuwTAKCAYeDXorlZx9aOg9Dm6Lgja05xzQCffBoP
5hhKbBg9hQK2aOCF8ZFyI7I=
=YpX1
-----END PGP SIGNATURE-----



More information about the Discuss mailing list