[SURBL-Discuss] Redirectors and SURBLs
Jeff Chan
jeffc at surbl.org
Mon Apr 18 08:02:19 CEST 2005
On Sunday, April 17, 2005, 10:37:38 PM, Justin Mason wrote:
> Jeff Chan writes:
>> Right. And obfuscation of the redirected-to "http" seems to be
>> enough to confuse SA 3 into not extracting the second URI. Maybe
>> we should make a Bugzilla ticket about that?
> if you find one that SpamAssassin 3.1.0 doesn't decode correctly,
> sure ;) I thought we had those nailed.
TBH, I don't know about 3.1, but here's one that 3.0 does not
parse correctly. Perhaps someone can test it in 3.1:
<DIV align=left><FONT face=Verdana size=3><A href="http://r.lycos.com/r/kg_xnsdaz_dqcuewqk/http://wxmnuiuskn.net&xkvo3rhsp6mbz6nky9.coh
uneh
cnhk.com/">Cl9ick her6e, - no prescr1iption requir7ed!
Note the URI split over three lines and has a probably non-RFC
compliant & in the host name to block parsing. Here's how 3.0
handles it:
> debug: uri found: http://wxmnuiuskn.net&xkvo3rhsp6mbz6nky9.cohunehcnhk.com-MUNGED/
> debug: uri found: http://r.lycos.com/r/kg_xnsdaz_dqcuewqk/http://wxmnuiuskn.net&xkvo3rhsp6mbz6nky9.cohunehcnhk.com-MUNGED/
> debug: URIDNSBL: domains to query: lycos.com wxmnuiuskn.net
Where in fact the unqualified destination domain appears to be
cohunehcnhk.com-MUNGED
Jeff C.
--
"If it appears in hams, then don't list it."
More information about the Discuss
mailing list