[SURBL-Discuss] "surgically" blocking certain redirectors
Daryl C. W. O'Shea
spamassassin at dostech.ca
Wed Apr 27 02:29:34 CEST 2005
Jeff Chan wrote:
> On Tuesday, April 26, 2005, 8:22:26 AM, Daryl O'Shea wrote:
>>That would require the calling applications to know to do a lookup on
>>redirect.somedomain.com and not somedomain.com. SpamAssassin for one
>>won't do that.
> Actually I thought SpamAssassin did check two level domains like
> foo.com on two and three levels. Not sure if it still does that
> but I recall it doing that at oue point, i.e. both
> redirect.somedomain.com *and* somedomain.com. were checked.
> Pretty sure we saw that in the DNS traffic SA was generating,
> or showing up in debug mode. But maybe the domain handling's
> been updated to be more specific since then.
Hmm, I could be mistaken. I guess I could check the code or a debug,
but are there any three level domains listed to do a quick check against?
> SA also checks all visible hosts (including redirected-to ones)
> in a URI, including all of a redirector, so:
> and similiar style URIs are checked by spamassassin for at least
> clubie.isp and spammer.com. That's what I recall from the
> original SA development of redirector handling.
Yeah, it'll lookup both those domains. Any time it finds http(s) in the
URI it assumes that it and the rest is a domain being redirected to.
More information about the Discuss