[SURBL-Discuss] "surgically" blocking certain redirectors

Daryl C. W. O'Shea spamassassin at dostech.ca
Wed Apr 27 02:29:34 CEST 2005


Jeff Chan wrote:
> On Tuesday, April 26, 2005, 8:22:26 AM, Daryl O'Shea wrote:
>>That would require the calling applications to know to do a lookup on 
>>redirect.somedomain.com and not somedomain.com.  SpamAssassin for one 
>>won't do that.
> 
> Actually I thought SpamAssassin did check two level domains like
> foo.com on two and three levels.  Not sure if it still does that
> but I recall it doing that at oue point, i.e. both
> redirect.somedomain.com *and* somedomain.com. were checked.
> 
> Pretty sure we saw that in the DNS traffic SA was generating,
> or showing up in debug mode.  But maybe the domain handling's
> been updated to be more specific since then.

Hmm, I could be mistaken.  I guess I could check the code or a debug, 
but are there any three level domains listed to do a quick check against?


> SA also checks all visible hosts (including redirected-to ones)
> in a URI, including all of a redirector, so:
> 
>   http://redirector.clubie.isp/blah/feh/http://spammer.com/
> 
> and similiar style URIs are checked by spamassassin for at least
> clubie.isp and spammer.com.  That's what I recall from the
> original SA development of redirector handling.

Yeah, it'll lookup both those domains.  Any time it finds http(s) in the 
URI it assumes that it and the rest is a domain being redirected to.

Daryl



More information about the Discuss mailing list