You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2005/03/22 03:52:25 UTC

Re: Ampersand in URI confuses URIDNSBL 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Stuart Johnston writes:
> I have been receiving pill spams lately that have an ampersand encoded 
> in the URL.  This seems to confuse URIDNSBL and results in the message 
> passing through.  A debug output shows this:
> 
> debug: uri found: 
> http://www.awt&fdaojj.com.easysimpleRx-munged.com/b/S0gyR2twMGpWbjkxQkQxQThihxqq
> debug: uri found: cid:nkgdtaag_vlowqjgt_lnzapnhg
> debug: uri found: 
> http%3A//www.awt%26fdaojj.com%2Eeasysimple%52x%2Ecom/b/S0gyR2twMGpWbjkxQkQxQThihxqq
> debug: URIDNSBL: domains to query:
> 
> Any suggestions?

It's a very sneaky one alright -- I'm looking at it in bug 4213.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFCP4hpMJF5cimLx9ARAjKnAJ9uxALQ7BRepTWDMtEutxvnW/bS8wCfTQGK
+oHViBdEr/tnRX6POXL4yeo=
=ffd4
-----END PGP SIGNATURE-----

Re: Ampersand in URI confuses URIDNSBL

Posted by Stuart Johnston <st...@ebby.com>.
Justin Mason wrote:
> 
> Stuart Johnston writes:
> 
>>I have been receiving pill spams lately that have an ampersand encoded 
>>in the URL.  This seems to confuse URIDNSBL and results in the message 
>>passing through.  A debug output shows this:
>>
>>debug: uri found: 
>>http://www.awt&fdaojj.com.easysimpleRx-munged.com/b/S0gyR2twMGpWbjkxQkQxQThihxqq
>>debug: uri found: cid:nkgdtaag_vlowqjgt_lnzapnhg
>>debug: uri found: 
>>http%3A//www.awt%26fdaojj.com%2Eeasysimple%52x%2Ecom/b/S0gyR2twMGpWbjkxQkQxQThihxqq
>>debug: URIDNSBL: domains to query:
>>
>>Any suggestions?
> 
> 
> It's a very sneaky one alright -- I'm looking at it in bug 4213.

I took the one-line fix from the bug and applied it to my 3.0.2 system. 
  It seems to work.  Here's a patch:


--- Util.pm.cp  2005-03-22 11:12:54.000000000 -0600
+++ Util.pm     2005-03-23 11:23:31.000000000 -0600
@@ -787,7 +787,7 @@
    $uri =~ s,#.*$,,gs;                  # drop fragment
    $uri =~ s#^[a-z]+:/{0,2}##gsi;       # drop the protocol
    $uri =~ s,^[^/]*\@,,gs;              # username/passwd
-  $uri =~ s,[/\?\&].*$,,gs;            # path/cgi params
+  $uri =~ s,[/\?].*$,,gs;              # path/cgi params
    $uri =~ s,:\d+$,,gs;                 # port

    return if $uri =~ /\%/;         # skip undecoded URIs.