You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/09/27 18:51:54 UTC

[Bug 3831] New: URIDNSBL Plugin Doesn't Correctly Extract .info URIs

http://bugzilla.spamassassin.org/show_bug.cgi?id=3831

           Summary: URIDNSBL Plugin Doesn't Correctly Extract .info URIs
           Product: Spamassassin
           Version: 3.0.0
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Plugins
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: sandys@boreal.org


Running Spamassassin 3.0.0 on FreeBSD 4.9.  I've experienced this same issue 
using spamc/spamd called via procmail, and calling Spamassassin directly.

I've noticed two different Spam messages which conatin URI's that are listed in 
multi.surbl.org, but which aren't hitting on the URIBL rules.  Both are .info 
domains.  The debug output from Spamassassin -D shows that Spamassassin is 
extracting the entire domain name rather than just the second level domain.  
For example, one of these messages contains the following URIs: 
http://tvuu.wneiis-planet.info/index.php?id=173&affid=6315 and 
http://dkcw.wneiis-planet.info/gone.php.  The debug output from this message 
shows:

debug: uri found: http://tvuu.wneiis-planet.info/index.php?id=173&affid=6315
debug: uri found: http://dkcw.wneiis-planet.info/gone.php
debug: URIDNSBL: domains to query: tvuu.wneiis-planet.info dkcw.wneiis-planet.in
fo

Later in the debug output it shows:
debug: URIDNSBL: query for dkcw.wneiis-planet.info took 3 seconds to look up (mu
lti.surbl.org.:dkcw.wneiis-planet.info)
debug: URIDNSBL: query for tvuu.wneiis-planet.info took 3 seconds to look up (mu
lti.surbl.org.:tvuu.wneiis-planet.info)
debug: URIDNSBL: queries completed: 4 started: 0
debug: URIDNSBL: queries active:  at Mon Sep 27 11:36:10 2004

Instead of checking for wneiis-planet.info, which is listed, Spamassassin is 
checking for tvuu.wneiis-planet.info and dkcw.wneiis-planet.info, which are not 
listed.

I experienced this same issue on a spam containing the URI 
http://nstgtrwm.cncdiac.info/?D89RFJ8dJbeg6D7lkkxlj.

Debug output for that one showed:
debug: uri found: cid:part1.09050709.09040908@ibltsipt@netside.net
debug: uri found: http://nstgtrwm.cncdiac.info/?D89RFJ8dJbeg6D7lkkxlj
debug: URIDNSBL: domains to query: nstgtrwm.cncdiac.info netside.net

and

debug: URIDNSBL: query for nstgtrwm.cncdiac.info took 4 seconds to look up (mult
i.surbl.org.:nstgtrwm.cncdiac.info)
debug: URIDNSBL: query for netside.net took 4 seconds to look up (multi.surbl.or
g.:netside.net)
debug: URIDNSBL: queries completed: 4 started: 5
debug: URIDNSBL: queries active:  at Mon Sep 27 11:42:41 2004

Again, cncdiac.info is listed but ntsgtrwm.cncdiac.info is not, so the URIBL 
rules don't hit on this message.

The URIDNSBL checks are working correctly on every .com, .org, etc. domain that 
I've checked, and are working correctly on some .info domains, too.  For 
example, they worked great on a spam referencing 
http://vegetable.bestwneiis.info/index.php?id=173&affid=6464!  

I can post full bodies of the Spam messages and Debug outputs if needed - just 
didn't want to make this longer than it needed to be!



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.