You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/09/27 18:51:54 UTC
[Bug 3831] New: URIDNSBL Plugin Doesn't Correctly Extract .info URIs
http://bugzilla.spamassassin.org/show_bug.cgi?id=3831
Summary: URIDNSBL Plugin Doesn't Correctly Extract .info URIs
Product: Spamassassin
Version: 3.0.0
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P3
Component: Plugins
AssignedTo: dev@spamassassin.apache.org
ReportedBy: sandys@boreal.org
Running Spamassassin 3.0.0 on FreeBSD 4.9. I've experienced this same issue
using spamc/spamd called via procmail, and calling Spamassassin directly.
I've noticed two different Spam messages which conatin URI's that are listed in
multi.surbl.org, but which aren't hitting on the URIBL rules. Both are .info
domains. The debug output from Spamassassin -D shows that Spamassassin is
extracting the entire domain name rather than just the second level domain.
For example, one of these messages contains the following URIs:
http://tvuu.wneiis-planet.info/index.php?id=173&affid=6315 and
http://dkcw.wneiis-planet.info/gone.php. The debug output from this message
shows:
debug: uri found: http://tvuu.wneiis-planet.info/index.php?id=173&affid=6315
debug: uri found: http://dkcw.wneiis-planet.info/gone.php
debug: URIDNSBL: domains to query: tvuu.wneiis-planet.info dkcw.wneiis-planet.in
fo
Later in the debug output it shows:
debug: URIDNSBL: query for dkcw.wneiis-planet.info took 3 seconds to look up (mu
lti.surbl.org.:dkcw.wneiis-planet.info)
debug: URIDNSBL: query for tvuu.wneiis-planet.info took 3 seconds to look up (mu
lti.surbl.org.:tvuu.wneiis-planet.info)
debug: URIDNSBL: queries completed: 4 started: 0
debug: URIDNSBL: queries active: at Mon Sep 27 11:36:10 2004
Instead of checking for wneiis-planet.info, which is listed, Spamassassin is
checking for tvuu.wneiis-planet.info and dkcw.wneiis-planet.info, which are not
listed.
I experienced this same issue on a spam containing the URI
http://nstgtrwm.cncdiac.info/?D89RFJ8dJbeg6D7lkkxlj.
Debug output for that one showed:
debug: uri found: cid:part1.09050709.09040908@ibltsipt@netside.net
debug: uri found: http://nstgtrwm.cncdiac.info/?D89RFJ8dJbeg6D7lkkxlj
debug: URIDNSBL: domains to query: nstgtrwm.cncdiac.info netside.net
and
debug: URIDNSBL: query for nstgtrwm.cncdiac.info took 4 seconds to look up (mult
i.surbl.org.:nstgtrwm.cncdiac.info)
debug: URIDNSBL: query for netside.net took 4 seconds to look up (multi.surbl.or
g.:netside.net)
debug: URIDNSBL: queries completed: 4 started: 5
debug: URIDNSBL: queries active: at Mon Sep 27 11:42:41 2004
Again, cncdiac.info is listed but ntsgtrwm.cncdiac.info is not, so the URIBL
rules don't hit on this message.
The URIDNSBL checks are working correctly on every .com, .org, etc. domain that
I've checked, and are working correctly on some .info domains, too. For
example, they worked great on a spam referencing
http://vegetable.bestwneiis.info/index.php?id=173&affid=6464!
I can post full bodies of the Spam messages and Debug outputs if needed - just
didn't want to make this longer than it needed to be!
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.