You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Alex Regan <my...@gmail.com> on 2018/04/10 01:39:58 UTC

Adding to list of URL shorteners

Hi,

What's the best way to add a URL shortener to the current list? Would I 
have to rewrite __URL_SHORTENER? I also notice this subrule doesn't 
account for the https version of the list. Is that intentional?

More specifically, we've received some spam from back.ly. I could reject 
it outright, but I'd like to create some meta rules that more generally 
include any URL shortener.

I'm using KAMs rules, and it appears he's creating his own subrule based 
on URL shorteners, but it's not even as inclusive as the stock SA subrule.

I'm also using DecodeShortURLs, and have added it to the url_shortener 
list there, but it doesn't hit because the redirect is 404'd:

dbg: DecodeShortURLs: URL is not redirect: http://back.ly/1MMCf = 403 
Forbidden

This means the email would still be received, but will still be 
considered malicious and preventable by the recipient.

Ideas greatly appreciated.

Re: Adding to list of URL shorteners

Posted by "Kevin A. McGrail" <km...@apache.org>.

I am open to modifying my rules as needed.  Send spamples via pastebin or
see the instructions in KAM.cf.

On Mon, Apr 9, 2018, 21:40 Alex Regan <my...@gmail.com> wrote:

> Hi,
>
> What's the best way to add a URL shortener to the current list? Would I
> have to rewrite __URL_SHORTENER? I also notice this subrule doesn't
> account for the https version of the list. Is that intentional?
>
> More specifically, we've received some spam from back.ly. I could reject
> it outright, but I'd like to create some meta rules that more generally
> include any URL shortener.
>
> I'm using KAMs rules, and it appears he's creating his own subrule based
> on URL shorteners, but it's not even as inclusive as the stock SA subrule.
>
> I'm also using DecodeShortURLs, and have added it to the url_shortener
> list there, but it doesn't hit because the redirect is 404'd:
>
> dbg: DecodeShortURLs: URL is not redirect: http://back.ly/1MMCf = 403
> Forbidden
>
> This means the email would still be received, but will still be
> considered malicious and preventable by the recipient.
>
> Ideas greatly appreciated.
>