You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Alex Regan <my...@gmail.com> on 2018/04/10 01:39:58 UTC
Adding to list of URL shorteners
Hi,
What's the best way to add a URL shortener to the current list? Would I
have to rewrite __URL_SHORTENER? I also notice this subrule doesn't
account for the https version of the list. Is that intentional?
More specifically, we've received some spam from back.ly. I could reject
it outright, but I'd like to create some meta rules that more generally
include any URL shortener.
I'm using KAMs rules, and it appears he's creating his own subrule based
on URL shorteners, but it's not even as inclusive as the stock SA subrule.
I'm also using DecodeShortURLs, and have added it to the url_shortener
list there, but it doesn't hit because the redirect is 404'd:
dbg: DecodeShortURLs: URL is not redirect: http://back.ly/1MMCf = 403
Forbidden
This means the email would still be received, but will still be
considered malicious and preventable by the recipient.
Ideas greatly appreciated.
Re: Adding to list of URL shorteners
Posted by "Kevin A. McGrail" <km...@apache.org>.
I am open to modifying my rules as needed. Send spamples via pastebin or
see the instructions in KAM.cf.
On Mon, Apr 9, 2018, 21:40 Alex Regan <my...@gmail.com> wrote:
> Hi,
>
> What's the best way to add a URL shortener to the current list? Would I
> have to rewrite __URL_SHORTENER? I also notice this subrule doesn't
> account for the https version of the list. Is that intentional?
>
> More specifically, we've received some spam from back.ly. I could reject
> it outright, but I'd like to create some meta rules that more generally
> include any URL shortener.
>
> I'm using KAMs rules, and it appears he's creating his own subrule based
> on URL shorteners, but it's not even as inclusive as the stock SA subrule.
>
> I'm also using DecodeShortURLs, and have added it to the url_shortener
> list there, but it doesn't hit because the redirect is 404'd:
>
> dbg: DecodeShortURLs: URL is not redirect: http://back.ly/1MMCf = 403
> Forbidden
>
> This means the email would still be received, but will still be
> considered malicious and preventable by the recipient.
>
> Ideas greatly appreciated.
>