You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2005/06/24 14:18:40 UTC
[Bug 4426] New: URIBL evasion technique
http://bugzilla.spamassassin.org/show_bug.cgi?id=4426
Summary: URIBL evasion technique
Product: Spamassassin
Version: 3.0.4
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Plugins
AssignedTo: dev@spamassassin.apache.org
ReportedBy: dan.mcdonald@austinenergy.com
uri's with the http:// part encoded are not caught by the parser:
debug: uri found: cid:07e501c5258e$92fa9ac0$52fca8fe@efe-uk.com
debug: uri found:
%68LOPDKDWUZKEMWCNLMKEKIIRIZOUKOXYIAKBBNJQAGDNUHLAIVLZQQJWXOLWBRPTXSIUSDREJGWJSZVLMZWFMEHOULBUDCMAJHHBZCLZLWWHFEBTUFOSTGKRDMBWYHITRROACYQKGNSNSFWVOPHERZAWK%70:/%2Fjazevfk.com&<mqbmtqsgdj9khye39yfuqj%2Edefunctionej.com/
debug: uri found: mailto:conley@austinenergy.com
debug: uri found:
hLOPDKDWUZKEMWCNLMKEKIIRIZOUKOXYIAKBBNJQAGDNUHLAIVLZQQJWXOLWBRPTXSIUSDREJGWJSZVLMZWFMEHOULBUDCMAJHHBZCLZLWWHFEBTUFOSTGKRDMBWYHITRROACYQKGNSNSFWVOPHERZAWKp://jazevfk.com&%3cmqbmtqsgdj9khye39yfuqj.defunctionej.com/
debug: URIDNSBL: domains to query: efe-uk.com
defunctionej.com is listed in uribl black and this messages should have been
flagged...
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4426] URIs missed: hLONGSTREAMOFGIBBERISHp as protocol
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4426
jm@jmason.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|URIBL evasion technique |URIs missed:
| |hLONGSTREAMOFGIBBERISHp as
| |protocol
------- Additional Comments From jm@jmason.org 2005-07-13 11:15 -------
retitled
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4426] URIBL evasion technique
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4426
Bob@Menschel.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|Undefined |3.1.0
Version|3.0.4 |SVN Trunk (Latest Devel
| |Version)
------- Additional Comments From Bob@Menschel.net 2005-07-03 18:56 -------
3.1.0 pre-3 debug output gives a few more lines, but same effect:
[14616] dbg: uri: html uri found,
%68LOPDKDWUZKEMWCNLMKEKIIRIZOUKOXYIAKBBNJQAGDNUHLAIVLZQQJWXOLWBRPTXSIUSDREJGWJSZVLMZWFMEHOULBUDCMAJHHBZCLZLW
WHFEBTUFOSTGKRDMBWYHITRROACYQKGNSNSFWVOPHERZAWK%70:/%2Fjazevfk.com&<mqbmtqsgdj9khye39yfuqj%2Edefunctionej.com/
[14616] dbg: uri: cleaned html uri,
%68LOPDKDWUZKEMWCNLMKEKIIRIZOUKOXYIAKBBNJQAGDNUHLAIVLZQQJWXOLWBRPTXSIUSDREJGWJSZVLMZWFMEHOULBUDCMAJHHBZCLZ
LWWHFEBTUFOSTGKRDMBWYHITRROACYQKGNSNSFWVOPHERZAWK%70:/%2Fjazevfk.com&<mqbmtqsgdj9khye39yfuqj%2Edefunctionej.com/
[14616] dbg: uri: cleaned html uri,
hLOPDKDWUZKEMWCNLMKEKIIRIZOUKOXYIAKBBNJQAGDNUHLAIVLZQQJWXOLWBRPTXSIUSDREJGWJSZVLMZWFMEHOULBUDCMAJHHBZCLZLW
WHFEBTUFOSTGKRDMBWYHITRROACYQKGNSNSFWVOPHERZAWKp://jazevfk.com&%3cmqbmtqsgdj9khye39yfuqj.defunctionej.com/
[14616] dbg: uri: parsed uri found, mailto:conley@austinenergy.com
[14616] dbg: uri: cleaned parsed uri, mailto:conley@austinenergy.com
[14616] dbg: uri: parsed domain, austinenergy.com
[14616] dbg: uri: parsed uri found, mailto:conley@austinenergy.com
[14616] dbg: uri: parsed domain, austinenergy.com
[14616] dbg: uridnsbl: domains to query: efe-uk.com
Updating version, and also setting target to 3.1.0, in hopes this can be fixed
before official release. If not, should be scheduled for 3.1.1
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4426] URIs missed: hLONGSTREAMOFGIBBERISHp as protocol
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4426
duncf@debian.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|3.1.0 |3.1.1
------- Additional Comments From duncf@debian.org 2005-07-23 17:31 -------
Daniel, does that actually work as a link? (If so, what mail program are you using?)
Moving to 3.1.1.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4426] URIBL evasion technique
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4426
------- Additional Comments From jm@jmason.org 2005-07-13 11:14 -------
umm, how the hell does that work? *does* that work in any MUA?
'hLOPDKDWUZKEMWCNLMKEKIIRIZOUKOXYIAKBBNJQAGDNUHLAIVLZQQJWXOLWBRPTXSIUSDREJGWJSZVLMZWFMEHOULBUDCMAJHHBZCLZLWWHFEBTUFOSTGKRDMBWYHITRROACYQKGNSNSFWVOPHERZAWKp:'
is certainly not a valid URI protocol spec ;) but if it does work we have to
catch it.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4426] URIBL evasion technique
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4426
------- Additional Comments From dan.mcdonald@austinenergy.com 2005-06-24 05:22 -------
Created an attachment (id=2954)
--> (http://bugzilla.spamassassin.org/attachment.cgi?id=2954&action=view)
Sample showing evasive technique
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4426] URIs missed: hLONGSTREAMOFGIBBERISHp as protocol
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4426
felicity@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
------- Additional Comments From felicity@apache.org 2006-02-09 05:27 -------
having heard nothing, I'm going to close out this ticket. as far as we know, the URL specified won't
actually work in an MUA/browser. If this isn't the case, please let us know what programs accept these.
Thanks.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.