You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Jeremy Kister <sp...@jeremykister.com> on 2005/12/05 09:06:35 UTC

URIBL_SBL error

I noticed that after I sent an email, it got tagged with an incorrect rule:

 1.1 URIBL_SBL              Contains an URL listed in the SBL blocklist
                            [URIs: illas.com]

in fact, what I sent was a lot of email addresses at getawayvillas.com

the messages are temporarily at http://jeremy.kister.net/tmp/

uribl_sbl.txt is the original message
uribl_sbl-sa.txt is the message after spamc processing.

Note: It's only the URIBL_SBL that i'm concerned with.

Any idea what's going on?


-- 

Jeremy Kister
http://jeremy.kister.net./

Re: URIBL_SBL error

Posted by Theo Van Dinter <fe...@apache.org>.

On Mon, Dec 05, 2005 at 12:02:49PM -0500, Matt Kettler wrote:
> I also tried editing the first line to "<censored>@getawayillas.com" and then
> all the HTTP URI bits and the domains to query became "llas.com"
> 
> Since when does "getawa" parse as http:/ ??
> 
> I think the parser is getting very confused.

No, the URI parser is actually working right.  Per my previous message,
the message gets turned into a paragraph which is too large and gets
split.  "llas.com" is then seen as a raw domain in the message, and it's
assumed to be http.

-- 
Randomly Generated Tagline:
Isn't "half-duplex" just an apartment?

Re: URIBL_SBL error

Posted by Matt Kettler <mk...@evi-inc.com>.

Jeremy Kister wrote:
> I noticed that after I sent an email, it got tagged with an incorrect rule:
> 
>  1.1 URIBL_SBL              Contains an URL listed in the SBL blocklist
>                             [URIs: illas.com]
> 
> in fact, what I sent was a lot of email addresses at getawayvillas.com
> 
> the messages are temporarily at http://jeremy.kister.net/tmp/
> 
> uribl_sbl.txt is the original message
> uribl_sbl-sa.txt is the message after spamc processing.
> 
> Note: It's only the URIBL_SBL that i'm concerned with.
> 
> Any idea what's going on?


Looks like a bug in SA 3.1.0's parsing of mailto URIs.

Using SA 3.1.0 on your input I get this debug out:


[23263] dbg: uri: parsed uri found, mailto:<CENSORED>@getawayvillas.com
[23263] dbg: uri: cleaned parsed uri, mailto:<CENSORED>@getawayvillas.com
[23263] dbg: uri: parsed domain, getawayvillas.com
[23263] dbg: uri: parsed uri found, illas.com
[23263] dbg: uri: cleaned parsed uri, illas.com
[23263] dbg: uri: cleaned parsed uri, http://illas.com
[23263] dbg: uri: parsed domain, illas.com
[23263] dbg: uri: parsed uri found, http://illas.com
[23263] dbg: uri: cleaned parsed uri, http://illas.com
[23263] dbg: uri: parsed domain, illas.com

<snip, whole bunch of the same>
[21710] dbg: uri: parsed uri found, mailto:<censored>@getawayvillas.com
[21710] dbg: uri: cleaned parsed uri, mailto:<censored>@getawayvillas.com
[21710] dbg: uri: parsed domain, getawayvillas.com
[21710] dbg: uridnsbl: domains to query: illas.com



I also tried editing the first line to "<censored>@getawayillas.com" and then
all the HTTP URI bits and the domains to query became "llas.com"

Since when does "getawa" parse as http:/ ??

I think the parser is getting very confused.

Re: URIBL_SBL error

Posted by Theo Van Dinter <fe...@apache.org>.

On Mon, Dec 05, 2005 at 03:06:35AM -0500, Jeremy Kister wrote:
>  1.1 URIBL_SBL              Contains an URL listed in the SBL blocklist
>                             [URIs: illas.com]
> 
> in fact, what I sent was a lot of email addresses at getawayvillas.com
> 
> Note: It's only the URIBL_SBL that i'm concerned with.
> 
> Any idea what's going on?

Interesting.  The issue is related to maximum line length internally.
Basically the whole thing looks like a big paragraph, so SA puts it all in one
line, realizes the line is too long and splits it.  The split, though, doesn't
happen at a word boundary, it just gets split:

[...]
jgb@getawayvillas.com 1 jgd@getawayvillas.com 1 jjs@getawayvillas.c
om 1 johninsd@getawayvillas.com 1 josh@getawayvillas.com
[...]
spidb@getawayvillas.com 1 srahtz@getawayv
illas.com 1 stenman@getawayvillas.com
[...]

I'd open up a bugzilla ticket about it, we should probably try splitting at a
word boundary so we avoid issues like this.

-- 
Randomly Generated Tagline:
Lowery's Law:
 	If it jams -- force it.  If it breaks, it needed replacing anyway.