You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Reindl Harald <h....@thelounge.net> on 2015/05/11 15:13:27 UTC
URIBL plugins are broken
i face false positives where the links are just "facebook.com" with the
http-prefix in front and NOT "com" between the http-prefix and the real
facebook domain
the domain with "com" in front is indeed on both URIBL but it just don#t
exist in the messages at all - why does SA extract the domains wrong
from the mailsource when there is no "comfacebook" at all besides the SA
report?
URIBL_DBL_SPAM Contains a spam URL
[URIs: com__facebook.com]
URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: com__facebook.com]
Re: URIBL plugins are broken
Posted by Reindl Harald <h....@thelounge.net>.
Am 11.05.2015 um 15:43 schrieb Kevin A. McGrail:
> On 5/11/2015 9:13 AM, Reindl Harald wrote:
>> i face false positives where the links are just "facebook.com" with
>> the http-prefix in front and NOT "com" between the http-prefix and the
>> real facebook domain
>>
>> the domain with "com" in front is indeed on both URIBL but it just
>> don#t exist in the messages at all - why does SA extract the domains
>> wrong from the mailsource when there is no "comfacebook" at all
>> besides the SA report?
>>
>> URIBL_DBL_SPAM Contains a spam URL
>> [URIs: com__facebook.com]
>>
>> URIBL_BLACK Contains an URL listed in the URIBL blacklist
>> [URIs: com__facebook.com]
>>
> Don't know. Are you using 3.4.1? Can you provide a spample that
> reproduces the issue?
3.4.0, sample attached in my previous mail, sorry for not attach it in
the first mail :-(
Re: URIBL plugins are broken
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 5/11/2015 9:13 AM, Reindl Harald wrote:
> i face false positives where the links are just "facebook.com" with
> the http-prefix in front and NOT "com" between the http-prefix and the
> real facebook domain
>
> the domain with "com" in front is indeed on both URIBL but it just
> don#t exist in the messages at all - why does SA extract the domains
> wrong from the mailsource when there is no "comfacebook" at all
> besides the SA report?
>
> URIBL_DBL_SPAM Contains a spam URL
> [URIs: com__facebook.com]
>
> URIBL_BLACK Contains an URL listed in the URIBL blacklist
> [URIs: com__facebook.com]
>
Don't know. Are you using 3.4.1? Can you provide a spample that
reproduces the issue?
regards,
KAM
Re: URIBL plugins are broken
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 5/11/2015 9:46 AM, Reindl Harald wrote:
> stripped down and anonymized sample attached
>
> the real bad thing is that the part triggering the URIBL rules wrongly
> is the quote of the signature from the message replied to
>
> Am 11.05.2015 um 15:13 schrieb Reindl Harald:
>> i face false positives where the links are just "facebook.com" with the
>> http-prefix in front and NOT "com" between the http-prefix and the real
>> facebook domain
>>
>> the domain with "com" in front is indeed on both URIBL but it just don#t
>> exist in the messages at all - why does SA extract the domains wrong
>> from the mailsource when there is no "comfacebook" at all besides the SA
>> report?
>>
>> URIBL_DBL_SPAM Contains a spam URL
>> [URIs: com__facebook.com]
>>
>> URIBL_BLACK Contains an URL listed in the URIBL blacklist
>> [URIs: com__facebook.com]
>
Not a bug in SA.
The plain text version of the email contains:
art@sepashvili.comfacebook.com/ketevan.sepashvili
The subdomain sepashvili is dropped leaving comfacebook.com.
Regards,
KAM
Re: URIBL plugins are broken
Posted by Reindl Harald <h....@thelounge.net>.
stripped down and anonymized sample attached
the real bad thing is that the part triggering the URIBL rules wrongly
is the quote of the signature from the message replied to
Am 11.05.2015 um 15:13 schrieb Reindl Harald:
> i face false positives where the links are just "facebook.com" with the
> http-prefix in front and NOT "com" between the http-prefix and the real
> facebook domain
>
> the domain with "com" in front is indeed on both URIBL but it just don#t
> exist in the messages at all - why does SA extract the domains wrong
> from the mailsource when there is no "comfacebook" at all besides the SA
> report?
>
> URIBL_DBL_SPAM Contains a spam URL
> [URIs: com__facebook.com]
>
> URIBL_BLACK Contains an URL listed in the URIBL blacklist
> [URIs: com__facebook.com]