Stuart Johnston writes:
I have been receiving pill spams lately that have an ampersand encoded in the URL. This seems to confuse URIDNSBL and results in the message passing through. A debug output shows this:
debug: uri found: http://www.awt&fdaojj.com.easysimpleRx-munged.com/b/S0gyR2twMGpWbjkxQkQxQThihxqq
debug: uri found: cid:nkgdtaag_vlowqjgt_lnzapnhg
debug: uri found: http%3A//www.awt%26fdaojj.com%2Eeasysimple%52x%2Ecom/b/S0gyR2twMGpWbjkxQkQxQThihxqq
debug: URIDNSBL: domains to query:
Any suggestions?
It's a very sneaky one alright -- I'm looking at it in bug 4213.
I took the one-line fix from the bug and applied it to my 3.0.2 system. It seems to work. Here's a patch:
--- Util.pm.cp 2005-03-22 11:12:54.000000000 -0600 +++ Util.pm 2005-03-23 11:23:31.000000000 -0600 @@ -787,7 +787,7 @@ $uri =~ s,#.*$,,gs; # drop fragment $uri =~ s#^[a-z]+:/{0,2}##gsi; # drop the protocol $uri =~ s,^[^/]*\@,,gs; # username/passwd - $uri =~ s,[/\?\&].*$,,gs; # path/cgi params + $uri =~ s,[/\?].*$,,gs; # path/cgi params $uri =~ s,:\d+$,,gs; # port
return if $uri =~ /\%/; # skip undecoded URIs.