Hi Martin > You can find out quite a lot about a spamming site with a few common > commandline tools: > > - 'ping' tells you of the hostname part of the UREL is valid > - 'host hostname' should get the sender's IP > - 'host ip' IOW a reverse host lookup, tells yo if the first > sender address was an alias > - 'lynx hostname' lets you see if there's a website there, which is > often useful (when prompted to accept cookies hit > 'V' to never accept them. This is IMO safer then > using Firefox etc because lynx shows all pages as > plaintext.
Yes, of course. The SWINOG spamtrap does this a bit more sophisticated: We check if there is a SOA for the URI. If not, we remove the part before the dot from the left and repeat until the URI contains at least one dot. If no SOA found, discard. So we end up with a list of valid 'base' domains and not TLD. I do this also for the extracted redirection target in case of google redirectors. BUT, my question was: I would need SpamAssassin to ALSO extract the target URI when encountering such a google redirector URL, and check that against URI blacklists. Is there already a module or easy way to do so? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________