M>-----Original Message----- M>From: Rakesh [mailto:[EMAIL PROTECTED] M>Sent: 07 May 2005 07:41 M>To: [EMAIL PROTECTED]; users@spamassassin.apache.org M>Subject: Way to evade URI checks M> M>Seems Spammers have found a way to evade the URI checks M> M>the domain coolestrxever.com is listed in multi.surbl.org. M>But the spammers managed to to evade the URI checks by M>appending special charaters at the end of the url which are M>happily allowed by the browsers. M> M>The spam that I recieved had M> M>http://www.coolestrxever.com: (aa colon at the end of the url) M> M>After a bit of R&D I found the other options for spammers to M>carry this techinque M> M>http://www.coolestrxever.com; (a semicolon) M>http://www.coolestrxever.com, (a comma) M>http://www.coolestrxever.com. (a fullstop) M>http://www.coolestrxever.com? (a question mark) M> M>With all these special characters at the end of url, URI M>checks tries to make lookup as M> M>debug: querying for coolestrxever.com:.sc.surbl.org M> M>End result, passed the promising URI checks. M> M>I am seeing the first of its kind of spam. If any version of M>Spamassassin fixes this in its URI retrieval program please M>let me know M> M>-- There is a fix for these in the bugzilla, came in correctly caught by SURBL here, using 3.0.2. There is two fixes I have applied and seems to catch the URL split over lines too, not sure if these are included in 3.0.3, I suspect this one is.
Martin
