Ben Poliakoff wrote:
So I've noticed that the URIDNSBL.pm in the 3.1 snapshots seems to
recognize obfuscated URIs much better than in 3.0.x.
In other words I was looking at a message that my relatively well
maintained 3.0.3 installation didn't catch. Then I tried running the
same message through my personal 3.1 snapshot installation. The 3.1
installation gave the message a comparatively high score (do to the
domain being listed in multiple SURBLs).
The message in question contained some lines like this:
copy-paste the u[r]l to finish.....
ez-rate*MUNGED*.info
The 3.1 code recoginized the domain name readily, looked it up and found
it in almost all of the SURBLs. But the 3.0.3 code didn't spot it (and
the message scored on bayes alone).
Is there any straightforward way to backport some of this goodness to
3.0.x? I don't mind running the development snapshots at home but at
work I have to answer to a couple thousand users...
Here is the bug concerning the copy-paste urls:
http://bugzilla.spamassassin.org/show_bug.cgi?id=4208
I have just posted a backport patch there. I doubt that it will get
added to 3.0.4 (if there ever is one) but you should be able to apply it
to your local install. Although, I should point out that this backport
has not been tested any further than 'make test'.
-Stuart
