Hi All,
On 17/09/10 14:11, Steve Freegard wrote:
Hi All,
Recently I've been getting a bit of filter-bleed from a bunch of spams
injected via Hotmail/Yahoo that contain shortened URLs e.g. bit.ly/foo
that upon closer inspection would have been rejected with a high score
if the real URL had been used.
To that end - it annoyed me enough to write a plug-in that decodes the
shortened URL using an HTTP HEAD request to extract the location header
sent by the shortening service and to put this into the list of
extracted URIs for other plug-ins to find (such as URIDNSBL).
On the messages I tested it with - it raised the scores from <5 to >10
based on URIDNSBL hits which is just what I wanted.
Hopefully it will be useful to others; you can grab it from:
http://www.fsl.com/support/DecodeShortURLs.pm
http://www.fsl.com/support/DecodeShortURLs.cf
I've just put up a new version at the above URLs (v0.3) which adds the
following new features:
- Now follows 'chained' short URLs (e.g. shortURL -> shortURL -> real)
When chained URLs are detected the rule 'SHORT_URL_CHAINED' is fired.
If a chained loop is detected the rule 'SHORT_URL_LOOP' is fired.
If more than 10 chained URLs are found 'SHORT_URL_MAXCHAIN' is fired and
no further redirections are checked.
- If the shortener returns 404 (e.g. not found) for the short URL then
'SHORT_URL_404' is fired.
- Prevent amavis from die'ing on eval block tests by adding "local
$SIG{'__DIE__'} to each block.
- Added option to allow logging to syslog (mail.info).
Kind regards,
Steve.
