I'm in the process of upgrading to Spamassassin 3.0 and am currently running my email through the new version of Spamassassin. I just had an email slip through that should have been caught by the URIDNSBL lookups - it's listed in all of the URI blacklists.
Here's a snippet from my debug output on the message that got through: debug: decoding: other encoding type (7bit), ignoring debug: uri found: http://tvuu.wneiis-planet.info/index.php?id=173&affid=6315 debug: uri found: http://dkcw.wneiis-planet.info/gone.php debug: URIDNSBL: domains to query: tvuu.wneiis-planet.info dkcw.wneiis-planet.info It appears that instead of querying for wneiis-planet.info, Spamassassin is attempting to query the full URL. wneiis-planet.info is listed in the URL RBLs, but tvuu.wneiis-planet.info and ckcw.wneiss-planet.info are not, so this email got through. The URIDNSBL is working fine on other messages - here's the log on a similar message where the URI DNS lookups worked correctly: debug: uri found: http://vegetable.bestwneiis.info/index.php?id=173&affid=6464 debug: uri found: http://verdict.bestwneiis.info/ads/whtbg.gif debug: uri found: http://bounce.bestwneiis.info/gone.php debug: uri found: http://pontificate.bestwneiis.info/index.php?id=173&affid=6464 debug: uri found: http://mill.bestwneiis.info/ads/photoadd15a.gif debug: URIDNSBL: domains to query: bestwneiis.info In this case it correctly extracted the domain to query as bestwneiis.info. Is this a bug or is there something I missed as I was RTFMing? Thanks for any help on this! Sandy S.
