RE: URI Tests and Japanese Chars (solved)

16 Mar 2005 13:48:00 -0000 

This is an excerpt that I used in trying to track it down.  No real mailto URI 
(Bunless there is some translation going on with email addresses embedded in the 
(Bbody by the email client on send.  At first, I just thought it might be a bug 
(Bsince the messages were using ISO-2022-JP character set but if I sent just a 
(Bplain text message with just the [EMAIL PROTECTED] in the body, then URIBL_SBL 
(Bwas tripped. 
(B
(B*****
(B----- Original Message -----
(BFrom: "user1" <[EMAIL PROTECTED]>
(BTo: "user2" <[EMAIL PROTECTED]>
(BSent: Friday, March 11, 2005 11:14 AM
(BSubject: Re: $BFb;[EMAIL PROTECTED](J 
(B
(B*******
(B
(B-=B
(B
(B
(B-----Original Message-----
(BFrom: Jeff Chan [mailto:[EMAIL PROTECTED] 
(BSent: Wednesday, March 16, 2005 7:52 AM
(BTo: users@spamassassin.apache.org
(BSubject: Re: URI Tests and Japanese Chars (solved)
(B
(BOn Wednesday, March 16, 2005, 3:55:52 AM, Bobby Rose wrote:
(B 
(B> I figured out the problem, it' was the an individuals email address in 
(B> the message body (even though not a mailto).  Their email domain isn't 
(B> listed at spamhaus.org but it turns out one of their ISPs DNS servers 
(B> are which they are using as secondary.  This makes the second time 
(B> I've come across this.  The last time it was an ISP's (pipex.net) DNS 
(B> server in the U.K. that was tripping the URIBL_SBL rule.
(B
(B> This time the user is in the med.juntendo.ac.jp (Juntendo Univ Med
(B> School) who's ISP is cwidc.net and the DNS server  ns03.cwidc.net
(B> (154.33.17.212) is the one in spamhaus.org which they say is hosting a 
(B> long time spammer.  
(B> http://www.spamhaus.org/sbl/sbl.lasso?query=SBL17240
(B
(B> Does URI checking really need to be so thorough?  Obviously there must 
(B> be some bias at spamhaus if the big named ISPs don't get their name 
(B> servers listed because we know that they provide services to spammers.
(B> Any idea on how to limit the scope to just the URI at it's face value?
(B
(Buridnsbl used in the default rule URIBL_SBL does check domain name servers 
(Bagainst SBL, but I'm kind of surprised to hear it triggering on email 
(Baddresses.  It should definitely be checking web sites and the like.  Can you 
(Bgive a sample of the text it hit?  Was it in URI form like:
(B
(B  mailto://[EMAIL PROTECTED]
(B
(BThat said, I agree that the SBL listings are at times overbroad.
(BName servers for gov.ru and spb.ru for example are listed (ns.rtcomm.ru and 
(Bns1.relcom.ru respectively).  Listings like those can cause false positives, 
(Band I personally object to deliberately harming innocent bystanders to 
(B"pressure" ISPs.
(B
(BJeff C.
(B--
(BJeff Chan
(Bmailto:[EMAIL PROTECTED]
(Bhttp://www.surbl.org/

Reply via email to