Jeremy Kister wrote: > I noticed that after I sent an email, it got tagged with an incorrect rule: > > 1.1 URIBL_SBL Contains an URL listed in the SBL blocklist > [URIs: illas.com] > > in fact, what I sent was a lot of email addresses at getawayvillas.com > > the messages are temporarily at http://jeremy.kister.net/tmp/ > > uribl_sbl.txt is the original message > uribl_sbl-sa.txt is the message after spamc processing. > > Note: It's only the URIBL_SBL that i'm concerned with. > > Any idea what's going on?
Looks like a bug in SA 3.1.0's parsing of mailto URIs. Using SA 3.1.0 on your input I get this debug out: [23263] dbg: uri: parsed uri found, mailto:<CENSORED>@getawayvillas.com [23263] dbg: uri: cleaned parsed uri, mailto:<CENSORED>@getawayvillas.com [23263] dbg: uri: parsed domain, getawayvillas.com [23263] dbg: uri: parsed uri found, illas.com [23263] dbg: uri: cleaned parsed uri, illas.com [23263] dbg: uri: cleaned parsed uri, http://illas.com [23263] dbg: uri: parsed domain, illas.com [23263] dbg: uri: parsed uri found, http://illas.com [23263] dbg: uri: cleaned parsed uri, http://illas.com [23263] dbg: uri: parsed domain, illas.com <snip, whole bunch of the same> [21710] dbg: uri: parsed uri found, mailto:<censored>@getawayvillas.com [21710] dbg: uri: cleaned parsed uri, mailto:<censored>@getawayvillas.com [21710] dbg: uri: parsed domain, getawayvillas.com [21710] dbg: uridnsbl: domains to query: illas.com I also tried editing the first line to "<censored>@getawayillas.com" and then all the HTTP URI bits and the domains to query became "llas.com" Since when does "getawa" parse as http:/ ?? I think the parser is getting very confused.
