On Monday, July 24, 2006, 1:34:35 AM, Daryl O'Shea wrote: > Being a simple visible redirector, SA actually does detect it:
> [7375] dbg: uri: cleaned html uri, > http://1092229727:9999/https-www.paypal.com/webscrr/index.php > [7375] dbg: uri: html domain, google.com > The problem is that SA doesn't then go on to do checks on the IP > 1092229727 (CPE-65-26-26-95.kc.res.rr.com [65.26.26.95]) like it would > if it was in dotted-quad notation. Thus the hit on Sorbs' DUHL is avoided. > This is definitely a bug. Please open a bug report and attach a > complete sample to the bug. > > http://issues.apache.org/SpamAssassin/ Note that we also blacklist phish site IPs on SURBLs, when they appear as IPs. In this case I blacklisted 1092229727 as 65.26.26.95, so hopefully any SA patch checks these in terms of dotted quad and not 1092229727. Arguments could probably be made for checking either, but for SURBLs, IPs are expected to be dotted quads only. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
