Grayhat, > What about stripping off the *domain* of each URI and only adding it > along with a "count" value ? I mean, something like > > X-Assp-Detected-URI(1): hotmail.com:5, bar.net:3, foo.org:7
Not sure where the "URI(1):" came from. If it is supposed to change, I dislike that immensely. X-Assp-Detected-URI: hotmail.com:5, bar.net:3, foo.org:7 Well, that is certainly clean and easily parsed. I don't know if ASSP has a routine for limiting length of a header line. If domain list required multiple lines, which version below do you like: Multiple Lines ======================== X-Assp-Detected-URI: hotmail.com:5, bar.net:3, foo.org:7 ... X-Assp-Detected-URI: msn.com:5, google.net:3, people.org:7 ... ======================== Indented Lines ======================== X-Assp-Detected-URI: hotmail.com:5, bar.net:3, foo.org:7 ... msn.com:5, google.net:3, people.org:7 ... ======================== > > only add header lines for bad URI's? > > Sounds like a *good* idea too :) Hmmm. ASSP already adds "bad" URI hits to the header along with the points it scored (AddURIBLHeader). By adding the code I added, my goal was too get a clean list of the URI in the message, so that they could be added to a URIBL. So, I would certainly want the "good" and "bad" URI listed. For me, if a URI is listed in a trusted URIBL, the message gets rejected and never makes it through ASSP. So, I am only looking at messages that got through and I am looking for any URI. Also, while I use some of the public DNSBL and URIBL, I also run my own DNSBL and URIBL, which is the reason for collecting this information. Maybe two, possibly three, check boxes and two different headers: A checkbox for: X-Assp-Detected-URI: lists "good" URI A checkbox for: X-Assp-Listed-URI: lists "bad" URI A checkbox for: Adding the envelope from domain in one of the two lists above. Currently, my script skips/protects the from: domain, which is usually forged. I want the URI from the body. Michael Thomas Mathbox 978-687-3300 Toll Free: 1-877-MATHBOX (1-877-628-4269) ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
