https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7651
Bug ID: 7651 Summary: Invalid domains in uri parser Product: Spamassassin Version: SVN Trunk (Latest Devel Version) Hardware: PC OS: Windows NT Status: NEW Severity: normal Priority: P2 Component: Libraries Assignee: dev@spamassassin.apache.org Reporter: h...@hege.li Target Milestone: Undefined As discussed on mailing list. Opening this to investigate what kinds of crap end up in uri lists especially with the schemeless uri parser. [a-z\d][a-z\d._-]{0,251}\.${tldsRE} Seems a bit simple since it can match anything like a "1-------------------------------------------------------------------------------------------------------------.com". Perhaps check hostname validity more carefully, characters, individual part length (<64) etc. On Mon, Nov 05, 2018 at 02:44:29PM +0000, RW wrote: > On Sun, 04 Nov 2018 19:28:02 -0500 > Bill Cole wrote: > > > On 4 Nov 2018, at 16:27, Henrik K wrote: > > > > > Can someone actually register and use a domain with underscore in > > > it? > > > > No. > > > ... > > I support the concept of not treating domain-name-like strings that > > are not valid hostnames as if they are URI domain-parts. That would > > mean anything with an underscore. It MIGHT be more prudent to exempt > > leading-underscore labels, as those can be legal domain names that > > could have CNAME or DNAME records mapping them to working hostnames. > > I created an A-record at Namecheap for a_b.mydomain.tld and > neither firefox nor chromium had a problem with it. > > I think the ideal would be to allow underscores when parsing-out domain > names and then discard anything with an underscore in the registered > part. I've applied this to trunk. Since it's mainly problem with unnecessary URIBL queries, that's what I've patched for now. Need to ponder if it's ok to filter completely out of get_uri_detail_list internals. Sending lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm Transmitting file data .done Committing transaction... Committed revision 1845807. -- You are receiving this mail because: You are the assignee for the bug.