Re: URIBL plugins are broken
On 5/11/2015 9:46 AM, Reindl Harald wrote: stripped down and anonymized sample attached the real bad thing is that the part triggering the URIBL rules wrongly is the quote of the signature from the message replied to Am 11.05.2015 um 15:13 schrieb Reindl Harald: i face false positives where the links are just "facebook.com" with the http-prefix in front and NOT "com" between the http-prefix and the real facebook domain the domain with "com" in front is indeed on both URIBL but it just don#t exist in the messages at all - why does SA extract the domains wrong from the mailsource when there is no "comfacebook" at all besides the SA report? URIBL_DBL_SPAM Contains a spam URL [URIs: com__facebook.com] URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: com__facebook.com] Not a bug in SA. The plain text version of the email contains: a...@sepashvili.comfacebook.com/ketevan.sepashvili The subdomain sepashvili is dropped leaving comfacebook.com. Regards, KAM
Re: URIBL plugins are broken
Am 11.05.2015 um 15:43 schrieb Kevin A. McGrail: On 5/11/2015 9:13 AM, Reindl Harald wrote: i face false positives where the links are just "facebook.com" with the http-prefix in front and NOT "com" between the http-prefix and the real facebook domain the domain with "com" in front is indeed on both URIBL but it just don#t exist in the messages at all - why does SA extract the domains wrong from the mailsource when there is no "comfacebook" at all besides the SA report? URIBL_DBL_SPAM Contains a spam URL [URIs: com__facebook.com] URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: com__facebook.com] Don't know. Are you using 3.4.1? Can you provide a spample that reproduces the issue? 3.4.0, sample attached in my previous mail, sorry for not attach it in the first mail :-( signature.asc Description: OpenPGP digital signature
Re: URIBL plugins are broken
On 5/11/2015 9:13 AM, Reindl Harald wrote: i face false positives where the links are just "facebook.com" with the http-prefix in front and NOT "com" between the http-prefix and the real facebook domain the domain with "com" in front is indeed on both URIBL but it just don#t exist in the messages at all - why does SA extract the domains wrong from the mailsource when there is no "comfacebook" at all besides the SA report? URIBL_DBL_SPAM Contains a spam URL [URIs: com__facebook.com] URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: com__facebook.com] Don't know. Are you using 3.4.1? Can you provide a spample that reproduces the issue? regards, KAM
