On Thu, 29 Jul 2004 11:40:20 -0300 Mariano Absatz <[EMAIL PROTECTED]> wrote:
> On Thu, 29 Jul 2004 09:24:31 -0500, Bob Apthorpe > <[EMAIL PROTECTED]> wrote: > > On Thu, 29 Jul 2004 10:40:44 -0300 Mariano Absatz <[EMAIL PROTECTED]> wrote: > > > > > I was wondering... > > [...] > > > What would happen if a spammer intentionally starts putting hundreds > > > of different invisible random URIs within the message trying to DoS > > > SURBL? > > > > One can compensate for this by testing only a few, visible URIs, or > > skipping the RHSBL tests altogether and triggering the > > "MAIL_HAS_CRAPLOAD_OF_INVISIBLE_URIS" rule. Or something like that. > > Right... but I don't want to get rid of SURBL... it is working very > nicely, it finds a lot of spam and I have yet to find a FP myself > (though others have seen them)... > > My question is more to the people that developed the SURBL plugins for > SA (or those that have read and understood them), to know if there's > something in the plugins to avoid a DoS attempt of this kind. I'm sorry - I didn't make myself clear. What I meant was that one can compensate for this within the code. I haven't looked that deeply into the source, but I would be surprised if there wasn't some logic to catch 'gaming' of the system. -- Bob
