Hi,

For a URL like:

https://substack.com/signup?r=to8ex

the Redirectors plugin from v402.pre generates:

http://to8exhttp://www.to8ex.com
→ domain: to8ex.com

even though no such URI exists anywhere in the message. URIDNSBL then
performs lookups against to8ex.com, which can trigger URI reputation rules
and false positives if that synthetic domain happens to exist.

I've filed a Bugzilla report with a minimal reproducer, debug output, and
the confirmation that disabling only the Redirectors plugin eliminates the
behavior.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8401

Thanks,
Alex





On Thu, Jun 25, 2026 at 10:40 AM John Hardin <[email protected]> wrote:

> On Wed, 24 Jun 2026, Alex wrote:
>
> > Hi, I hoped I could follow up on this.
> >
> > The issue is most certainly with the redirectors plugin from v402.
> > # ls -l
> /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Redirectors.pm
> > -r--r--r-- 1 root root 43525 Jun 21 20:00
> > /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Redirectors.pm
> >
> > Jun 24 22:20:58.866 [1769470] dbg: uri: canonicalizing html uri:
> >
> https://substack.com/signup?utm_source=substack&utm_medium=email&utm_content=footer&utm_campaign=autofilled-footer&[email protected]&r=to8ex
> > Jun 24 22:20:58.866 [1769470] dbg: uri: cleaned uri:
> >
> https://substack.com/signup?utm_source=substack&utm_medium=email&utm_content=footer&utm_campaign=autofilled-footer&[email protected]&r=to8ex
> > Jun 24 22:20:58.948 [1769470] dbg: Redirectors: Found embedded uri to8ex
> in
> >
> https://substack.com/signup?utm_source=substack&utm_medium=email&utm_content=footer&utm_campaign=autofilled-footer&[email protected]&r=to8ex
> > Jun 24 22:20:58.948 [1769470] dbg: uri: canonicalizing parsed uri:
> > http://to8ex
> > Jun 24 22:20:58.948 [1769470] dbg: uri: cleaned uri:
> http://www.to8ex.com
> > Jun 24 22:20:58.948 [1769470] dbg: uri: added host: www.to8ex.com
> domain:
> > to8ex.com
> > Jun 24 22:20:58.949 [1769470] dbg: uri: cleaned uri: http://to8ex
> >
> > Thanks,
> > Alex
>
> Please open a big in bugzilla.
>
> --
>   John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
>   [email protected]                         pgpk -a [email protected]
>   key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
>    Crime will expand according to our willingness to put up with it.
>                                                             -- Unknown
> -----------------------------------------------------------------------
>   9 days until the 250th anniversary of the Declaration of Independence
>

Reply via email to