mouss wrote: > Bill Landry wrote: >> I've posted a short pharma spam message to: >> >> http://www.inetmsg.com/spam.txt >> >> and debug output to: >> >> http://www.inetmsg.com/sa-debug.txt >> >> It displays a single URI linked line in an e-mail client that only >> displays: "Please visit our shop." There seems to be something about >> the URI in the message that allows it to bypass all URIBL testing by >> SpamAssassin. >> >> The domain is listed in the following URIBLs: >> >> URIBL_JP_SURBL >> URIBL_OB_SURBL >> >> dig canadiansitetable.com.multi.surbl.org +short >> 127.0.0.80 >> >> and URIBL_BLACK >> >> dig canadiansitetable.com.multi.uribl.com +short >> 127.0.0.2 >> >> Yet there were no URIBL hits. The message scored high and was tagged as >> spam, but I'm just curious as to what it is about this message that >> allowed it to bypass all SA URIBL tests? >> >> I'm running spamassassin -V >> SpamAssassin version 3.2.5 >> running on Perl version 5.8.8 >> >> And in case you're wondering, I'm not using the shortcircuit plugin. >> > > looks like a bug. it looks like in > '.... http://uri....' > the uri isn't detected (aka quoted-string). > > In the message, the URI is insisde quoted (the one in "You'll" and the > one in "don't"). if you remove one of the quotes or if you break the > line so that they aren't in the same line, the URI is detected.
Thanks, I've opened up a bug report: Bug 6017. Bill
