New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SURBL problems #108

Closed
paologroppo opened this Issue Jun 22, 2015 · 7 comments

Comments

Projects
None yet
3 participants
@paologroppo
Copy link

paologroppo commented Jun 22, 2015

I use hMailserver 5.6.3-B2249, and experienced some problems with antispam features.

1- I receive "SURBL: DNS query failed." for every domain, if I restart hMailserver the problem goes away but return after some time (dns settings are ok)

2- the urls submitted to URIBL servers are not correctly formatted, look at these log examples:

"DEBUG" 5888 "2015-06-21 10:10:01.894" "SURBL: Found URL: groupon.it?nlp=&cid=it_crm_1_0_0_172&a=242&utm_source=newsletter&utm_medium=email&sid=ff9a7e25-3cv1-4bbe-8762-51fdbf178f15&division=verona&uh=2f91dc31-940a-6da1-b472-3cc617b1eb54&date=20152106&sender=rm&s=footer&c=link&d=contact"
"DEBUG" 5888 "2015-06-21 14:27:23.597" "SURBL: Found URL: grosso@veroca.com"

In the first case everything after "?" must be deleted to get correct domain name.
In the second case the original url was "http://jdjj.ozrust.link?email=poalo.grosso@veroca.com"

3- "multi.uribl.com", that usually stops thousands of spam emails every day (and I don't know a valid alternative), stopped working with hmailserver because does no more respond "NXDOMAIN" but 127.0.0.1 (blocked) or 127.0.0.2 (black) or 127.0.0.4 (grey) or 127.0.0.8 (red), and there is no way to configure this on hmailserver. hmailserver configured with multi.uribl.com now marks every email with a link inside as spam.

4- A "SURBL: DNS query failed." on a domain will abort all checks for that SURBL server.

@OutbackMatt

This comment has been minimized.

Copy link

OutbackMatt commented Jul 8, 2015

#3 I use multi.surbl.org

Isn't #4 the same as #1
(I haven't seen this issue)

Have you checked on the forum about this?? https://www.hmailserver.com/forum/

@paologroppo

This comment has been minimized.

Copy link

paologroppo commented Jul 11, 2015

In my opinion multi.surbl.org does not catch so many spam uri as multi.uribl.com. I use it too.
I'M trying to reproduce the issue.
At the moment I can say that a uri with this format in a message:

http://aaa.aaa.xyz?email=aaa.aaao@aaa.com

produce a "DNS query failed".
I receive thousands of spam emails everyday with a link like this inside the message, causing "DNS query failed" and nullifying SURBL checks

@OutbackMatt

This comment has been minimized.

Copy link

OutbackMatt commented Jul 12, 2015

Does it just cause that ONE SURBL check (ie just that URL), or does that happen for all URLs in that message?

@paologroppo

This comment has been minimized.

Copy link

paologroppo commented Jul 12, 2015

Just for that url looking at the logs, the problem is that with a "DNS query failed" all SURBL checking process stop and the current checked message does not receive any spam score.

@paologroppo

This comment has been minimized.

Copy link

paologroppo commented Jul 29, 2015

In some conditions hMailserver does not translate URI >>> DOMAIN NAME correctly. Every URI with a query string produce a "DNS query failed". In fact URI with query string is submitted to SURBL:

"DEBUG" 8944 "2015-07-29 10:17:01.606" "SURBL: Found URL: spartoo.it?track_id=news_a_36993_145970&utm_source=news_autre&utm_medium=newsletter&utm_campaign=news_a_36993_148970&email_crm=9c5c2cea19682823cf09b541abe9e033&link=6808777"
"DEBUG" 8944 "2015-07-29 10:17:01.763" "SURBL: DNS query failed."
"DEBUG" 8944 "2015-07-29 10:17:01.763" "Spam test: SpamTestSURBL, Score: 0"

After that no score is assigned to message even if one of the multiple URI matched.

@paologroppo

This comment has been minimized.

Copy link

paologroppo commented Jul 29, 2015

I'M not a C coder but in SURBL.cpp on line 147:

if (c == '<' || c == '/' || c == '' || c == '>' ||c == ' ' || c == '"' || c == ''')

changing to:

if (c == '<' || c == '/' || c == '' || c == '>' ||c == ' ' || c == '"' || c == ''' | c=='?'| c=='&')

may solve the problem with query string.

@martinknafve

This comment has been minimized.

Copy link
Collaborator

martinknafve commented May 3, 2016

Fixed in 5.7. I've replaced the old implementation with a regular expression to extract the addresses.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment