5467 – URI_NOVOWEL triggering on URI instead of hostname

Bug 5467 - URI_NOVOWEL triggering on URI instead of hostname

Summary: URI_NOVOWEL triggering on URI instead of hostname

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (show other bugs)
Version:	3.2.0
Hardware:	All Linux

Importance:	P5 normal
Target Milestone:	Undefined
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-05-17 19:41 UTC by Jason Haar
Modified:	2007-05-17 20:22 UTC (History)
CC List:	0 users

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jason Haar 2007-05-17 19:41:55 UTC

We have a Webapp that generates emails and I noticed SA-3.2.0 was scoring it
rather highly. I've been seeing what we can change to make SA happier, but found
what I think is a bug.

We generate a multipart (i.e. text and html versions) mail message containing
links. One of them is hitting URI_NOVOWEL for no good reason. The text version
is wrapped (as it's so long) as follows:

https://xxxxx.trimble.yyy/ascripthere.php?owner=something
   d.com&mail=amFz8a5cd&serial=12E1&id=34320c962bf
   bd6dd

"spamassassin -D" says it matches URI_NOVOWEL against the servername name
"d.com" - which obviously is incorrect.

[27806] dbg: rules: ran uri rule URI_NOVOWEL ======> got hit:
"http://d.com&mail=amFz8a5cd"


I'd guess the code that pulls URLs out of the email has got something wrong?

Thanks

Jason

Comment 1 Sidney Markowitz 2007-05-17 20:08:39 UTC

To simplify the testing process could you please attach an example email that
demonstrates the problem? Just remove all the extra stuff from your actual email
and change the domains to something like example.com and so on to obfuscate any
private information, verify with SpamAssassin -D that the problem still occurs,
then use the Create a New Attachment link in Bugzilla to upload it.

Comment 2 Daryl C. W. O'Shea 2007-05-17 20:15:20 UTC

It appears that the code is working as intended.  It looks for anything that
looks like a domain in any part of the URI and treats it as if it were a URI all
by itself.  This is how we find blacklisted domains (ab)using open redirectors.

Comment 3 Jason Haar 2007-05-17 20:22:57 UTC

So it's see "something.something" and that triggered it.

Nasty - I agree - how can that be fixed without breaking matching open proxies.

Oh well, we'll just have to live with it (more specifically other SA sites who
receive these emails will have to live with them)


Thanks - I'll mark WONTFIX

Jason