As discussed on mailing list. Opening this to investigate what kinds of crap end up in uri lists especially with the schemeless uri parser.

[a-z\d][a-z\d._-]{0,251}\.${tldsRE}

Seems a bit simple since it can match anything like a "1-------------------------------------------------------------------------------------------------------------.com".

Perhaps check hostname validity more carefully, characters, individual part length (<64) etc.


On Mon, Nov 05, 2018 at 02:44:29PM +0000, RW wrote:
> On Sun, 04 Nov 2018 19:28:02 -0500
> Bill Cole wrote:
>
> > On 4 Nov 2018, at 16:27, Henrik K wrote:
> >
> > > Can someone actually register and use a domain with underscore in
> > > it?
> >
> > No.
> >
> ...
> > I support the concept of not treating domain-name-like strings that
> > are not valid hostnames as if they are URI domain-parts. That would
> > mean anything with an underscore. It MIGHT be more prudent to exempt
> > leading-underscore labels, as those can be legal domain names that
> > could have CNAME or DNAME records mapping them to working hostnames.
>
> I created an A-record at Namecheap for a_b.mydomain.tld and
> neither firefox nor chromium had a problem with it.
>
> I think the ideal would be to allow underscores when parsing-out domain
> names and then discard anything with an underscore in the registered
> part.

I've applied this to trunk.  Since it's mainly problem with unnecessary
URIBL queries, that's what I've patched for now.  Need to ponder if it's ok
to filter completely out of get_uri_detail_list internals.


Sending        lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
Transmitting file data .done
Committing transaction...
Committed revision 1845807.