URL listed in img src

158 views
Skip to first unread message

Danilo Acquaviva

unread,
Jan 13, 2016, 9:37:24 AM1/13/16
to rspamd
Hi , 

I have a doubt about rspamd 1.1.0 . 

In previous versions of RspamD a URL listed in some surbl black list and in "img src" context was identified but this does'nt happens in 1.1.0

Example: 

y/1LpTtpG" target=3D"_blank"><img src=3D"http://treinamentoworkshop.com/e-m=
ba2/3001new.png" alt=3D"M=C3=A1rcio Miranda" width=3D"620" height=3D"324"><=
/a></td>

rspamc < spam.txt
Results for file: stdin (1.674 seconds)
[Metric: default]
Spam: false
Score: 10.43 / 60.00
Action: add header
Symbol: DMARC_POLICY_QUARANTINE (1.50)[lswx.com.br]
Symbol: R_DKIM_REJECT (1.00)[lswx.com.br]
Symbol: DBL_ABUSE_REDIR (1.50)[bit.ly.dbl.dnsbl]
Symbol: FUZZY_PROB (3.43)[2: 0.68 / 0.68, 2: 0.68 / 0.68]
Symbol: BAYES_SPAM (2.99)[99.99%]

Changing "img src" to "a href" to test:

<td width=3D"620" height=3D"19" bgcolor=3D"#000818"><a href=3D"http://bit.l=
y/1LpTtpG" target=3D"_blank"><a href=3D"http://treinamentoworkshop.com/e-m=
ba2/3001new.png" alt=3D"M=C3=A1rcio Miranda" width=3D"620" height=3D"324"><=
/a></td>

rspamc < spam.txt
Results for file: stdin (1.019 seconds)
[Metric: default]
Spam: false
Score: 29.93 / 60.00
Action: add header
Symbol: URIBL_BLACK (7.50)[treinamentoworkshop.com.uribl.dnsbl]
Symbol: BAYES_SPAM (2.99)[99.99%]
Symbol: DBL_SPAM (6.50)[treinamentoworkshop.com.dbl.dnsbl]
Symbol: R_DKIM_REJECT (1.00)[lswx.com.br]
Symbol: DBL_ABUSE_REDIR (1.50)[bit.ly.dbl.dnsbl]
Symbol: FUZZY_PROB (3.43)[2: 0.68 / 0.68, 2: 0.68 / 0.68]
Symbol: JP_SURBL_MULTI (5.50)[treinamentoworkshop.com.surbl.dnsbl]
Symbol: DMARC_POLICY_QUARANTINE (1.50)[lswx.com.br]

There is some way to check surbl as img src again or some config to re-enable this ? 

Thanks ! 




Vsevolod Stakhov

unread,
Jan 14, 2016, 7:45:45 AM1/14/16
to Danilo Acquaviva, rspamd, vsev...@highsecure.ru
Well, this was done to avoid polluting of messages by tonns of urls
that come from images. For example, twitter mails contain like
hundreds of images, each with its own unique URL. But your request
looks reasonable, I'll implement a feature to enable images scan for
certain uribl rule soon.
> --
> You received this message because you are subscribed to the Google Groups
> "rspamd" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rspamd+un...@googlegroups.com.
> Visit this group at https://groups.google.com/group/rspamd.

Vsevolod Stakhov

unread,
Jan 14, 2016, 8:32:40 AM1/14/16
to Danilo Acquaviva, rspamd
Added in
https://github.com/vstakhov/rspamd/commit/b22485f657c40c9b9fda9675d25c9294288c5732

Documentation is updated accordingly:
https://rspamd.com/doc/modules/surbl.html
--
Vsevolod Stakhov

Danilo Acquaviva

unread,
Jan 18, 2016, 11:25:20 AM1/18/16
to rspamd, dnl...@gmail.com
Hi, thanks for the implementation ! 

[]'s 
>>
>> Changing "img src" to "a href" to test:
>>
>> <td width=3D"620" height=3D"19" bgcolor=3D"#000818"><a href=3D"http://bit.l=
>> y/1LpTtpG" target=3D"_blank"><a href=3D"http://treinamentoworkshop.com/e-m=
>> ba2/3001new.png" alt=3D"M=C3=A1rcio Miranda" width=3D"620" height=3D"324"><=
>> /a></td>
>>
>> rspamc < spam.txt
>> Results for file: stdin (1.019 seconds)
>> [Metric: default]
>> Spam: false
>> Score: 29.93 / 60.00
>> Action: add header
>> Symbol: URIBL_BLACK (7.50)[treinamentoworkshop.com.uribl.dnsbl]
>> Symbol: BAYES_SPAM (2.99)[99.99%]
>> Symbol: DBL_SPAM (6.50)[treinamentoworkshop.com.dbl.dnsbl]
>> Symbol: R_DKIM_REJECT (1.00)[lswx.com.br]
>> Symbol: DBL_ABUSE_REDIR (1.50)[bit.ly.dbl.dnsbl]
>> Symbol: FUZZY_PROB (3.43)[2: 0.68 / 0.68, 2: 0.68 / 0.68]
>> Symbol: JP_SURBL_MULTI (5.50)[treinamentoworkshop.com.surbl.dnsbl]
>> Symbol: DMARC_POLICY_QUARANTINE (1.50)[lswx.com.br]
>> Urls: ["track-out.lswx.com.br","treinamentoworkshop.com","bit.ly"]
Reply all
Reply to author
Forward
0 new messages