Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLD (.com) appended to "undefined" hosts, causing URIBL_BLACK to trigger #687

Closed
stefan-popescu opened this issue Apr 15, 2024 · 3 comments
Closed

TLD (.com) appended to "undefined" hosts, causing URIBL_BLACK to trigger #687

stefan-popescu opened this issue Apr 15, 2024 · 3 comments
Labels
question

Comments

@stefan-popescu
Copy link

We found that all emails from a fintech company were triggering SpamAssassin's URIBL_BLACK. We reviewed the email content and checked every single URI, but none were listed at https://uribl.com

Upon further investigation, we found that references to an "undefined" URL in their email code were causing the false-positives by triggering URIBL_BLACK for undefined.com, which at the time of our investigation was blacklisted at https://uribl.com . Here's the exact code causing the false positive:

uri-defined-in-email-code

Here's the URIBL_BLACK rule being triggered:

MailScanner-SpamCheck

We've contacted URIBL and they've suggested that our scanner software has to be appending a .COM to host parts that don't have a TLD. To mitigate this issue, they have delisted undefined.com in the meantime, so it may no longer be possible to reproduce this issue exactly.

We have reported this issue to ConfigServer (because we're using MailScanner Front-End), but they believe it could be related to MailScanner, reason why I'm reporting this as a possible bug here.

To Reproduce
Steps to reproduce the behavior:

  1. Send an email with a static element that links to http:undefined.
  2. Check the MailScanner SpamCheck header if URIBL_BLACK was triggered.

Note: Since URIBL have delisted undefined.com from their database, this issue will no longer be reproduceable for undefined. A different word of which .COM domain is blacklisted would be necessary. Maybe one from this page? https://uribl.com/gold.shtml

We're not 100% sure if this issue is related to MailScanner, but it was the last possible point of failure in our investigation.

Thank you for your attention.
@github-actions GitHub Actions
Copy link

Thank you for submitting your first issue to MailScanner! We will respond to you soon!

@Skywalker-11
Copy link
Contributor

http:undefined is not a valid css URL as http is a special URL that requires to be followed by ://.
An url to an invalid resource should per css standard contain an empty URL url("") instead.

So the sender should have made their mails standard conform 😉

@shawniverson shawniverson added bug and removed bug labels Apr 18, 2024
@shawniverson
Copy link
Member

I was going to flag this as a bug then immediately realized that that message is being passed from MailScanner to SpamAssassin as-is. MailScanner is not modifying the url prior to feeding the message to SpamAssassin.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stefan-popescu @shawniverson @Skywalker-11