Milter-greylist

On Thu, Jan 15, 2009 at 05:53:45AM +0100, manu@... wrote:
> Michael Mansour <mic@...> wrote:
> 
> > I use uribl to score emails in SA. What I'd like to do is just drop any emails
> > that exist in URIBL_BLACK (the blacklist category of uribl).
> > 
> > I'm looking for a way to do this and am wondering if milter-greylist can
> > do it?
> 
> You are talking about content filtering, right? If the message body
> contains http://www.evilmarket.com and evilmarket.com.somebl.com
> exists, then reject?
> 
> That could be implemented, but the difficult part is to deal with the
> numerous URL obfsucation scheme: in an HTML document, the URL could be
> constructed dynamically at run time using javascript. I don't think it
> is reasonable to embed a javascript engine in milter-greylist.
> 
> How does SpamAssassin do it, by the way?

As far as I remember, an URI in the following form:

   www(.)herbalviagra(.)cc


will pass all URI-blacklist checks in SpamAssassin. OTOH, that kind of
obfuscation will make most E-Mail clients ignore the URI as well.. and
while clicking a link is easy, copy-and-edit-and-paste is definitely a
tough job. :)



   Petar Bogdanovic