DNSBL -Bset:URL mode

Vernon Schryver vjs@calcite.rhyolite.com
Mon Nov 29 14:33:36 UTC 2010


> From: Kostik <koc@fax.ru>

> Yes, I'm talking about 8-bit encoded message:

> Content-Type: text/html;charset=koi8-r
> Content-Transfer-Encoding: 8bit
>
> http://??????.??
> ---
> In the real world such messages are exist.

What happens when you try to use a link like that?   Does your mail
user agent (MUA) convert the 8-bit binary name to Punycode?
If not, why is your DNS resolver willing to try to resolve it?  
I assume some MUAs and DNS resolvers are broken and try to handle 
bad URLs like that or the bad guys would not send messages like that.
Or perhaps the targets of the messages are intended to manually type
the non-ASCII characters into the location bars of web browsers and
the web browsers convert to Punycode.

>                                            Is it possible to somehow encode
> such domains in Punycode and only then use DNSBL?
>
> Now this situation in the logs looks like this:
> ---
> DNSBL helper URL \208\210\201\215\197\212.\210\198
> gethostbyname(\208\210\201\215\197\212.\210\198.dbl.spamhaus.org): Unknown
> host\n

That looks like a bug the the dccproc/dccifd/dccm code that detects
URLs.  The code should either realize that the 8-bit string is not
an HTTP URL and ignore it or the code should convert to Punycode
before checking DNSBLs.   Ignoring would be easier.


> > That might be a bug.  What was complete %-encoded URL in the mail message?

> <a
> href="http://grand-ptc.ru">go</a>


thanks,

Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.