Bill Landry wrote:
> I've posted a short pharma spam message to:
>
> http://www.inetmsg.com/spam.txt
>
> and debug output to:
>
> http://www.inetmsg.com/sa-debug.txt
>
> It displays a single URI linked line in an e-mail client that only
> displays: "Please visit our shop." There seems to be something about
> the URI in the message that allows it to bypass all URIBL testing by
> SpamAssassin.
>
> The domain is listed in the following URIBLs:
>
> URIBL_JP_SURBL
> URIBL_OB_SURBL
>
> dig canadiansitetable.com.multi.surbl.org +short
> 127.0.0.80
>
> and URIBL_BLACK
>
> dig canadiansitetable.com.multi.uribl.com +short
> 127.0.0.2
>
> Yet there were no URIBL hits. The message scored high and was tagged as
> spam, but I'm just curious as to what it is about this message that
> allowed it to bypass all SA URIBL tests?
>
> I'm running spamassassin -V
> SpamAssassin version 3.2.5
> running on Perl version 5.8.8
>
> And in case you're wondering, I'm not using the shortcircuit plugin.
>


looks like a bug. it looks like in
'.... http://uri....'
the uri isn't detected (aka quoted-string).

In the message, the URI is insisde quoted (the one in "You'll" and the
one in "don't"). if you remove one of the quotes or if you break the
line so that they aren't in the same line, the URI is detected.