Re: [exim] Lookups for blacklisted links within messages

Top Page
Delete this message
Reply to this message
Author: Steve Kemp
Date:  
To: exim-users @ exim. org
Subject: Re: [exim] Lookups for blacklisted links within messages
On Tue Feb 03, 2009 at 20:49:58 +0000, Martin A. Brooks wrote:

> If it were possible, http://how.would.you.com/ deal with
> http://people.deliberately.co.uk/ seeding emails with
> http://non-existant.domains.com/ and thus DoSing your server while it's
> wating for http://dns.timeouts.cx/ ?


In general it works well, because people don't often maliciously
poison their messages.

You're right about timeouts though - this is the log from one message
I tested earlier today:

URIBL: checking sub-host imsantv47.netvigator.com
URIBL: checking sub-host timezone8.biglist.com
...
URIBL: checking sub-host www.eset.com
...
uribl: listed in multi.uribl.com: rejected, see
http://lookup.uribl.com/?domain=xxxx.com
81 lookups finished in 30.00 sec (1 match)

81 URLs in one message. That's the most today, but I've certainly
seen higher. Now that I've thought about it I should probably
randomize the order and only test the first 32 or so.

Unfortunately I don't think this would be a trivial thing to
do in exim - I do it externally.

Steve
--