MailScanner feature request

Julian Field mailscanner at
Tue Jul 1 18:01:13 IST 2003

At 17:47 01/07/2003, you wrote:
>Julian Field <mailto:mailscanner at ECS.SOTON.AC.UK> wrote:
> > This opens it up to loads of nasty network attacks, requires a huge
> > amount of code and doesn't really provide you with much more than you
> > can get from cat-ing the configuration files. For things like
> > rulesets, you would only be able to see the compiled version of the
> > rules anyway, which most "normal people" can't understand anyway.
>I had no idea such effort was involved, I thought it would be as easy as
>how you describe it with iptables.

As soon as you listen on a port, you are dealing with the outside world
which is a very nasty place. This is one of the major reasons MailScanner
doesn't get involved with SMTP service or message delivery.

Even iptables has to do some of this, but I bet you could kill it if you
sent it nasty enough instructions. Not many apps are 100% bullet-proof. It
is very easy to do it very badly, and very hard to do it 100% right. Look
at all the vulnerabilities that are discovered in applications everyday.

So far (touch wood) MailScanner has only appeared in Bugtraq twice. Both
occasions were for vulnerabilities that I discovered first (and documented)
and there were never any reports of either of these ever being exploited by
anyone. I let everyone else do the hard stuff :-)

One of the standard tests I do on undergraduate courseworks that process
input from the user is to feed the Linux kernel to it and see if their code
handles it neatly.
Julian Field
Professional Support Services at
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list