MailScanner feature request

[Julian Field]

At 17:47 01/07/2003, you wrote:
>Julian Field <mailto:mailscanner at ECS.SOTON.AC.UK> wrote:
> > This opens it up to loads of nasty network attacks, requires a huge
> > amount of code and doesn't really provide you with much more than you
> > can get from cat-ing the configuration files. For things like
> > rulesets, you would only be able to see the compiled version of the
> > rules anyway, which most "normal people" can't understand anyway.
>
>I had no idea such effort was involved, I thought it would be as easy as
>how you describe it with iptables.

As soon as you listen on a port, you are dealing with the outside world
which is a very nasty place. This is one of the major reasons MailScanner
doesn't get involved with SMTP service or message delivery.

Even iptables has to do some of this, but I bet you could kill it if you
sent it nasty enough instructions. Not many apps are 100% bullet-proof. It
is very easy to do it very badly, and very hard to do it 100% right. Look
at all the vulnerabilities that are discovered in applications everyday.

So far (touch wood) MailScanner has only appeared in Bugtraq twice. Both
occasions were for vulnerabilities that I discovered first (and documented)
and there were never any reports of either of these ever being exploited by
anyone. I let everyone else do the hard stuff :-)

One of the standard tests I do on undergraduate courseworks that process
input from the user is to feed the Linux kernel to it and see if their code
handles it neatly.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support