Beta release 4.61.4
--[ UxBoD ]--
uxbod at splatnix.net
Tue Jun 26 20:15:12 IST 2007
It is a difficult one Jules. More constants have to be included in the
hash, that are also very difficult to spoof. I have having a look at the
RFC to see what I can come up with.
On Tue, 26 Jun 2007 19:51:17 +0100, Julian Field
<MailScanner at ecs.soton.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Quite possibly. Can you see any way around this problem?
>
> - --[ UxBoD ]-- wrote:
>> Another question :) If you were to send a email to a mailing list, like
>> this one, could a spammer extract the watermark and spoof the to and
> from
>> address to bypass MailScanner ?
>>
>> On Tue, 26 Jun 2007 14:06:48 -0400, DAve <dave.list at pixelhammer.com>
> wrote:
>>
>>> Daniel Maher wrote:
>>>
>>>>> 4 Added new feature (thanks to Matt Hampton for this) to skip the
> spam
>>>>> checks
>>>>> on a message if it is a reply to one of your own messages. This is
>>>>> known as
>>>>> "watermarking" a message. There are 4 new configuration settings:
>>>>> Add Watermark = yes
>>>>> Skip Spam Checks If Watermark Valid = yes
>>>>> Watermark Secret = SOMETHING-SECRET!
>>>>> Watermark Lifetime = 2419200 # = 4 weeks
>>>>>
>>>> Does this result in the addition of a header or something? Is there
>>>>
>>> detailed technical documentation available for this new feature?
>>>
>>> The big question is the LifeTime. Is MailScanner caching the watermark?
>>> IF so can that cache be shared? We have multiple incoming MS servers,
>>> and multiple outgoing SMTP servers.
>>>
>>> If possible I am sure we can Ruby something up to add the watermark on
>>> the outbound servers and pass that information to the MXs.
>>>
>>> DAve
>>>
>>>
>>>> --
>>>> _
>>>> °v° Daniel Maher
>>>> /(_)\ Administrateur Système Unix
>>>> ^ ^ Unix System Administrator
>>>>
>>>> "The most incomprehensible thing about the world is that it is
>>>>
>>> comprehensible." -- Albert Einstein.
>>>
>>>
>>> --
>>> Three years now I've asked Google why they don't have a
>>> logo change for Memorial Day. Why do they choose to do logos
>>> for other non-international holidays, but nothing for
>>> Veterans?
>>>
>>> Maybe they forgot who made that choice possible.
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>> --
>>> This message has been scanned for viruses and dangerous content by
>>> MailScanner, and is
>>> believed to be clean.
>>>
>
> Jules
>
> - --
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> For all your IT requirements visit www.transtec.co.uk
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.2 (Build 2014)
> Charset: UTF-8
>
> wj8DBQFGgWAnEfZZRxQVtlQRAoaXAKCFJGH05XzWPOisIIJbzMDI93R+6wCfUKpZ
> MNsVDuaq7B4WvueOwWD2oD4=
> =79kM
> -----END PGP SIGNATURE-----
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
--
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
--
This message has been scanned for viruses and dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list