Beta release 4.61.4
Steven Andrews
sandrews at andrewscompanies.com
Tue Jun 26 23:46:35 IST 2007
It's not the concept of the watermarking, but the hash method that's the issue here? If so, let's just come up with a better way to create the hash...
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Julian Field
Sent: Tuesday, June 26, 2007 5:14 PM
To: MailScanner discussion
Subject: Re: Beta release 4.61.4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This code has had to be removed, due to potential patent problems in the USA. I don't want to distribute different copies of MailScanner for US and non-US markets, and have no way of controlling who gets what version.
So it's gone and it ain't coming back.
Sorry guys.
If you want to read about how it works, look up
http://en.wikipedia.org/wiki/HMAC
.
- --[ UxBoD ]-- wrote:
> It is a difficult one Jules. More constants have to be included in
> the hash, that are also very difficult to spoof. I have having a look
> at the RFC to see what I can come up with.
>
> On Tue, 26 Jun 2007 19:51:17 +0100, Julian Field
> <MailScanner at ecs.soton.ac.uk> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Quite possibly. Can you see any way around this problem?
>>
>> - --[ UxBoD ]-- wrote:
>>
>>> Another question :) If you were to send a email to a mailing list,
>>> like this one, could a spammer extract the watermark and spoof the
>>> to and
>>>
>> from
>>
>>> address to bypass MailScanner ?
>>>
>>> On Tue, 26 Jun 2007 14:06:48 -0400, DAve <dave.list at pixelhammer.com>
>>>
>> wrote:
>>
>>>
>>>
>>>> Daniel Maher wrote:
>>>>
>>>>
>>>>>> 4 Added new feature (thanks to Matt Hampton for this) to skip the
>>>>>>
>> spam
>>
>>>>>> checks
>>>>>> on a message if it is a reply to one of your own messages. This
>>>>>> is known as
>>>>>> "watermarking" a message. There are 4 new configuration settings:
>>>>>> Add Watermark = yes
>>>>>> Skip Spam Checks If Watermark Valid = yes
>>>>>> Watermark Secret = SOMETHING-SECRET!
>>>>>> Watermark Lifetime = 2419200 # = 4 weeks
>>>>>>
>>>>>>
>>>>> Does this result in the addition of a header or something? Is
>>>>> there
>>>>>
>>>>>
>>>> detailed technical documentation available for this new feature?
>>>>
>>>> The big question is the LifeTime. Is MailScanner caching the watermark?
>>>> IF so can that cache be shared? We have multiple incoming MS
>>>> servers, and multiple outgoing SMTP servers.
>>>>
>>>> If possible I am sure we can Ruby something up to add the watermark
>>>> on the outbound servers and pass that information to the MXs.
>>>>
>>>> DAve
>>>>
>>>>
>>>>
>>>>> --
>>>>> _
>>>>> °v° Daniel Maher
>>>>> /(_)\ Administrateur Système Unix
>>>>> ^ ^ Unix System Administrator
>>>>>
>>>>> "The most incomprehensible thing about the world is that it is
>>>>>
>>>>>
>>>> comprehensible." -- Albert Einstein.
>>>>
>>>>
>>>> --
>>>> Three years now I've asked Google why they don't have a logo change
>>>> for Memorial Day. Why do they choose to do logos for other
>>>> non-international holidays, but nothing for Veterans?
>>>>
>>>> Maybe they forgot who made that choice possible.
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>> --
>>>> This message has been scanned for viruses and dangerous content by
>>>> MailScanner, and is believed to be clean.
>>>>
>>>>
>> Jules
>>
>> - --
>> Julian Field MEng CITP
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> MailScanner customisation, or any advanced system administration help?
>> Contact me at Jules at Jules.FM
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For
>> all your IT requirements visit www.transtec.co.uk
>>
>>
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP Desktop 9.6.2 (Build 2014)
>> Charset: UTF-8
>>
>> wj8DBQFGgWAnEfZZRxQVtlQRAoaXAKCFJGH05XzWPOisIIJbzMDI93R+6wCfUKpZ
>> MNsVDuaq7B4WvueOwWD2oD4=
>> =79kM
>> -----END PGP SIGNATURE-----
>>
>> --
>> This message has been scanned for viruses and dangerous content by
>> MailScanner, and is believed to be clean.
>> For all your IT requirements visit www.transtec.co.uk
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>>
Jules
- --
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
Charset: UTF-8
wj8DBQFGgYF+EfZZRxQVtlQRAnpYAJ90tlBKw7gYO0zqNRWe+8fSPte/RACgvFQA
pSj/HFbqMVAmAwMHeyn89Y0=
=shnH
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
For all your IT requirements visit www.transtec.co.uk
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list