"Remove These Headers" in MailScanner.conf
Greg Matthews
gmatt at nerc.ac.uk
Fri Oct 31 08:41:30 GMT 2008
Jerry wrote:
> On Thu, 30 Oct 2008 15:46:11 +0000
> "Martin.Hepworth" <martinh at solidstatelogic.com> wrote:
>> What do other folk think?
>
> Personally, unless I was setting the server up for my exclusive use, I
> would not want to block any of those headers by default. I am sick of
> software making arbitrary decisions on what I should or should not view
> or do. Unless it is a security problem, the sanitizing of email
> headers, content, etc should be left up to the end user. Offering the
> user the tools to do so is fine as long as they are not turned on by
> default.
except there is a security problem. The point is that spammers are using
delivery/read receipts to verify their address lists. Verified lists
then become much more valuable.
Also, there appears to be a bug in Outlook that will send receipts in
certain circumstances even when configured not to. This was recently
discussed on uk-mail-managers:
"We're currently migrating to Exchange 2007 and came across this a
couple of days ago. There seems to be a bug in Outlook whereby if you
access your email account using IMAP and delete a message that requests
a read receipt, when Outlook next notices the message has vanished it
generates the "Not Read" response back to the sender. This is
irrespective of whether the user has chosen to respond to delivery
receipts or not. We've also noticed the behaviour when Messaging Records
Management deletes emails on the server.
....
We've logged a support case with MS, we'll see if we get a sensible
response..."
> Case in point, at one time, perhaps even now, Google was blocking ZIP
> files that contained 'exe' files. They were also blocking encrypted
> files too. It did not take me long before I realized that I did not
> need a Nazi censoring my mail.
you lose. See Godwin's Law.
GREG
>
> Just my 2¢.
>
>
--
Greg Matthews 01491 692445
Head of UNIX/Linux, iTSS Wallingford
--
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.
More information about the MailScanner
mailing list