Re: Forged Delivered-To header

From: Victor Duchovni (no email)
Date: Fri Sep 08 2006 - 09:32:48 EDT

  • Next message: Clodoaldo Pinto: "Re: Can't make postfix reload virtual.db"

    On Thu, Sep 07, 2006 at 07:25:37PM -0400, Wietse Venema wrote:

    > It would not be much better than a plaintext prefix or suffix.
    > Once a valid delivered-to header falls into the hands of an attacker,
    > it can be reused. If you bind the delivered-to with a crypto hash
    > over the entire message, then you can no longer stop delivery loops
    > through a system that munges mail. If you bind the delivered-to
    > with a time stamp, then you can no longer stop slow delivery loops.

    One could sign the message-id, then if an attack is using a particular
    message-id, one can discard matching messages. Not really seriously
    suggesting this unless it proves necessary...

    -- 
    	Viktor.
    Disclaimer: off-list followups get on-list replies or get ignored.
    Please do not ignore the "Reply-To" header.
    To unsubscribe from the postfix-users list, visit
    http://www.postfix.org/lists.html or click the link below:
    <mailto:?body=unsubscribe%20postfix-users>
    If my response solves your problem, the best way to thank me is to not
    send an "it worked, thanks" follow-up. If you must respond, please put
    "It worked, thanks" in the "Subject" so I can delete these quickly.
    

  • Next message: Clodoaldo Pinto: "Re: Can't make postfix reload virtual.db"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD