OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Bennett Todd (betrahul.net)
Date: Mon Jan 08 2001 - 12:18:44 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    2001-01-08-13:02:00 Kevin Wormington:
    > Perhaps my terms of header and envelope are confused. When I
    > say header I'm referring to the information looked at by the
    > smtp (mta) and what I'm calling the envelope is the information
    > apparently ignored by an mta.

    Well, you're using the terms exactly backwards to how they're used
    in this area; email server admins use "envelope" to refer to the
    part the MTA acts on, that's passed in the RCPT FROM and MAIL TO
    commands of the SMTP dialogue, and "header" to refer to the part
    containined within the message DATA --- "To:", "Cc:", and other
    such, which the MTA does not act on.

    What you're asking for is the ability to check the message header
    fields --- To and Cc --- to make sure they contain the valid
    address, i.e. outlawing Blind Carbon Copies (Bcc). As you rightly
    point out, this then places you in the position of having to
    maintain a list of all mailing lists, since they always Bcc their
    receipients.

    What I'd recommend you do is pursue this in the local delivery
    agent, since it easily supports per-user configuration. If you were
    to use procmail as the system-wide local delivery agent, you could
    put an /etc/procmailrc that reads

            :0 fwh
            * ! ^TO_$LOGNAME$HOSTNAME$
            | formail -A X-Spam-Info: bcc

    Then users who wanted to discard suspected spam according to the
    rule "if it's Bcc-ed to me, and it's not mailing list traffic, it
    must be spam" could filter their mailing lists out into one or more
    inboxes first, then have, right before the final (possibly default)
    disposition of delivering to the inbox, a last check

            :0
            * ^X-Spam-Info: bcc
            /dev/null

    to toss the non-mailing-list Bccs. This puts the job of maintaining
    the list of all mailing lists in the only place it can possibly be
    done, in per-user config.

    -Bennett

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.4 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQE6WgSEHZWg9mCTffwRApx1AJ4zVIwuq32VuicTAYPdcqlmr5eoJACggDpe
    N6gJuexlaniD6iPI0Vvw/ug=
    =zVpn
    -----END PGP SIGNATURE-----