|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Patch 20030804: Header/body check action documentation [was: Filter Actions]
From: *Hobbit* (hobbit
avian.org)
Date: Fri Aug 08 2003 - 03:16:32 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Is anyone actually USING "IGNORE" in any of their header/body checks?
> If so, how?
Are you kidding?? It's an absolute godsend. For starters, how about
/^return-rec[ei][ei]pt/
/^notice..*deliver..*to:/
/notification-to:/
in header_checks, to zap all that privacy-invading delivery-notice
crap, or
+src *= *"*https*://+
to suppress the NUMEROUS web-bugs contained in both spam and legitimate
mail these days which nonetheless cause unintended interaction with
the outside world. ... oh, and how about common [and not multi-line
obfuscated] scripting attempts, NONE of which should appear in email
but are often put in by bloatware MUAs without the sender's knowledge..
/^< *\/*script/
/[> ]< *\/*script/
/^< *\/*embed/
/[> ]< *\/*embed/
you get the idea. It's tempting to flush reply-tos as well in many
cases, but the jury is still out on the usefulness of those.
But this is a very partial [and hopefully not too naive in some cases]
example of why IGNORE is really useful, especially when you can't just
REJECT everything in question but you know that there are certain
components that you really don't want to reach the end user's
browser-based hair-trigger-response-to-any-content desktop. Sure,
their mail might look a little funny sometimes, but they're a lot
safer for it.
A while back I added a patch to recognize a STRIP action, which
is simply IGNORE that syslogs what it's flushing.
_H*
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]