[Mimedefang] X-Scanned-By Header
David F. Skoll
dfs at roaringpenguin.com
Thu Aug 29 21:29:01 EDT 2002
On Thu, 29 Aug 2002, Rich West wrote:
> This may sound a bit paranoid, but it is possible, with 2.19, to disable
> the addition of that additional header?
Certainly, if you don't mind editing C code. :-) The software is GPL'd.
Just remove line 1114 of mimedefang.c and recompile.
> but, let's just play devil's
> advocate here, what if some security hole/buffer underrun/buffer
> overrun/etc was discovered in MIMEDefang (not that that would ever
> happen.. this code is perfect, no? ;-) ). Then, all some would-be
> hacker would need would be the header information which is happily
> advertised...
True. But look at it this way:
1) If you run MIMEDefang as "defang" and not root, the consequences of
a buffer overrun are not catastrophic.
2) Spammers already send spam cheaply all over the place. If a hole
is discovered in MD, I (if I were a black hat) would simply spam
anyone and everyone with the exploit, and collect 0wned machines...
3) To see the header, the black hat would have had to receive e-mail
which passed through your machine. You can't simply probe machines
at random for the presence of MIMEDefang. [1]
However, if enough people express interest, I'll make a command-line
switch to turn off this header.
--
David.
[1] Although there are some tricks you might be able to do to force mail
to be relayed through an MD machine, like sending mail to someone you
know has an out-of-office auto-reply, or sending mail to a nonexistent
address where you know the network uses an MD filter in front of the
real mail server.
More information about the MIMEDefang
mailing list