[Mimedefang] Re: Filesystem based greylisting URL
Chris Myers
chris at by-design.net
Mon Aug 30 15:21:23 EDT 2004
----- Original Message -----
From: <Matthew.van.Eerde at hbinc.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Monday, August 30, 2004 1:56 PM
Subject: RE: [Mimedefang] Re: Filesystem based greylisting URL
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Atanas wrote:
> > On Fri, 27 Aug 2004, David F. Skoll wrote:
> > > MAIL FROM:<foo///../../../../../../../../etc/mischief at domain.net>
>
> > > Slashes should be already taken care of ($file =~ s/\///g;).
Instead of taking the user-provided e-mail address, which could contain
unsafe characters, how about using a SHA1 hash of the e-mail address string
instead (in hex)? That gives you a case-insensitive, and totally safe
filename to use.
use Digest::SHA1;
my $filename = Digest::SHA1->new->add($sender)->hexdigest;
Chris Myers
Networks By Design
More information about the MIMEDefang
mailing list