[Mimedefang] Watermarking locally submitted messages [was: Mimedefang/logwatch interaction]
David F. Skoll
dfs at roaringpenguin.com
Wed Feb 21 14:38:55 EST 2007
Philip Prindeville wrote:
> And then in filter_begin() we could test for the
> presence of this line, if it's present and contains
> the correct value, then we accept the message with no
> further filtering...
That would work.
An alternative method that doesn't require modifying submit.cf
(pseudocode):
IF source address != 127.0.0.1 THEN
IF we are re-mailing for any reason THEN
ADD an X-MIMEDefang-Remailed: magical-gibberish-header to the remailed msg
ENDIF
ELSE
IF Message has our magical X-MIMEDefang-Remailed: header THEN
# It was remailed... filter as usual
REMOVE the X-MIMEDefang-Remailed: header
ELSE
# It is locally-submitted. Do not filter
ENDIF
ENDIF
That way, if the header leaks out, it only permits an attacker to
make you handle his message *more aggressively* than usual.
Regards,
David.
More information about the MIMEDefang
mailing list