[Esa-l]Help with hybris getting thru filters
Rick Thompson
rthompson at motleypc.com
Wed Jun 6 13:45:30 PDT 2001
I worked around the problem by changing
:0
> * ^(From|Message-ID|Sender):
to
:0
> * ^(From|Sender):
Anybody think this will have unintended results? My intention is to bypass
the filters for internal mail.
-----Original Message-----
From: esa-l-admin at spconnect.com [mailto:esa-l-admin at spconnect.com]On
Behalf Of Joe Steele
Sent: Wednesday, June 06, 2001 4:32 PM
To: 'Rick Thompson'
Cc: Email Security Announce list
Subject: RE: [Esa-l]Help with hybris getting thru filters
As I understand things (someone can correct me if I'm wrong):
The return-path header is usually tacked on when final delivery
is made. It's created from the envelope sender address.
Chances are that "oemcomputer ([206.99.228.55])" used any empty
envelope sender address which was translated by your sendmail
configuration into MAILER-DAEMON at prometheus.motleypc.com.
Empty envelope sender addresses are typically used by servers
when they must return undeliverable mail. This prevents mail
loops.
Messages can be sent without a Message-ID header. In fact, I
think you can pass a message to most SMTP servers without any
headers at all. Most servers (including yours) are configured
to create certain headers (such as Message-ID and Date) if they
are missing.
In this case, "oemcomputer ([206.99.228.55])" didn't provide a
message-id or a date header, so your server created them.
--Joe
-----Original Message-----
From: Rick Thompson [SMTP:rthompson at motleypc.com]
Sent: Wednesday, June 06, 2001 10:09 AM
To: Angus Lees
Cc: Email Security Announce list
Subject: RE: [Esa-l]Help with hybris getting thru filters
Ok....things are becoming a little clearer.
The actual email header:
Return-Path: <MAILER-DAEMON at prometheus.motleypc.com>
Received: from oemcomputer ([206.99.228.55])
by prometheus.motleypc.com (8.11.0/8.11.0/SuSE Linux 8.11.0-0.4) with SMTP
id f55CTwA07640
for <gmcallister at motleypc.com>; Tue, 5 Jun 2001 08:29:58 -0400
Date: Tue, 5 Jun 2001 08:29:58 -0400
Message-Id: <200106051229.f55CTwA07640 at prometheus.motleypc.com>
From: Hahaha <hahaha at sexyfun.net>
Subject: Snowhite and the Seven Dwarfs - The REAL story!
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--VEVSXIB"
To: undisclosed-recipients:;
X-UIDL: fdefb34e8bfa370e00c24fc7e92ac0a7
Anybody with a guess as to thy the return-path is my own mail server? The
mail message got an internal messageid which let it bypass the filter. Why
didn't this get the messageid from the mailserver it originated from?
_______________________________________________
E-mail Security Announce list mailing list
E-mail Security Announce list at spconnect.com
http://www.spconnect.com/mailman/listinfo/esa-l
More information about the esd-l
mailing list