[Esa-l]Special handling of local mail [was: Help with hybris getting thru filters]

John D. Hardin jhardin at impsec.org
Thu Jun 7 19:05:15 PDT 2001 

On Thu, 7 Jun 2001, Rick Thompson wrote:

> Ok....I follow this logic.  So I need to have a special case
> MANGLE_EXTENSIONS, just for internal mail, and let all mail be
> filtered.  I don't have a problem filtering internal mail, but I
> don't want to mangle extensions on M$ Office files (yeah I know
> its prob a bad idea).  Everything else would be the same as
> external mail.  But I don't want to let these spoofed headers/no
> header messages slip thru either.

Exactly correct.

> So the question is what do I key the special case from if I can't
> use messageid or sender?

Well, let's take a look at your internal mail system...
 
> Typical Internal mail header:
> 
> Return-Path: <ssunderman at motleypc.com>
> Received: from ssunderman (ssunderman.motleypc.com [192.168.1.26])
> 	by prometheus.motleypc.com (8.11.0/8.11.0/SuSE Linux 8.11.0-0.4) with SMTP
> id f56KmOZ05956
> 	for <rthompson at motleypc.com>; Wed, 6 Jun 2001 16:48:24 -0400
> From: "Steve Sunderman" <ssunderman at motleypc.com>
> To: "Rick Thompson" <rthompson at motleypc.com>
> Subject: RE: Ellis Hall Millwork
> Date: Wed, 6 Jun 2001 16:56:13 -0400
> Message-ID: <NCBBJKBNCJNJBOCLCDEICEPHCPAA.ssunderman at motleypc.com>

I would suggest something like the following:

SECURITY_STRIP_MSTNEF=Y

:0
* ^Received: from [a-z0-9\.]+ \([a-z0-9\.]\.motleypc\.com \[192\.168\.1\.[0-9]+\]\) by prometheus.motleypc.com
{
   MANGLE_EXTENSIONS='looser list'
   SECURITY_STRIP_MSTNEF=
   etc...
}

Looking for your domain name and IP address as the source of the
message in a Received header should positively identify the message as
being locally originated. In order for this to be forged someone
would pretty much have to do it by hand.

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  An entitlement beneficiary is a person or special interest group
  who didn't earn your money, but demands the right to take your
  money because they *want* it.
                                  -- John McKay, _The Welfare State:
                                     No Mercy for the Middle Class_
-----------------------------------------------------------------------
   1244 days until the Presidential Election

More information about the esd-l mailing list