[Esd-l] ANN: Sanitizer update - 1.135 released
John D. Hardin
jhardin at impsec.org
Sun May 26 22:12:01 PDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The procmail sanitizer has been updated. The current version is 1.135
It is available via:
US/WA: http://www.impsec.org/email-tools/procmail-security.html
US/FL: http://stonewall.lbhs.net/~jhardin/email-tools/procmail-security.html
EU/NO: http://jhardin.oftedal.no/email-tools/procmail-security.html
EU/NL: http://kanon.net/~jhardin/email-tools/procmail-security.html
AU: http://grebopple.accessunited.com.au/email-tools/procmail-security.html
AU: http://impsec.fuzzitech.net/email-tools/procmail-security.html
Direct links to the current tarball:
US/WA: http://www.impsec.org/email-tools/procmail-sanitizer.tar.gz
US/FL: http://stonewall.lbhs.net/~jhardin/email-tools/procmail-sanitizer.tar.gz
EU/NO: http://jhardin.oftedal.no/email-tools/procmail-sanitizer.tar.gz
EU/NL: http://kanon.net/~jhardin/email-tools/procmail-sanitizer.tar.gz
AU: http://grebopple.accessunited.com.au/email-tools/procmail-sanitizer.tar.gz
AU: http://impsec.fuzzitech.net/email-tools/procmail-sanitizer.tar.gz
- From the changelog:
05/26/2002 (1.135)
Smarten $SECURITY_NOTIFY_SENDER up to reduce spoofing by forged
headers; disable this by setting $SECURITY_DISABLE_SMART_REPLY to
any value; side-effect is the sender address is now taken from the
Return-Path: header instead of the From: header.
Add original message headers to sender notification message.
Allow override of FROM address on notifications; set
$SECURITY_LOCAL_POSTMASTER to the address to use, e.g.
"abuse at myrootdomain.com".
Set envelope FROM address so bounced notifications go to admin rather than
user; this is done in the default $MTA_FLAGS_HDRS so if you
override that you'll want to make sure you use the appropriate flags in
your custom command line.
Option to notify abuse@ in addition to postmaster@ at sender domain; set
$SECURITY_NOTIFY_SENDER_ABUSE to any value to enable.
Refine active-HTML defanging a bit in response to a bugtraq post.
Improve detection of obscured HTML tags.
Option to specify quarantine lockfile; set
$SECURITY_QUARANTINE_LOCKFILE to a full path-and-filename
writable by all users (e.g. "/var/tmp/quarantine.lock").
Option to log poisoned Message-IDs to a file; set
$SECURITY_MSGID_LOG to a full path-and-filename writable by
all users (e.g. "/var/tmp/msgid.log").
Properly enquote unquoted attachment filenames that have embedded semicolons.
Minor cosmetic changes to log messages.
Fix the "Extraneous deliver-head flag ignored" booboo.
The sanitizer home page is at
http://www.impsec.org/email-tools/procmail-security.html
The archive of the sanitizer discussion list is at
http://www.spconnect.com/mailman/listinfo/esd-l
-----BEGIN PGP SIGNATURE-----
Version: PGP 5.0
Charset: noconv
iQA/AwUBPPGv89gi5ua4cy55EQKIywCfaJ+ryv9yfjFtfflbNIcNiJqNtmEAoKYX
Myv53Mrg/h/OvEwg1IB/z9HX
=dRtP
-----END PGP SIGNATURE-----
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"To disable the Internet to save EMI and Disney is the moral
equivalent of burning down the library of Alexandria to ensure the
livelihood of monastic scribes."
-- John Ippolito of the Guggenheim
-----------------------------------------------------------------------
362 days until The Matrix Reloaded
More information about the esd-l
mailing list