[Esd-l] PATCH: smarter reply suppression
John D. Hardin
jhardin at impsec.org
Fri Jan 30 10:55:03 PST 2004
All:
The current smart-reply-suppression code is subject to spoofing (as
amply illustrated by NovArg).
Attached is a patch that makes the smart reply suppression a little
smarter (smart enough to not be spoofed by NovArg at least).
Please consider applying the patch to help reduce the second-order
effects from this beastie.
Thanks.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
64 days until the Slovakian Presidential Election
-------------- next part --------------
*** html-trap.procmail 2003-09-07 10:14:23-07 1.139
--- html-trap.procmail 2004-01-30 10:28:23-08
***************
*** 1384,1390 ****
}
:0 H
- * $! ^Received: from ([^ .]+\.)*($FROMDOM|$FROMDOM3|$FROMDOM2) \(
* $! ^Received: from [^ ]+ \(([^ .]+\.)*($FROMDOM|$FROMDOM3|$FROMDOM2)[ ]
{
REPLY_SUPPRESSED="NOTICE: Envelope sender domain $FROMDOM not supported by Received: path. Suppressing sender notification.${NL}"
--- 1389,1394 ----
More information about the esd-l
mailing list