[Esa-l] ANN: Sanitizer update - 1.135 released

John D. Hardin jhardin at impsec.org
Sun May 26 22:22:38 PDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The procmail sanitizer has been updated. The current version is 1.135
It is available via:

US/WA:  http://www.impsec.org/email-tools/procmail-security.html
US/FL:  http://stonewall.lbhs.net/~jhardin/email-tools/procmail-security.html
EU/NO:  http://jhardin.oftedal.no/email-tools/procmail-security.html
EU/NL:  http://kanon.net/~jhardin/email-tools/procmail-security.html
AU:     http://grebopple.accessunited.com.au/email-tools/procmail-security.html
AU:     http://impsec.fuzzitech.net/email-tools/procmail-security.html

Direct links to the current tarball:

US/WA:  http://www.impsec.org/email-tools/procmail-sanitizer.tar.gz
US/FL:  http://stonewall.lbhs.net/~jhardin/email-tools/procmail-sanitizer.tar.gz
EU/NO:  http://jhardin.oftedal.no/email-tools/procmail-sanitizer.tar.gz
EU/NL:  http://kanon.net/~jhardin/email-tools/procmail-sanitizer.tar.gz
AU:     http://grebopple.accessunited.com.au/email-tools/procmail-sanitizer.tar.gz
AU:     http://impsec.fuzzitech.net/email-tools/procmail-sanitizer.tar.gz


- From the changelog:

05/26/2002 (1.135)
Smarten $SECURITY_NOTIFY_SENDER up to reduce spoofing by forged
 headers; disable this by setting $SECURITY_DISABLE_SMART_REPLY to
 any value; side-effect is the sender address is now taken from the
 Return-Path: header instead of the From: header.
Add original message headers to sender notification message.
Allow override of FROM address on notifications; set
 $SECURITY_LOCAL_POSTMASTER to the address to use, e.g.
 "abuse at myrootdomain.com".
Set envelope FROM address so bounced notifications go to admin rather than
 user; this is done in the default $MTA_FLAGS_HDRS so if you
 override that you'll want to make sure you use the appropriate flags in
 your custom command line.
Option to notify abuse@ in addition to postmaster@ at sender domain; set
 $SECURITY_NOTIFY_SENDER_ABUSE to any value to enable.
Refine active-HTML defanging a bit in response to a bugtraq post.
Improve detection of obscured HTML tags.
Option to specify quarantine lockfile; set
 $SECURITY_QUARANTINE_LOCKFILE to a full path-and-filename
 writable by all users (e.g. "/var/tmp/quarantine.lock").
Option to log poisoned Message-IDs to a file; set
 $SECURITY_MSGID_LOG to a full path-and-filename writable by
 all users (e.g. "/var/tmp/msgid.log").
Properly enquote unquoted attachment filenames that have embedded semicolons.
Minor cosmetic changes to log messages.
Fix the "Extraneous deliver-head flag ignored" booboo.


The sanitizer home page is at
http://www.impsec.org/email-tools/procmail-security.html

The archive of the sanitizer discussion list is at
http://www.spconnect.com/mailman/listinfo/esd-l



-----BEGIN PGP SIGNATURE-----
Version: PGP 5.0
Charset: noconv

iQA/AwUBPPGv89gi5ua4cy55EQKIywCfaJ+ryv9yfjFtfflbNIcNiJqNtmEAoKYX
Myv53Mrg/h/OvEwg1IB/z9HX
=dRtP
-----END PGP SIGNATURE-----


--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
 "To disable the Internet to save EMI and Disney is the moral
  equivalent of burning down the library of Alexandria to ensure the
  livelihood of monastic scribes."
                                    -- John Ippolito of the Guggenheim
-----------------------------------------------------------------------
   362 days until The Matrix Reloaded



More information about the esa-l mailing list