Dear Ralph,
> > sort -k 3 | sort -k 2
>
> I don't think that does what you intend.
> Anything achieved by the first sort is discarded by the second.
Indeed it does not.
Attached is a better version. I switched it also to use the unit
separator (number 31, like number 29 but for fields of a record).
So now the unnecessarily complex attack is to send a unit separator,
and the simple attack is still to send the exact same message-id.
I suppose you can check SPF, &c to mitigate either attack.
Respectfully yours,
Krullen Van De Trap
#!/bin/sh
# usage: dupl +folder msg ...
# dupl +folder msg ... | xargs scan
# dupl +folder msg ... | xargs rmm
delimiter="$(printf '\37')"
format="$(
printf "%s${delimiter}%s${delimiter}%s" '%(msg)' \
'%{message-id}|%(addr{from})' '%<(null{list-id})1%|0%>'
)"
prev_key=
scan -width 0 -format "$format" "$@" |
sort -t "$delimiter" -k 2,3 |
while IFS="$delimiter" read msg key has_list_id; do
if test -n "$key" && test "$key" = "$prev_key"; then
echo "$msg"
fi
prev_key="$key"
done
#!/bin/sh
set -e
folder -create +dupl-demo
list_id='list.example.com'
message_id='[email protected]'
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do
if test $(($i%4)) -eq 0; then
the_list_id="$list_id"
else
the_list_id=
fi
the_message_id="$(printf "$message_id" $(($i%5)))"
printf 'Subject: %s\nList-Id: %s\nMessage-Id: %s\n' \
"$the_list_id/$the_message_id" "$the_list_id" "$the_message_id" > "$(mhpath +dupl-demo new)"
done
rmm +dupl-demo $(dupl)
scan +dupl-demo
