Re: [Mimedefang] Verifying that a server has seen a message (was Re: Unique identifier)
DFS wrote on 02/20/2009 03:08:06 PM: > > So, if I substitute a period for the "@" do a DNS query for > > C71C5F34D3FD4A82861FD18EEF700959.peregrinehw.com, their nameserver could > > return a coded response that message did indeed originate from that server. > > The Message-ID values would need to be kept for some minimum time period > > before being flushed, perhaps seven to ten days. > > I'm not sure that Message-IDs can always be converted to legitimate > DNS names with that transformation. But anyway, that's a minor problem. True, might have to insert a psuedo-sub-domain and query something like C71C5F34D3FD4A82861FD18EEF700959.verify.peregrinehw.com > > > 1. Unlike Domain Keys and other crypto-signature systems, requires no > > central authority. > > Yes, but it's also vulnerable to a trivial replay attack. Fixing that > is really hard. OK, so I'm not going to get rich on my anti-spam inventions... At least I'm not claiming "Two years from now, spam will be solved." But just watch, someone will try to market this in the near future and patent it, and then someone else will implement it and get sued by the patent holder :) > I would be much more interested in a good way to determine that a DSN > is in response to a message you've sent (rather than being backscatter from > someone faking your address.) Unfortunately, the information preserved > in a DSN is unreliable. :-( You're at the whim of the MTA authors. > > (The only foolproof way to do this is to manipulate the envelope > sender address, and that has all kinds of other down-sides.) Yeah, tell me about it. Try whitelisting a mailing list hosted on Lyris. They use unique senders for each message. I hate whitelisting domains if I can avoid it. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Verifying that a server has seen a message (was Re: Unique identifier)
xwbr...@e1b.org wrote: Message-ID: So, if I substitute a period for the "@" do a DNS query for C71C5F34D3FD4A82861FD18EEF700959.peregrinehw.com, their nameserver could return a coded response that message did indeed originate from that server. The Message-ID values would need to be kept for some minimum time period before being flushed, perhaps seven to ten days. I'm not sure that Message-IDs can always be converted to legitimate DNS names with that transformation. But anyway, that's a minor problem. 1. Unlike Domain Keys and other crypto-signature systems, requires no central authority. Yes, but it's also vulnerable to a trivial replay attack. Fixing that is really hard. I would be much more interested in a good way to determine that a DSN is in response to a message you've sent (rather than being backscatter from someone faking your address.) Unfortunately, the information preserved in a DSN is unreliable. :-( You're at the whim of the MTA authors. (The only foolproof way to do this is to manipulate the envelope sender address, and that has all kinds of other down-sides.) Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Unique identifier
Kevin wrote on 02/20/2009 01:13:21 PM: > I've always used $QueueID as unique BUT I'm sure it has some possibility of > not being random especially if you use more than one server. QueueID plus hostname will take care of uniqueness as suggested by RFC 822. Which suggests an interesting idea to validate messages: A DNS style verification of messages sent. For example, the Message-ID of the message I am replying to shows: Message-ID: So, if I substitute a period for the "@" do a DNS query for C71C5F34D3FD4A82861FD18EEF700959.peregrinehw.com, their nameserver could return a coded response that message did indeed originate from that server. The Message-ID values would need to be kept for some minimum time period before being flushed, perhaps seven to ten days. Potential problems I can see: 1. Load on DNS servers, which would need to delegate the query to the actual mail server named in the message-id. 2. Message-id would need to be immediately available from MTA to DNS type server for verification. This could be mitigated if the mail server based the all or some of LHS of message-id on time, and queried message-ID fell in the past few seconds, before actual used IDs are updated to DNS server. 3. Obviously not effective until widely deployed. On the positive side: 1. Unlike Domain Keys and other crypto-signature systems, requires no central authority. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Unique identifier
In the filter, can anyone advise which var is most likely to give me a unique ID that I can then use to track quarantine and bounced mails? I use action_quarantine in the filter but would like the warning to include a unique ID that the end user can quote to allow me to identify the message and deliver. Is it $messageID, $msgID, $QueueID I've always used $QueueID as unique BUT I'm sure it has some possibility of not being random especially if you use more than one server. For Quarantine messages, I believe get_quarantine_dir() will give you a 100% guaranteed unique dir for a single quarantine location though this assumes that MD has some code to handle collisions on the creation of these directories. From checking it looks like it does it with a timestamp and a 1000 counter loop. regards, KAM ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Unique identifier
In the filter, can anyone advise which var is most likely to give me a unique ID that I can then use to track quarantine and bounced mails? I use action_quarantine in the filter but would like the warning to include a unique ID that the end user can quote to allow me to identify the message and deliver. Is it $messageID, $msgID, $QueueID Thanks all, jON Jon Rowlan - Managing Director Helena House 11 Romney Place Maidstone Kent. ME15 6LE SUPPORT - supp...@sads.com Tel: 01622 67 Fax: 01622 761046 Email: jon.row...@sads.com Sytems Analysis Design & Support Limited ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] skip all outgoing mail, not only to one relay
Hi there, i browsed the list and found that people are using filter_relay to skip send if a certain relay is used. i want to make MD skip ALL outgoing mail that is SEND through the server via smtp to ANY relay. could someone give me a hint? thanks alot! SK ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
