| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Jul 17 01:35:25 2006 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: throwing the book at spam On Sun, 16 Jul 2006 11:33:32 BST, lsi said: > These tests are fairly self-explanatory, with the exception of the > analyse_received test. This test analyses the significant Received: > headerline inside each mail (there are usually several Received: > lines, but only one is relevant for our purpose). Any mail with an > invalid Received: line is deleted. The tests for validity are as > follows: > > IP_missing > IP_obfuscation > IP_unreversible > by-line_not_present > sending_SMTP_server_unresolvable > sending_hostname_not_provided Note that these tests are *very* hard to get right. In particular, they tend to fail spectacularly if you don't allow for the fact that many times, the mail originates inside an RFC1918 private network, so trying to resolve the IP addresses will fail. There's also a lot of other ways this can bork up if at any time a split-view DNS was involved, or there is/was a temporary DNS outage.... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060716/a9f1c115/attachment.bin
Powered by blists - more mailing lists