[CrackMonkey] Re: 5cr1p7 k1dd135
dmarti at zgp.org
Wed Apr 12 09:58:54 PDT 2000
On Wed, Apr 12, 2000 at 08:35:22AM -0700, Monkey Master wrote:
> Now, if I were to cache message IDs and not allow duplicates,
> my archives of the mailing lists would be incomplete, as all the lame
> group-reply mail to threads I'm involved in would end up in my inbox
> (since those messages reach me first). As it is, I use my
> monkeymaster address on this list in order to keep deirdre's
> ham-fisted clumsy list replies out of my spool file.
So, it seems to me that a useful heuristic would be either "keep the LAST
copy of a message with a given Message-Id" or "when mail B comes in with
the same Message-Id as existing message A, trash B but move A to the
folder where you would have put B."
If you combine these with spam filtering, both methods would be
vulnerable to the simple attack of sending spam with the same Message-Id
as a list message. But what if you used the second method with the
additional rule of "don't move mail from a spam folder to a non-spam
folder or vice versa"?
procmail is ugly yet strangely powerful. Perhaps every user should be
empowered to write his or her own MDA in Python instead of learning a
strange new language just to filter and lose mail. There are already
modules to handle mailboxes, headers, MIME, and RBL -- all you'd really
need is Message-ID caching.
Don Marti Join the Great American GAS OUT. Do not buy
dmarti at zgp.org any gas from April 7, 2000 to April 7, 2003
whois DM683 Except gas for burning GIFs: http://burnallgifs.org/
More information about the Crackmonkey