Bugtraq mailing list archives

Re: HTML email "bug", of sorts.

From: "John Fitzgibbon" <fitz () jfitz com>
Date: Mon, 20 Aug 2001 20:55:29 -0700

Under Outlook, this isn't possible.

...and...

This is a kludge, and I know it is a kludge, ....

...and ...

There just doesn't seem to be a good compromise here.


This is possible, (I'm using it right now)...
It's not a kludge, (in my book anyway)...
And it's a pretty decent compromise...
... and it has (at least one) nice side-effect :-)

1. Install cygwin, (freely available from redhat)

2. Create a shell script to port forward your mail:
#!/bin/sh
ssh -L 25:localhost:25 -L 110:localhost:110 mailxxx.xxx.domain

3. Create a batch file to call the script,
(for example, say it's my_mail_forwarder.sh):
@echo off
C:
chdir \cygwin\bin
bash --login my_mail_forwarder.sh

4. Create a shortcut to the batch file. Run it before you use mail to log on
to your mailserver with port forwarding, (use keys if you don't want to have
to type passwords).

5. Configure Outlook to pop/smtp off localhost,
(under Tools -> Accounts -> Properties)

At this point, you should be downloading your mail securely from your
mailserver, (this is the nice side-effect). But not done yet....

6. Install Zone Alarm.
(Free for personal use, $20 for biz -- you don't need the pro version.)

7. In ZA Control Center -> Security -> Advanced:
Add 127.0.0.1 to the local network, (not sure why it's not there by default)

8. When Outlook next tries to access "Local Network", (popping/sending mail
via the port forwarding ssh session), tell ZA to allow this traffic, (and
remember this setting). When it tries to access the "Internet", (for example
when you open a HTML email), tell ZA to block this traffic, (and remember
this setting).

At this point you are sorted. Outlook will happily render HTML emails in
readable format, but will be blocked from fetching images, (and other nasty
activity that it is prone to undertaking without your consent).

If you have multiple email accounts on different servers, port forward
other, (unused), local ports and configure the Outlook account's ports
appropriately, (Advanced tab in account settings).

Current thread:

Security Update: [CSSA-2001-031.0] Linux -security issues in ucd-snmp Support Info (Aug 17)
- HTML email "bug", of sorts. Alex Prestin (Aug 18)
  - RE: HTML email "bug", of sorts. Russell Garrett (Aug 19)
  - Re: HTML email "bug", of sorts. John D. Hardin (Aug 19)
  - Re: HTML email "bug", of sorts. role+bugtraq (Aug 19)
  - Re: HTML email "bug", of sorts. Daryl Banttari (Aug 19)
  - Re: HTML email "bug", of sorts. Jon Masters (Aug 19)
  - Re: HTML email "bug", of sorts. Jeffrey W. Baker (Aug 19)
  - Re: HTML email "bug", of sorts. Jason Haar (Aug 20)
    - Re: HTML email "bug", of sorts. Thor (Aug 20)
    - Re: HTML email "bug", of sorts. John Fitzgibbon (Aug 20)
  - Re: HTML email "bug", of sorts. Sean Straw / PSE (Aug 21)