Vulnerability Development mailing list archives
Re: [Fwd: Netscape mail client error]
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Fri, 19 Nov 1999 22:26:14 -0800
dolemite () wuli nu wrote:
Email records are often important but I would hope most self-respecting admins would bother to log such things on the smtp server rather than just looking at the dates on the msg. Furthermore I believe there is probably more information on the header of the email which would probably show some non quasi-dates.
Yup. For the last few e-mail based attacks, I've seen someone post a procmail rule that will trap it. In this case, mail servers can absolutely catch this type of problem before it hits clients. All that has to be done is to look for valid date/time ranges. It would probably also be smart to check that a piece of e-mail doesn't claim to be too old or too new. For example, you might not want to let in mail that claims to be more than a month or a year old or some such. You probably don't want to let in e-mail that claims to be more than two days in the future. The same goes for most of the standard fields... mail admins should typically not expect a to: or from: field more than, say 200 characters or some other relatively low number. So, I expect this line of thought (fooling with date fields and such) will come up with something more interesting than the annoyance I've posted. Clueful admins have an opportunity here to be proactive. If folks know of MTAs that can deal with the above, or if procmail users want to post rules that catch these, please post them. BB
Current thread:
- [Fwd: Netscape mail client error] Blue Boar (Nov 19)
- Re: [Fwd: Netscape mail client error] Blue Boar (Nov 19)
- Re: [Fwd: Netscape mail client error] Trevor Schroeder (Nov 20)
- Re: [Fwd: Netscape mail client error] Blue Boar (Nov 20)
- Re: [Fwd: Netscape mail client error] CyberPsychotic (Nov 17)
- Re: [Fwd: Netscape mail client error] Trevor Schroeder (Nov 20)
- Re: [Fwd: Netscape mail client error] John Duksta (Nov 20)
- Re: [Fwd: Netscape mail client error] Alan Cox (Nov 21)
- Re: [Fwd: Netscape mail client error] Trevor Schroeder (Nov 20)
- Re: [Fwd: Netscape mail client error] Blue Boar (Nov 19)