Vulnerability Development mailing list archives
Re: [Fwd: Netscape mail client error]
From: jduksta () BBN COM (John Duksta)
Date: Sat, 20 Nov 1999 23:29:00 -0500
Trevor Schroeder wrote:
Nothing is ever completely sufficient. What you're talking about it a silver bullet, an MTA that automagically filters out any content that may be problematic for any client that may consume it. (Assuming, of course, that we put the burden on MTA's--not at all unreasonable, IMHO)
I would imagine for someone (not myself) who's really good with the sendmail rulesets, it shouldn't be hard to come up with a rule to require proper length dates before it will queue it for delivery.
Of course on the other hand, in theory, the MTA shouldn't have to filter out anything, because the clients should be well enough constructed as to be able to tolerate non-compliant messages.
Yes, but we already filter so much with our MTA's, what with RBL and other UCE blockers, we might as well add other config item to the MTA. Besides keeping some users mailers from wigging out and creating a potential helpdesk call to manually remove a piece of mail from someone's queue file (which I've watched my sysadmin collegues have to do sooooo many times for other reasons), it would have the added benefit of reminding users to set their RTC's back to a close approximation of the actual time once in a while.
RFC compliant message. The MTA can legally discard anything else. And I might say that I would be a little upset if my MTA discarded RFC compliant messages for no better reason than it didn't seem to make sense to the self-same MTA. What if, for example, my RTC is REALLY off? My mailer may generate valid, but incorrect, dates. Should its messages be rejected?
Frankly, with the transience of this medium, I think anything more than 60 days old should be considered completely useless. Heck, most MTA's send a message back to you after 5 days if it can't deliver it in that time. And if a user's RTC is off by more than 60 days in either direction, they really shouldn't be using a computer. Just as a side note, as X.509 cert use becomes more prevalent, we'll see everyone get their clocks a lot more in line with the real world. Once people start pulling CRL's to check on the current status of a cert, their PKI software will complain to them if their clock is set to something outside of the validity range for the CRL that they pull. -john
Current thread:
- [Fwd: Netscape mail client error] Blue Boar (Nov 19)
- Re: [Fwd: Netscape mail client error] Blue Boar (Nov 19)
- Re: [Fwd: Netscape mail client error] Trevor Schroeder (Nov 20)
- Re: [Fwd: Netscape mail client error] Blue Boar (Nov 20)
- Re: [Fwd: Netscape mail client error] CyberPsychotic (Nov 17)
- Re: [Fwd: Netscape mail client error] Trevor Schroeder (Nov 20)
- Re: [Fwd: Netscape mail client error] John Duksta (Nov 20)
- Re: [Fwd: Netscape mail client error] Alan Cox (Nov 21)
- Re: [Fwd: Netscape mail client error] Trevor Schroeder (Nov 20)
- Re: [Fwd: Netscape mail client error] Blue Boar (Nov 19)