[milters] Archive

Lists Index Date Thread Search

Article: 1623
From: Anthony Howe
Date: 2007-07-19 02:04:28 -0400
Subject: Re: milter-null: good bounces are also rejected

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Jim Hermann - UUN Hostmaster wrote:
> Milter-null has a bug that prevent good bounces from being recognized.  The
> current version identifies all bounces as not originating on the server.
> 
> I modified the code so that it ignores the date when it calculating the
> X-Null-Tag.  The X-Null-Tag still is unique since it is based on the
> recipient email address, the message-ID and the secret word.  

Excluding the Date: header from the X-Null-Tag hash means that the 
header is no longer time limited and can be spoofed in replay attacks.

The actually problem is that in a DSN there is a Date: header for the 
DSN and a copy of the original Date: header included in the reported 
headers found in the DSN body. The former is found first. You touched on 
this in your 29 May post.

I would suggest changing line 334:

	if (TextInsensitiveCompare(name, "Date") == 0) {

to

	if (0 < data->work.mail->address.length && TextInsensitiveCompare(name, 
"Date") == 0) {

This should prevent the Date: header of the DSN message being used in 
place of the original message Date: header that should be found in the 
message body.

-- 
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         ICQ: 7116561      Sendmail Milter Solutions
http://www.snert.com/                 
     http://www.snertsoft.com/

Lists Index Date Thread Search