 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
10 messages in net.sourceforge.lists.courier-maildropRe: [maildropl] segregate non-whiteli...| From | Sent On | Attachments |
|---|---|---|
| email builder | Sep 4, 2008 2:52 pm | |
| email builder | Sep 4, 2008 3:32 pm | |
| Sam Varshavchik | Sep 4, 2008 3:32 pm | |
| email builder | Sep 4, 2008 4:46 pm | |
| mouss | Sep 5, 2008 2:38 pm | |
| email builder | Sep 7, 2008 2:51 pm | |
| email builder | Sep 7, 2008 2:59 pm | |
| Sam Varshavchik | Sep 7, 2008 3:12 pm | |
| email builder | Sep 7, 2008 5:28 pm | |
| Devin Rubia | Sep 8, 2008 8:01 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [maildropl] segregate non-whitelisted mails? | Actions... |
|---|---|---|
| From: | email builder (emai...@yahoo.com) | |
| Date: | Sep 7, 2008 2:51:43 pm | |
| List: | net.sourceforge.lists.courier-maildrop | |
----- Original Message ----
From: mouss <mou...@netoyen.net> Cc: cour...@lists.sourceforge.net Sent: Friday, September 5, 2008 2:38:51 PM Subject: Re: [maildropl] segregate non-whitelisted mails?
email builder wrote:
2) The kicker is that I want all other (non-whitelisted senders) mail to be
filtered elsewhere. I think if I can come up with a maildrop script that accomplishes #1 above, this may not be too hard, but I am concerned about two
things:
a) Reading in a (possibly big) whitelist from a file or database during
maildrop execution may not be efficient(?) and may be hard to code in maildrop script language
There are some filtering statements that are geared towards this situation, see the lookup() function in the maildropfilter man page. It's going to be as fast as reading a list of regular expressions from a file, and applying them.
Sounds perfect. THANK YOU. As always, maildrop is a WONDERFUL tool!
b) The FROM header is easily forged -- can I rely on typical postfix EHLO and client checks (such as requiring the client domain to match the sender domain or whatever) to catch those forgeries and safely be naive/trusting of what the FROM header says if I implement this in maildrop? Even if this kind of filtering was implemented elsewhere, it'd still have to be based on the FROM header, so maybe this question becomes irrelevant except to know how much postfix rules can help make the FROM header trustable....??
This is true, but you are using a whitelist-based approach. For your approach to be defeated, the attacker has to know exactly what addresses you are whitelisting. Forging a random address on the From: header won't help -- the forged address is unlikely to be whitelisted.
OK, fair enough. I suppose I am musing about the worst-case scenario when a spammer somehow guesses or steals address(es) from a user whitelist. The most vulnerable example I can think of is when you have users on the same domain/site that have some kind of public profile that can be guessed with a certain amount of certainty to be friends. I suppose the best defense of that is never to allow incoming mail from untrusted servers with your own domain on it and hope the said users don't introduce complications by using other email addresses (school email, work email, etc). In general, in today's world of MySpaces and kids who grow up with lower expectations of privacy, and/or when virus/spam tools can gain enough information to guess about a user's personal contacts, the whitelist becomes vulnerable as far as I can tell.
From what I've read in the last couple hours of research, unless I want to try advanced techniques like matching senders with their IP addresses (which can change, so even such techniques are not 100%), you just have to live with the flaws of whitelisting (even if they are lower risk), at least in today's world.
one scenario is when an address book is stolen (by malware).
Exactly. So is there anything you can think of to thwart someone who uses a
technique like that to learn a user's whitelist contents? It seems like most
spambots
can't usually be bothered to have a list of acceptable FROM addresses for each
destination address, so I think it'd have to be a situation where it'd be more
like a
harrasement case than just spam. But aside from guessing about intent, what are
the good measures to take against forged FROM addresses that happen to be on
a user's whitelist?
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Courier-maildrop mailing list Cour...@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/courier-maildrop