[Esa-l]Special handling of local mail [was: Help with hybris getting thru filters]

John D. Hardin jhardin at impsec.org
Thu Jun 7 19:05:15 PDT 2001

On Thu, 7 Jun 2001, Rick Thompson wrote:

> Ok....I follow this logic.  So I need to have a special case
> MANGLE_EXTENSIONS, just for internal mail, and let all mail be
> filtered.  I don't have a problem filtering internal mail, but I
> don't want to mangle extensions on M$ Office files (yeah I know
> its prob a bad idea).  Everything else would be the same as
> external mail.  But I don't want to let these spoofed headers/no
> header messages slip thru either.

Exactly correct.

> So the question is what do I key the special case from if I can't
> use messageid or sender?

Well, let's take a look at your internal mail system...
> Typical Internal mail header:
> Return-Path: <ssunderman at motleypc.com>
> Received: from ssunderman (ssunderman.motleypc.com [])
> 	by prometheus.motleypc.com (8.11.0/8.11.0/SuSE Linux 8.11.0-0.4) with SMTP
> id f56KmOZ05956
> 	for <rthompson at motleypc.com>; Wed, 6 Jun 2001 16:48:24 -0400
> From: "Steve Sunderman" <ssunderman at motleypc.com>
> To: "Rick Thompson" <rthompson at motleypc.com>
> Subject: RE: Ellis Hall Millwork
> Date: Wed, 6 Jun 2001 16:56:13 -0400
> Message-ID: <NCBBJKBNCJNJBOCLCDEICEPHCPAA.ssunderman at motleypc.com>

I would suggest something like the following:


* ^Received: from [a-z0-9\.]+ \([a-z0-9\.]\.motleypc\.com \[192\.168\.1\.[0-9]+\]\) by prometheus.motleypc.com
   MANGLE_EXTENSIONS='looser list'

Looking for your domain name and IP address as the source of the
message in a Received header should positively identify the message as
being locally originated. In order for this to be forged someone
would pretty much have to do it by hand.

 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  An entitlement beneficiary is a person or special interest group
  who didn't earn your money, but demands the right to take your
  money because they *want* it.
                                  -- John McKay, _The Welfare State:
                                     No Mercy for the Middle Class_
   1244 days until the Presidential Election

More information about the esd-l mailing list