[Esd-l] Html-trap and received mail from yahoo.com

John Hardin jhardin at impsec.org
Fri May 17 07:09:01 PDT 2002

On Fri, 2002-05-17 at 05:02, Frank Hahn wrote:

> I have started using a script called fetchyahoo.pl which I found at
> http://www.freshmeat.net to grab email from my yahoo.com account.  I
> believe the email is being run through the sanitizer but for some
> reason, it is not seeing programs that are included in this email.
> For example, late last night, I received this (just the headers and a
> little more):
> >From "tdre"_<tdre at alsrn.o> Thu May 16 23:25:23 2002
> X-Apparently-To: fhahn at yahoo.com via web13508.mail.yahoo.com; 16 May
> 2002 20:48:11 -0700 (PDT)
> Return-Path: <mrshekar at earthlink.net>
> Received: from hawk.mail.pas.earthlink.net (
>   by mta465.mail.yahoo.com with SMTP; 16 May 2002 20:48:10 -0700 (PDT)
> Received: from user-0c8h15n.cable.mindspring.com ([]
> helo=Wfll)
>         by hawk.mail.pas.earthlink.net with smtp (Exim 3.33 #2)
>         id 178Yit-0001qK-00
>         for fhahn at yahoo.com; Thu, 16 May 2002 20:48:07 -0700
> From: "tdre" <tdre at alsrn.o>
> To: fhahn at yahoo.com
> Subject: So cool a flash,enjoy it
> MIME-Version: 1.0
> Content-Type:
> multipart/mixed;Boundary="arbitrary_string_WheeeThu_May_16_23:25:20_2002"
> Message-Id: <E178Yit-0001qK-00 at hawk.mail.pas.earthlink.net>
> Date: Thu, 16 May 2002 20:48:07 -0700
> Status: RO
> Content-Length: 143428
> Lines: 2545

There's no X-Security: header, so the sanitizer didn't process it.

There's also not a Received: header for your local system (the latest
one is the Yahoo server receiving it) so it looks like fetchyahoo.pl is
delivering it directly to your mailbox rather than sending it via the
local MTA.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
 "To disable the Internet to save EMI and Disney is the moral
  equivalent of burning down the library of Alexandria to ensure the
  livelihood of monastic scribes."
                                    -- John Ippolito of the Guggenheim
   909 days until the Presidential Election

[demime 0.98e removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the esd-l mailing list