[Esd-l] REQ: sample non-sendmail headers

John D. Hardin jhardin at impsec.org
Tue Feb 3 19:07:42 PST 2004


If you are running the sanitizer on an MTA other than sendmail I'd
like your help.

Can you check your quarantined messages for NovArg messages, and pick
out the Received: headers, and send me a sample or two? I have plenty
of sendmail Received: headers but if other MTAs use a different format
I'd like to be able to recognize those as well.

This is especially useful if your sanitizer MTA is not directly
exposed to the Internet (e.g. it's a hop or two into your network).


I am making the Smart Notify Suppression a little more paranoid and a
little more configurable - you will be able to specify a list of
"trusted" MTAs whose Received: headers you can trust have meaningful
reverse DNS information about where the message was received from.

Simple setups, where the sanitizer is on the MTA that's exposed to the
Internet, won't need to be configured (it will automatically trust the
local system's Received: header) but if you're running the sanitizer a
couple of hops removed from the Internet you need to be able to say
which Received: header is from the system that actually received the
message first and has useful rDNS data about the sender.


 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
				-- Peter da Silva in a.s.r
   60 days until the Slovakian Presidential Election

More information about the esd-l mailing list