Over at <URL:
http://www.net.lut.ac.uk/~martin/antispam/exim-hacks/>
you'll find a patch against Exim 2.12 which adds support for a new
feature. I'd like to get a few people to try this out on their
mailers. A version of this patch has been in use here (with Exim
1.82, admittedly!) for just over a year, with no apparent problems.
The patch adds a new Boolean config file option 'content_md5_origin',
which is turned on by default. When this option is enabled, messages
which don't have a Content-MD5: header will get one calculated, based
on the MD5 digest value of the message body. This can then be used by
other programs for filtering purposes, since all messages which have
the same body contents will have the same Content-MD5: digest value.
In those cases where Exim adds this header itself, the new header
Content-MD5-Origin: is also added, as per the Internet Draft excerpt
below... (also at the above WWW page)
Happy hacking :-)
Martin
PS From draft-hamilton-content-md5-origin-01.txt ...
The Content-MD5: header specified in RFC 1864 has not been widely
deployed, though this would be highly desirable for a number of
reasons. The author conjectures that this lack of usage is due at
least in part to the requirement that only originating user agents
may add a Content-MD5: header. This proposal updates RFC 1864 to
remove that requirement, and defines the header Content-MD5-Origin:
for use by relaying hosts to indicate the point at which a Content-
MD5: header was added.
[...]
The rationale for extending the RFC 1864 definition of Content-MD5:
is that in addition to the basic message integrity check function, it
provides a very effective means of protection for messaging systems
against a number of common problems, such as
* loops - e.g. malfunctioning "vacation" programs or failure
messages sent to mailing lists by broken server software
* multiple submissions - where the same message is injected
over and over again, e.g. due to broken user agent or
server software
* unsolicited bulk messaging - a special case of the above
It should be noted that Content-MD5: is not a complete solution in
itself. For example, in some loop situations it is not uncommon for
messages to include header information for diagnostic purposes. This
would likely render the Content-MD5: digest value useless, since it
would be different for each of the looping messages.
--
*** Exim information can be found at
http://www.exim.org/ ***
