On Thu, 8 Aug 2002, Tamas TEVESZ wrote:
> On Wed, 7 Aug 2002, Dave C. wrote:
>
> > I seem to remember once someone posting a way of recording the ID that
> > was used for an SMTP AUTH session in the headers of a message, but
> > hashing it in some way that hid the data from immediate view, but which
> > the admin could decode using a secret key.
> >
> > I've search around, but am unable to find anything on this.
> >
> > Anyone here know where I can find this info?
>
> right below this line: [;))]
>
> ASMTP_HEADER_SECRET = pangalaktikgargleblaster
>
> received_header_text = "Received: \
> [...]
> ${if def:authenticated_id { (authenticated sender: ${md5:${authenticated_id}${message_id}ASMTP_HEADER_SECRET})}}\
> [...]
>
> or you can put it in an X- header or something.
Ok, then how do I decode that? AFAIK, md5 is a one-way hash.
