Re: [Exim] Matching bounce recipients against sender hashes …

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Tony Finch
Ημερομηνία:  
Προς: Christian Balzer
Υ/ο: exim-users
Αντικείμενο: Re: [Exim] Matching bounce recipients against sender hashes -- solved!
On Sun, 13 Jun 2004, Christian Balzer wrote:
>
> But unless you can make sure that those tokens are never exposed,
> you are going to become vulnerable again (just look for spam that is
> addressed to email/usenet message IDs).
> Possible/likely leaks are mailing list archives and even more in this
> day and age compromised machines of people you communicated with.
> Given the the increasingly close proximity of spammers and worm/virus
> authors a rather plausible scenario.


Mailing list archives won't be a problem because list systems usually
don't propagate the original return path. In any case you should make sure
that the address in the Sender: header is *not* signed. This is because
(slightly counter-intuitively) it is a destination address not a return
address: like the Reply-To: and From: headers it may be used when creating
reply messages.

--
Tony Finch <dot@???> http://dotat.at/