Re: [exim] Re: Sanity check: ACL to block fake sender addres…

Startseite
Diese Nachricht ist Teil des folgenden Threads:
MDer komplette Thread sortiert nach Datum
MIan Eiloart am <-
MMarc Sherman am ->
Nachricht löschen
Nachricht beantworten
Autor: John W. Baxter
Datum:  
To: exim-users
Betreff: Re: [exim] Re: Sanity check: ACL to block fake sender addresses
On 11/18/05 9:53 AM, "Ian Eiloart" <iane@???> wrote:

> Then, we'd probably use an MD5 hash of the
> sender address, a secret and something time sensitive.

MD5 and "time sensitive" in the same sentence is "worrysome". That's a
feature of MD5.

$md5 -s xyz00:00
MD5 ("xyz00:00") = 1f43f419a60407190d86ecd86d5a9231
$md5 -s xyz00:01
MD5 ("xyz00:01") = 7a41191668698f90703c570930c98588
$

So you probably would do something else, or use a coarse-grained time such
as the day and be willing to try at least one prior day's hash if today's
fails. ;-)

--John




Diese Nachricht wurde auf der folgenden Mailing-List gepostet:
Exim-users
Mailing-List-Info | Nachrichten um die Zeit		<-Re: [exim] Exim, IMAP and Mailing ListsRe: [exim] suggestion - exim-new-users->
Tahini and Hummus and Cumin Development Archives administriert von cumin AdminsLurker (Version 2.3)