Re: [exim] web bugs

Top Page
Delete this message
Reply to this message
Author: Chris Lightfoot
Date:  
To: jean-paul natola
CC: exim-users
Subject: Re: [exim] web bugs
On Thu, Nov 30, 2006 at 01:19:03PM -0500, jean-paul natola wrote:
> Hi everyone,
>
> I'm not sure if I should post to the Exim list or the SA list-
> Excuse me if its not the correct list-
>
> I was wondering if there is a way to either strip away, or totally block
> messages that have "web bugs" that report back to servers like
> www.readnotify.com


you can write a SpamAssassin rule for this, or try to do
it with regexes in an ACL, but in either case you'll come
up against the problem that the attacker can obfuscate the
HTML in any number of ways to evade detection or blocking,
so you will probably need continually to refine the rules
you use if they are to remain effective.

A better solution, if you have control over the mail
clients, is to upgrade to versions which do not suffer the
security hole that services like readnotify.com exploit.

--
``Another sport which wastes unlimited time is Comma-hunting.''
(Francis Cornford, Microcosmographia Academica)