erek at ...577...
Wed Oct 3 08:33:03 EDT 2001
On Thu, 4 Oct 2001, Chris Keladis wrote:
> Well i dont think parsing the envelope headers would be as much of a sin
> as parsing the letter headers. (After all, most every MTA needs to parse
> the envelope headers to deliver the mail).
> Even if you match on the envelope headers, SPAM could still get past
> since it could have correct envelope headers (say from a forward or a
> redirect), but be a spam internally in the letter headers, and i kind of
> agree with you, parsing the content (letter headers) is rather lame,
> especialy since letter headers are simply strings of the senders
*sigh* I need to remember to have _more_ coffee before doing email in the
morning. *grrr* I meant to say 'body' and not envlpe. Oh well, I'll just
put on another pot.
> Hehehe.. I hear you there :)
Mailadmins are a testy breed... ;-)
> If this feature was seriously needed then i'd say you would need a
> dedicated pre-processor, and even then you would have a hell of a time
> parsing out the Received: lines since i don't think they need to conform
> to any standard, apart from begin with Received: for each mail-hop.
Yes, a mail-gateway would be the perfect thing. All incoming mail drops into
a queue, then you do whatever you want to it, then send it out the backend to
your real mailstore.
More information about the Snort-users