Snort mailing list archives
Re: Spamming
From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 3 Oct 2001 08:32:27 -0700 (PDT)
On Thu, 4 Oct 2001, Chris Keladis wrote: [...snip...]
Well i dont think parsing the envelope headers would be as much of a sin as parsing the letter headers. (After all, most every MTA needs to parse the envelope headers to deliver the mail). Even if you match on the envelope headers, SPAM could still get past since it could have correct envelope headers (say from a forward or a redirect), but be a spam internally in the letter headers, and i kind of agree with you, parsing the content (letter headers) is rather lame, especialy since letter headers are simply strings of the senders selection.
*sigh* I need to remember to have _more_ coffee before doing email in the morning. *grrr* I meant to say 'body' and not envlpe. Oh well, I'll just put on another pot.
Hehehe.. I hear you there :)
Mailadmins are a testy breed... ;-)
If this feature was seriously needed then i'd say you would need a dedicated pre-processor, and even then you would have a hell of a time parsing out the Received: lines since i don't think they need to conform to any standard, apart from begin with Received: for each mail-hop.
Yes, a mail-gateway would be the perfect thing. All incoming mail drops into a queue, then you do whatever you want to it, then send it out the backend to your real mailstore. Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Spamming Roger Bou Aoun (Oct 03)
- Re: Spamming Erek Adams (Oct 03)
- Re: Spamming Chris Keladis (Oct 03)
- Re: Spamming Erek Adams (Oct 03)
- RE: Spamming Roger Bou Aoun (Oct 03)
- RE: Spamming Jason Robertson (Oct 04)
- RE: Spamming Ed Kasky (Oct 04)
- RE: Spamming Franki (Oct 04)
- Re: Spamming Chris Keladis (Oct 03)
- Re: Spamming Erek Adams (Oct 03)
- <Possible follow-ups>
- Re: Spamming D. J. Bernstein (Oct 05)
- Re: Spamming Jason Robertson (Oct 07)