From owner-freebsd-security@FreeBSD.ORG Sun May 16 07:13:00 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0781016A4D6 for ; Sun, 16 May 2004 07:13:00 -0700 (PDT) Received: from mail.1plan.net (ns1.1plan.net [216.240.143.74]) by mx1.FreeBSD.org (Postfix) with SMTP id 024C143D41 for ; Sun, 16 May 2004 07:12:59 -0700 (PDT) (envelope-from aanton@reversedhell.net) Received: (qmail 68071 invoked by uid 98); 16 May 2004 14:19:55 -0000 Received: from aanton@reversedhell.net by cp by uid 101 with qmail-scanner-1.20 (clamscan: 0.65. Clear:RC:1(81.196.32.25):SA:0(-100.0/4.7):. Processed in 6.103228 secs); 16 May 2004 14:19:55 -0000 X-Spam-Status: No, hits=-100.0 required=4.7 X-Qmail-Scanner-Mail-From: aanton@reversedhell.net via cp X-Qmail-Scanner: 1.20 (Clear:RC:1(81.196.32.25):SA:0(-100.0/4.7):. Processed in 6.103228 secs) Received: from unknown (HELO reversedhell.net) (81.196.32.25) by ns1.1plan.net with SMTP; 16 May 2004 14:19:49 -0000 Message-ID: <40A776E0.4070405@reversedhell.net> Date: Sun, 16 May 2004 17:12:48 +0300 From: Anton Alin-Adrian User-Agent: Mozilla Thunderbird 0.5 (X11/20040503) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Giorgos Keramidas References: <40A69DDD.30603@reversedhell.net> <20040516093059.GA55860@gothmog.gr> In-Reply-To: <20040516093059.GA55860@gothmog.gr> X-Enigmail-Version: 0.83.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-security@freebsd.org Subject: Re: How do fix a good solution against spam.. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 May 2004 14:13:00 -0000 Giorgos Keramidas wrote: > On 2004-05-16 01:46, Anton Alin-Adrian wrote: > >>M.Jessa> Not only it's way faster than perl based messagewall, amavisd and >>M.Jessa> mailscanner etc but it also has neat stuff like making connections >>M.Jessa> back to the sender's MX checking for validity of the sender's >>M.Jessa> email. >> >>So far I can only release this code. It implements exactly what was >>mentioned about exim. I use it with qmail because qmail I have, but >>can be used with postfix/sendmail with ease. So now not only exim can >>do that hack. > > > Similar functionality to the one described above can be added to > Sendmail with a milter. > > Anyway, you surely can't be using the program you sent. It doesn't even > build here: > > giorgos@gothmog[11:31]/tmp/mxcheck$ cc -O2 -ggdb check.c > check.c: In function `filtervalidmail': > check.c:443: error: syntax error at end of input > giorgos@gothmog[11:31]/tmp/mxcheck$ _ > > >>PS - this is how i use it: >>.qmail-file: >> >>| /usr/local/bin/check /usr/local/bin/safecat /path/to/Maildir/tmp >>/path/to/Maildir/new >> >>#the above after | is on a single line. > > > Putting aside the facts that the source is entirely undocumented, that > it doesn't even build, that it has a million style bugs, that the > comments aren't really helpful in understanding how it works, and that > it's entirely undocumented... > > - What does each one of these parameters exactly do? > - What is safecat and why is it run with a full pathname? > - Why are you using an internal Maildir/ path like 'tmp'? > - Does this work in a .forward file too? > > I know, I know that RTFS for such a small program documentation is most > of the time unnecessary for the experienced hacker, but IMHO this is > something that simple FreeBSD users might want to install too. Without > any sort of documentation or other hint about the way it works, you > don't really expect anyone to run this or do you? :-/ > > - Giorgos > > > ---dump--- %ls -l total 10 -rw------- 1 bu bu 10180 May 16 16:57 lacheck.tar.gz %tar -zxvf * gpl.txt check.c %ls -l total 38 -rw-r--r-- 1 bu bu 9626 May 16 02:49 check.c -rw-r--r-- 1 bu bu 18009 May 16 02:49 gpl.txt -rw------- 1 bu bu 10180 May 16 16:57 lacheck.tar.gz %cc -o check check.c %ls -l total 50 -rwxr-xr-x 1 bu bu 11518 May 16 16:58 check -rw-r--r-- 1 bu bu 9626 May 16 02:49 check.c -rw-r--r-- 1 bu bu 18009 May 16 02:49 gpl.txt -rw------- 1 bu bu 10180 May 16 16:57 lacheck.tar.gz % ---dump--- It builds fine on both FreeBSD 4.x and FreeBSD 5.x. You said it has millions of style bugs. Indeed. It is *not a program*, it is *snippet* who's functions are going to be used inside a large-scale anti-spam project, placed in ANSI-C header files and modularized. Obviously there's no doc for code snippet as this is not intended to be a 'real public release' for God's sake, it's *snipper*, I just thought it may be usefull for someone who knows how to use code. As for docs, well yes, it's gonna have docs, but I doubt I'll write docs for a snippet till I add some more code and clean it up.As you can easely see the homepage of the project has no code released. And yes, the snippet is for the hackers. Though I don't think one has to be a hacker to use it, if he wants. Can be adjusted to anything he/she likes. The comments around the functions are written at different times, for private-circle purposes, and they served well. -- Alin-Adrian Anton Reversed Hell Networks GPG keyID 0x1E2FFF2E (2963 0C11 1AF1 96F6 0030 6EE9 D323 639D 1E2F FF2E) gpg --keyserver pgp.mit.edu --recv-keys 1E2FFF2E