Re: learn procmail and quit whining already (was Re: Debian lists and Cc'ing people in replies in addition to the list)
* On Wed, Aug 22, 2001 at 01:54:48PM -0400, Colin Walters wrote:
> Louis-David Mitterrand <vindex@apartia.org> writes:
>
> > 3) you have the option of having a separate dupe cache for each mailing
> > list:
> >
> > :0 Whc: msgid.lock
> > | formail -D 8192 msgid.$LIST
>
> You do realize this creates a fairly easy way for people to abuse your
> filter? If an attacker can predict the Message-ID of an email someone
> is going to send to you, then they can easily send you a message with
> that Message-ID, and your filter will happily delete their mail when
> it arrives, and you will be none the wiser. Many people's Message-IDs
> are fairly easy to predict.
Bid deal. I only dupe-filter on list mail, not personal mail.
I'm not sure that correspondence is really worth a hacker's time and
effort.
Furthermore you don't have to throw away dupes, you can store them for
later perusal, just to make sure no strange pattern emerges.
--
HIPPOLYTE: Nous prendrons à témoin le Dieu qu'on y révère ;
Nous le prîrons tous deux de nous servir de père.
(Phèdre, J-B Racine, acte 5, scène 1)
Reply to: