[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: Heuristics are not security
From:       wietse () porcupine ! org (Wietse Venema)
Date:       2014-02-24 18:26:02
Message-ID: 3fXsCv09nhzjymr () spike ! porcupine ! org
[Download RAW message or body]

Dirk St?cker:
> On Mon, 24 Feb 2014, Wietse Venema wrote:
> 
> > The absence of observed variation does not mean nothing of relevance
> > has changed, and the presence of benign observed changes drowns out
> > the malicious ones, assuming that the malicious party is stupid
> > enough to reveal itself.
> 
> Well, if the only output of the software is what it is now, the bad guys 
> don't actually need to do anything to hide.

Postfix already logs enough to expose bad guys that don't try to
hide.  For example, the Postfix SMTP client logs the recipient
domain, the remote server IP address and hostname, as well as the
connection setup time, data transfer time, etcetera. Just collect
data over a longer time and look for anomalous changes.

Postfix could log some more information about TLS, and we're looking
into that. Postfix can provide you with more information to shoot
yourself into the foot, but it does not have to provide the weapon.

	Wietse
[prev in list] [next in list] [prev in thread] [next in thread]