'CVS: tmda/bin ChangeLog,1.108,1.109 tmda-filter,1.82,1.83'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tmda-cvs
Subject:    CVS: tmda/bin ChangeLog,1.108,1.109 tmda-filter,1.82,1.83
From:       "Jason R. Mastaler" <jasonrm () users ! sourceforge ! net>
Date:       2001-11-27 0:27:19
[Download RAW message or body]

Update of /cvsroot/tmda/tmda/bin
In directory usw-pr-cvs1:/tmp/cvs-serv23562/bin

Modified Files:
	ChangeLog tmda-filter 
Log Message:
Change verify_confirm_cookie to bounce rather than confirm messages
with malformed confirmation cookies.  There is no legitimate reason
for someone to send to such an address.  This prevents blacklisted
senders from getting messages through by sending to jason-confirm-foo
and then replying to the subsequent confirmation message.


Index: ChangeLog
===================================================================
RCS file: /cvsroot/tmda/tmda/bin/ChangeLog,v
retrieving revision 1.108
retrieving revision 1.109
diff -u -r1.108 -r1.109
--- ChangeLog	2001/11/27 00:06:38	1.108
+++ ChangeLog	2001/11/27 00:27:17	1.109
@@ -5,6 +5,9 @@
 	filter's rules might prevent the confirmation acceptance messages
 	from getting through.
 
+	(verify_confirm_cookie): Bounce rather than confirm bogus
+	confirmation cookies.
+
 2001-11-19  Jason R. Mastaler  <jasonrm@nightshade.la.mastaler.com>
 
 	* tmda-inject (usage): Added `-M', `--filter-match' command-line

Index: tmda-filter
===================================================================
RCS file: /cvsroot/tmda/tmda/bin/tmda-filter,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -r1.82 -r1.83
--- tmda-filter	2001/11/27 00:06:38	1.82
+++ tmda-filter	2001/11/27 00:27:17	1.83
@@ -332,7 +332,9 @@
         (confirm_action, confirm_timestamp,
          confirm_pid, confirm_hmac) = string.split(confirm_cookie,'.')
     except ValueError:
-        bouncegen('request')
+        logit("BOUNCE invalid_confirmation_address",time.time())
+        print("Sorry, this confirmation address is invalid.")
+        mta.bounce()
     # pre-confirmation
     if confirm_action == 'accept':
         new_confirm_hmac = Cookie.confirmationmac(confirm_timestamp,

_______________________________________________
tmda-cvs mailing list
http://libertine.org/lists/listinfo/tmda-cvs

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic