[prev in list] [next in list] [prev in thread] [next in thread]
List: tmda-cvs
Subject: CVS: tmda/bin ChangeLog,1.108,1.109 tmda-filter,1.82,1.83
From: "Jason R. Mastaler" <jasonrm () users ! sourceforge ! net>
Date: 2001-11-27 0:27:19
[Download RAW message or body]
Update of /cvsroot/tmda/tmda/bin
In directory usw-pr-cvs1:/tmp/cvs-serv23562/bin
Modified Files:
ChangeLog tmda-filter
Log Message:
Change verify_confirm_cookie to bounce rather than confirm messages
with malformed confirmation cookies. There is no legitimate reason
for someone to send to such an address. This prevents blacklisted
senders from getting messages through by sending to jason-confirm-foo
and then replying to the subsequent confirmation message.
Index: ChangeLog
===================================================================
RCS file: /cvsroot/tmda/tmda/bin/ChangeLog,v
retrieving revision 1.108
retrieving revision 1.109
diff -u -r1.108 -r1.109
--- ChangeLog 2001/11/27 00:06:38 1.108
+++ ChangeLog 2001/11/27 00:27:17 1.109
@@ -5,6 +5,9 @@
filter's rules might prevent the confirmation acceptance messages
from getting through.
+ (verify_confirm_cookie): Bounce rather than confirm bogus
+ confirmation cookies.
+
2001-11-19 Jason R. Mastaler <jasonrm@nightshade.la.mastaler.com>
* tmda-inject (usage): Added `-M', `--filter-match' command-line
Index: tmda-filter
===================================================================
RCS file: /cvsroot/tmda/tmda/bin/tmda-filter,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -r1.82 -r1.83
--- tmda-filter 2001/11/27 00:06:38 1.82
+++ tmda-filter 2001/11/27 00:27:17 1.83
@@ -332,7 +332,9 @@
(confirm_action, confirm_timestamp,
confirm_pid, confirm_hmac) = string.split(confirm_cookie,'.')
except ValueError:
- bouncegen('request')
+ logit("BOUNCE invalid_confirmation_address",time.time())
+ print("Sorry, this confirmation address is invalid.")
+ mta.bounce()
# pre-confirmation
if confirm_action == 'accept':
new_confirm_hmac = Cookie.confirmationmac(confirm_timestamp,
_______________________________________________
tmda-cvs mailing list
http://libertine.org/lists/listinfo/tmda-cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic