And you are using the standard Plan 9 mail system, I presume? I
don't, since I don't have an internet connection to Plan 9 at the
moment (my emails are sent via Mac OS X).
A few days with Plan 9 and I've seen other security problems not
related to email:
1) rc: the value of $path is (. /bin). It is a classic case not to
have . as the first directory when searching for programs - it allows
Trojan horses to form.
2) auth server: why do we need one for passwords anyways if we run on
a desktop computer? I don't know how to set one up, but I'd just like
to set a password without an error spitting back at me when I type
"passwd".
On Oct 26, 2007, at 10:51 PM, [EMAIL PROTECTED] wrote:
Hello,
I receive many SPAMS everyday.
Most of them are from IP based dynamic FQDN.
Therefore detecting SPAM from FQDN is effective.
Almost all mails from IP based dynamic FQDN are SPAM.
However there are few important exceptions:
we have needs to send mails to users of our smtp host from
somewhere using DHCP.
Plan 9 smtp server supports SMTP-AUTH so that legitimate users are
allowed to transfer their mails to other smtp server.
We can also send mails to users of our smtp host using SMTP-AUTH.
However the information(the fact the mail is authenticated) is
discarded in delivering mails to mbox. Therefore these mails are
confused with SPAM.
I think it is worthwhile to put a tag something like:
X-Authenticated-User: alice
following "Received: from ..."
in case that the mail is authenticated by alice.
Kenji Arisawa
