volks,
thought I would use this opportunity to point out a few of
the basics about SMTP - and that I like Mail::Mailer for most
of the core simplifications it offers.... but it will not rescue
you from your obligations as a coder.... The hackers already know
more about SMTP - and so this is for the FNG's who have never been
on the 'server side' of the build....
On Sunday, May 19, 2002, at 04:38 , Geoffrey F. Green wrote:
> On 5/18/02 2:37 PM, "drieux" <[EMAIL PROTECTED]> wrote:
>> On Saturday, May 18, 2002, at 07:53 , Geoffrey F. Green wrote:
>> [..]
>>> my %headers = (
>>> From => '[EMAIL PROTECTED]>',
>> ---------------------------------------------^
>> why only one of these?
>
> eh? One of what?
notice the form here -
my $user = 'geoff-public';
my $domain = 'stuebegreen.com';
my $brokenHeader = '[EMAIL PROTECTED]>'
$_ = $brokenHeader
s/$user\@$domain//;
print "we have left :$_:\n";
$_ = $brokenHeader;
my ( $inDom ) = ($1) if ( m/\@(.*)/);
if ( $inDom ne $domain ) {
print "HACK ATTACK - Incoming domain Skank not ours\n";
print "expected :$domain:, got :$inDom:\n";
}
{ this is WAY CHEESY - and not what you should do to protect against
spam relay issues.... but it will help show the minor detail in
the problem with that header...}
{ check out sourceforge for the nms drop in to replace FormMail. }
remember it is the 'From' line that is used to 'bounce mail'
back to the user if anything else is broken in the process -
so it HAS to be correct. It will also be deconstructed to
see if a valid 'domain side' can be compared for ....
{ depending upon the level of Fascism your PostPerKin has
imposed about 'mail relay'. depending upon the level of
technical competence - they will also reject if they can
not resolve that domain correctly - to prevent spamination... }
{ the depressing part is that there are so few competent types
left who can DO a pretty email forgery any more.... }
back to that header structure:
my %headers = (
From => '[EMAIL PROTECTED]',
To => 'The Great DrieuxNeff <[EMAIL PROTECTED]>',
Subject => 'The Skank of It All',
'Return-Path' => '[EMAIL PROTECTED]',
'X-Clue' => 'That Secret line in the Header',
'X-Mailer' => 'drieuxIshMailer[v0.01]' );
I rigged that precisely so that I would be able to track it.
since I know also that jeeves.wetware.com will NOT be collecting
any email - but that it will get through the inside the domain filters.
In this case it also has the 'TO' line going to that COOOL new style
email - and notice that the actual address is nested inside of the
"<"addr">" construction....
if you plan to DO those silly email addressing games - then you
really DO want to make sure that you validate BOTH address lines
before you blow them out the door...
{ I'm an RFC822 diehard! like GOD intended - and none of this
liberal RFC2822 - except when I need a few things from it....}
{ there are several modules - visit oreilly, download the emailopt
demo code from mastering regular expressions - learn to do that right. }
note: those 'X-foo' are things we stuff into the mail header...
hence are not seen in those mail readers that only show 'default'
email headers... but if you can do 'show all headers' you would see:
### ##From: [EMAIL PROTECTED]
### Date: Sun May 19, 2002 06:26:13 US/Pacific
### To: The Great DrieuxNeff <[EMAIL PROTECTED]>
### Subject: The Skank of It All
### Return-Path: <[EMAIL PROTECTED]>
.....[junk cut for space - note it sets a return path...]
### Message-Id: <[EMAIL PROTECTED]>
### X-Clue: That Secret line in the Header
### X-Mailer: Mail::Mailer[v1.44] Net::SMTP[v2.22]
###
and you will notice that this will NOT allow you to overWrite what
is in the X-mailer or the Return-Path - but if you understand how
to dig in a sub_class on your own - then you could get around that....
but why then are you using Mail::Mailer???
>> [..]
> BTW, drieux, I cut-and-pasted your script and it didn't work on my
> machine.
how do you connect to your mail server to read this email????
is this a dial-up??? a ppp??? what?
you will notice from the header that it does what is the classic
in the header of doing an ID of who be the MUA to the MTA...
## X-Mailer: Mail::Mailer[v1.44] Net::SMTP[v2.22]
so stepping down and playing in the Net::SMTP module would be
the next round... unless your mail server...
Unless of course your ISP has some ORTHODOXY about which
X-Mailer's it considers 'spammers' - since let us be honest
here happy kampfrs - we write to Mail::Mailer to be spammers,
either intentionally - or by OH THAT BUG....
{ which we all know is a STOOPID solution, since we of
course can hand craft that line appropriately to mimic
orthodox mailers... but... some folks just don't get that
SMTP is not god's most robust protocol.... }
get with me back channel if I can be of assistance.
ciao
drieux
---
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
