On Wed, 7 Jan 2009, Murray S. Kucherawy wrote: > The specific instance of this that has been observed is as follows: > > a) no use of "-C" on the command line > b) no "On-*" directives in the configuration file (or no configuration file) > c) a Sender: header with an address whose domain is in the list of domains > to sign > d) no From: header on the message
Forgot one: e) all other signing criteria are met (MTA name matches, macros match, source is on the "internal" list, etc.) That is, one cannot craft a message from outside and send it inbound and expect the filter to crash, i.e. it's not exploitable from outside. ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB _______________________________________________ dkim-milter-discuss mailing list dkim-milter-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss