-------- Original-Nachricht -------- > Datum: Mon, 30 Nov 2009 11:09:33 -0200 > Von: Felipe Szczesny Rout <felipe.r...@al.rs.gov.br> > An: Steve <steeeeev...@gmx.net> > CC: dspam-user@lists.sourceforge.net > Betreff: Re: [Dspam-user] Dspam 3.9.0b4 Segmentation Fault
> I found a notice in README about msgtags... > > "Signed messages will not be tagged in this fashion" > > Does this means if I have dspam signature in mail's body I can't use > this feature ? > No! It just means that if the content of the message is signed then this method will not add the msgtags to the signed content since that would break the validity of the signed content. Just a bunch of examples to illustrate on which messages DSPAM will NOT add the msgtags: Content-Type: multipart/signed; micalg=PGP-SHA1; Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; No solution that is properly implemented would touch singed messages. Tampering singed messages is evil, evil, evil and should not be done since tampering the signed message is breaking the signed content and renders the purpose of singing the content useless. I hope you understand that? Maybe another example? Message coming from internet has following content: ----- Hallo Felipe ----- The SHA1 sum (I use here a sum instead of a signature but I think you understand what I mean) for that would be: c838fd1fabc19cc141672a4349182c899cd7cab9 Now if DSPAM would add "checked with DSPAM" to this content then the message would be: ----- Hallo Felipe checked with DSPAM ----- And the new SHA1 sum would be: 1c55683c10e5469ab130dc3a24bd5bca141fceac So now if an application is trying to validate that original mail it will look and see: c838fd1fabc19cc141672a4349182c899cd7cab9 is not equal 1c55683c10e5469ab130dc3a24bd5bca141fceac BIG ALARM! Original mail is changed! It's not valid any more! Imagine your Bank is sending you something that they digitally sign and DSPAM is going to break that mail... how useful would DSPAM then be? If I would evaluate DSPAM and it would tamper with signed messages then I would be the first one to kick DSPAM out. // Steve > > > > Em Sex, 2009-11-27 às 19:41 +0100, Steve escreveu: > > -------- Original-Nachricht -------- > > > Datum: Fri, 27 Nov 2009 16:28:38 -0200 > > > Von: Felipe Szczesny Rout <felipe.r...@al.rs.gov.br> > > > An: Steve <steeeeev...@gmx.net> > > > CC: dspam-user@lists.sourceforge.net > > > Betreff: Re: [Dspam-user] Dspam 3.9.0b4 Segmentation Fault > > > > > Em Sex, 2009-11-27 às 18:26 +0100, Steve escreveu: > > > > -------- Original-Nachricht -------- > > > > > Datum: Fri, 27 Nov 2009 17:08:19 +0000 > > > > > Von: Paul Cockings <ds...@cytringan.co.uk> > > > > > An: dspam-user@lists.sourceforge.net > > > > > Betreff: Re: [Dspam-user] Dspam 3.9.0b4 Segmentation Fault > > > > > > > > > Paul Cockings wrote: > > > > > > Felipe Szczesny Rout wrote: > > > > > >> At this point I need to inform you that I appended a few lines > in > > > > > >> dspam.c code to add some strings in the end of e-mail. > > > > > > That's the great thing about opensource - you can change and > modify > > > > > > how you wish. I think we need to either confirm that your > version > > > > > > only has this one edit by building from source and then checksum > > > each > > > > > > file? or maybe to install the unmodified source and see if it > > > changes? > > > > > > I doubt this simple change has caused any problem, but you know > that > > > > > > we have to rule this out ;-) > > > > > > > > > > What do you add to the end of the message? Is there any reason why > you > > > don't use msgtag.nonspam/msgtag.spam? > > > > > > :-( > > > > > > Oh, I just dind't notice this option until now. How stupid I was. My > > > hope was this could be something new in 3.9.0 but a search in google > > > show me that is an old feature. I'm really shamed. > > > > > You should read the documentation! It's a shame we don't have a > ultra-giga-super-duper documentation but that what we have is still not read > by the > DSPAM users. That is a even bigger shame :) > > > > > > > Well, at a first sight seems to me there is no reason don't use it. > > > > > Okay. > > > > > > > Ok, first thing to do now is to use the original code and wait some > time > > > to see it's behavior. > > > > > If you can then check out from GIT. BETA4 is okay but we have fixed some > stuff in the mean time and since you are anyway testing then why not go > ahead and checkout from GIT? > > > > > > > Sorry to make you waste your time. > > > > > You own me a coffee drink should I ever see you :) > > > > > > // Steve > > > > > > > > > > > > > > > > > > > > > > Do you have anything else running on box? does the VM have > enough > > > > > > resources etc? Anything else eating cpu time, disk IO? > > > > > > Would you be about to compress the VM up and let us one of the > > > project > > > > > > admins take a look? > > > > > > > > > > > > It sure would be good to re-pass that email through dspam over > and > > > > > > over and see if it crashes.... > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > > Let Crystal Reports handle the reporting - Free Crystal Reports > 2008 > > > > > 30-Day > > > > > trial. Simplify your report design, integration and deployment - > and > > > focus > > > > > on > > > > > what you do best, core application coding. Discover what's new > with > > > > > Crystal Reports now. http://p.sf.net/sfu/bobj-july > > > > > > > > > > Dspam-user mailing list > > > > > Dspam-user@lists.sourceforge.net > > > > > https://lists.sourceforge.net/lists/listinfo/dspam-user > > > > > > > > -- > > GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! > > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 > > > > > ------------------------------------------------------------------------------ > > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > 30-Day > > trial. Simplify your report design, integration and deployment - and > focus on > > what you do best, core application coding. Discover what's new with > > Crystal Reports now. http://p.sf.net/sfu/bobj-july > > > > Dspam-user mailing list > > Dspam-user@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/dspam-user > > > > !DSPAM:1,4b10212c141221046199860! > > > > > > > > > ------------------------------------------------------------------------------------ > > Caro usuário: > > * Se este e-mail não foi corretamente classificado como spam, encaminhe > para s...@dspam.al.rs.gov.br ou apenas Spam. > > * Se este e-mail foi erroneamente classificado como spam, encaminhe para > nots...@dspam.al.rs.gov.br ou apenas Inocente. > > > > -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
