mavior wrote:
>> To further expand on this. It appears that this technique does not
>> "bypass" their filters, but gives the message a much higher likelyhood
>> of passing them only.
>>
> Like I said before, mails sent through Outlook express pass and don't
> need those overhead at all!
> So i have no time to test now but analyzing some outlook express sent
> header could give more information on this.Even though, like someone
> said above, add outlook signature and headers could be potential risk.
I don't have access to Outlook Express here "unfortunately". At a guess,
OE headers are a point scorer rather than a free pass though.
>> hotmail:
>> driver = dnslookup
>> domains = hotmail.com : hotmail.co.uk : hotmail.fr : hotmail.it :
>> hotmail.de
>> condition = ${if or{\
>> {match{$h_References:}{\N^<[EMAIL PROTECTED]>$\N}}\
>> {match{$h_In-Reply-To:}{\N^<[EMAIL PROTECTED]>$\N}}\
>> }{false}{true}}
>> transport = remote_smtp
>> headers_add = ${readfile{/etc/exim4/hotmail_fodder.txt}}
>> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>> no_more
>>
>> The differences:
>>
>> 1.) There are more hotmail domains
>> 2.) It doesn't execute if there are hotmail References or In-Reply-To
>> headers as the mail will get through anyway
>> 3.) Instead of calling the perl exe to generate the headers, stick them
>> in a file and use readfile
>>
>> hotmail_fodder.txt contains the following:
>>
>> References: <[EMAIL PROTECTED]>
>> In-Reply-To: <[EMAIL PROTECTED]>
>>
>> Followed by about 500 lines of these headers:
>>
>> X-Hotmail-Fodder:
>> 0000000000000000000000000000000000000000000000000000000000000000000000000000000000
>>
>> Mike
>>
>>
> Two questions: the file should be filled with about 450/500 of this line
>
> X-Hotmail-Fodder:
> 0000000000000000000000000000000000000000000000000000000000000000000000000000000000
> ??
To be honest. The figure I came up with was just me randomly testing on
about 20/30 emails, so is rather arbitrary. I couldn't tell you what a
safe number is without considerably more testing, and even then it could
change as hotmail adjust their filtering (if they do). I just said 500
because it felt like a good safe level to me and that's what I'm
personally using. The header content is irrelevant it seems, it's purely
down to the message size. >50KB seemed like a good level.
> And what is
> phx.gbl?
>
> thank you very much for this
I've no idea. I was simply replicating what a reply to an email sent
from hotmail looks like. Create a hotmail account and email yourself and
then take a look at the Message-ID. That's what I was spoofing.
Mike
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
