On 2023-01-23 at 09:53 +0100, Alessandro Vesely wrote:
> On Sun 22/Jan/2023 23:23:06 +0100 Ángel wrote:
> > I should note that the user-is-in-bcc approach could be helpful wrt
> > dkim-replay attacks, since the attacker-controlled account they
> > used to
> > receive the dkim-signed spam mail
Dňa 23. 1. o 9:43 Alessandro Vesely via mailop napísal(a):
On Sun 22/Jan/2023 19:28:22 +0100 Slavko via mailop wrote:
Cron jobs and another plethora of tools use email as an extra logging
mechanism. How could one distinguish that from "abusive" senders?
Cron sends email viac exim's (aka
On Sun 22/Jan/2023 23:23:06 +0100 Ángel via mailop wrote:
On 2023-01-18 at 16:52 -0800, Brandon Long wrote:
Note that Gmail implements https://www.rfc-editor.org/rfc/rfc5322#section-3.6.3
option 2, notably:
In the second
attac case, recipients specified in the "To:" and "Cc:" lines each
On Sun 22/Jan/2023 19:28:22 +0100 Slavko via mailop wrote:
Dňa 22. januára 2023 13:11:44 UTC používateľ Alessandro Vesely via mailop
napísal:
I don't know how other MTA/MSA, but in exim that "relaying" from
localhost must be explicitly configured (AFAIK it is in default/example
config, at
It appears that Bill Cole via mailop
said:
>Usually a command-line MUA on a POSIX system will use the local
>'sendmail' implementation, which may be the "real" Sendmail or may be an
>alternative such as that provided by Postfix, which directly injects
>messages into a local mail queue rather
On 2023-01-18 at 16:52 -0800, Brandon Long wrote:
> Note that Gmail implements
> https://www.rfc-editor.org/rfc/rfc5322#section-3.6.3 option 2, notably:
>In the second
> attac case, recipients specified in the "To:" and "Cc:" lines each are sent
>a copy of the message with the "Bcc:"
Dňa 22. januára 2023 13:11:44 UTC používateľ Alessandro Vesely via mailop
napísal:
>Are classic command line tools à la mailx considered MUAs?
Are you asking me?
Both, the RFC 5068 and RFC 6409, defines MUA in similar way (with slighty
different words):
+ RFC 5068:
Mail User Agent
On 2023-01-22 at 08:11:44 UTC-0500 (Sun, 22 Jan 2023 14:11:44 +0100)
Alessandro Vesely via mailop
is rumored to have said:
Are classic command line tools à la mailx considered MUAs?
Yes.
They typically send to local port 25, which accepts relaying from all
local users.
Not so much.
On Sun 22/Jan/2023 12:02:26 +0100 Slavko via mailop wrote:
Dňa 21 Jan 2023 13:22:09 -0500 John R Levine via mailop napísal:
Sorry, but I have no idea what model you are talking about. MUAs
invariably send mail to the MSA over an authenticated channel, and I
have never seen an MUA sign a
Ahoj,
Dňa 21 Jan 2023 13:22:09 -0500 John R Levine via mailop
napísal:
> Sorry, but I have no idea what model you are talking about. MUAs
> invariably send mail to the MSA over an authenticated channel, and I
> have never seen an MUA sign a message's headers.
That depends on what you
On Fri 20/Jan/2023 17:14:42 +0100 John R Levine via mailop wrote:
On Fri, 20 Jan 2023, Alessandro Vesely wrote:
RFC 5322 sec 3.6.3 says what to do. It says you can remove the bcc
completely at submission time, or do what Gmail does and leave it in
for the copies sent to the bcc recipients.
It appears that Michael Peddemors via mailop said:
>But looking through the RFC's there are no clear guidelines of an MTA's
>responsibility in this regard.
RFC 5322 sec 3.6.3 says what to do. It says you can remove the bcc
completely at submission time, or do what Gmail does and leave it in
for
On Wed, Jan 18, 2023 at 6:35 PM Michael Peddemors via mailop <
mailop@mailop.org> wrote:
> Thanks Brandon,
>
> for the quick response, and of course can confirm in those cases there
> is no To or Cc recipients in that email, however we have a hard time
> telling if this is a broken script kiddie
For incoming mail, if you see only spam with bcc set in the clear, reject
it.Maybe make exception for hosts that you know is problematic, and just strip
the bcc header.For outgoing mail, strip the header instead of rejecting.(in the
same way I strip the Date header off every outgoing and
Note that Gmail implements
https://www.rfc-editor.org/rfc/rfc5322#section-3.6.3 option 2, notably:
In the second
case, recipients specified in the "To:" and "Cc:" lines each are sent
a copy of the message with the "Bcc:" line removed as above, but the
recipients on the "Bcc:" line get
I think everyone here knows that Bcc, is not meant to be transmitted in
the clear, however what is the role of the MTA in that regard.
DRE: [regex] comparison between list entry (Bcc:
lynn...@watervalley.net?) and
[^Message-ID\:\s\<[^\@]*\@mail\.gmail\.com\>$]; RESULT: [0]
That line
16 matches
Mail list logo