On Fri, 2010-05-28 at 14:55 -0700, John Hardin wrote:
> On Fri, 28 May 2010, Karsten Bräckelmann wrote:
> > Err, unless I am terribly mistaken and didn't interpret the docs
> > correctly (too lazy to test) -- SA always uses any textual part.
> >
> > That includes plain text and HTML "attached" to the message. It's just
> > another MIME part anyway.
"[...] is the textual parts of the message body; any non-text MIME
parts are stripped [...]" -- M::SA::Conf
However, I just was about to prove this, when I noticed you're right
about them lying about the MIME type. :-(
Content-Type: application/octet-stream; name="foo.txt"
The MUA happily will show the attached text based on the file name
extension, but the bloody Content-Type prevents SA from treating it as a
textual part of the message. Boo!
This now is known as bug 6439.
On the other hand, this doesn't prevent even this type of 419 scams to
sneak through here. Not even close.
> Nope. It doesn't. Especially if the spammer lies about the MIME type.
Yes, it does. *Unless* the spammer lies about the MIME type.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
