Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] S/MIME and PGP signed, crypted or both message whitelisting

2009-01-29 by Christian PELISSIER

Le jeu. 29/01/2009 \ufffd 14:51, Michael Menge a \ufffdcrit :
> Quoting Christian PELISSIER <Christian.Pelissier@...>:
> 
> >
> > Is it possible for milter-greylist to skip greylisting for S/MIME or PGP
> > signed, signed/crypted messages ?
> >
> >
> > If not, implementation seems to be easy and could be done at the milter
> > header stage. Checking the Content-Type header seems to be sufficient :
> >
> No, the milter header stage does not include the mail header. See
> http://www.ietf.org/rfc/rfc2821.txt 3.3
> So only IP, HELO/EHLO message, MAIL FROM and RCPT are known before
> data stage.

Sorry. The data stage I was speaking about was not the SMTP one and I
should have to write "the milter header stage".

A few years ago (I hope it's always true) milter split the SMTP DATA
stage in 3 milter callback :

1 mlfi_header : we enter here with the main headers part and leave with
mlfi_eoh
2 mlfi_eoh    : we enter here after the first void line after the main
headers part
3 mlfi_body   : we enter here after mlfi_eoh (other multipart header and
message body or only message body depending off attachement.

If the mail is already whitelisted no need to proceed this check if the
greylist decision is to delay then read ~ 20 lines of headers to give a
new chance to whitelist immediatly :



sfsistat mlfi_header( SMFICTX *ctx, char *headerf, char *headerv )
....
if ( strncasecmp(headerf, "Content-Type", 12) == 0 )
{
    if ( strncasecmp(headerv, "multipart/signed;", 16) == 0 )
    {
            FLAG TO ACCEPT MAIL
    }
        if ( strncasecmp(headerv, "multipart/encrypted;", 20) == 0 )
    {
            FLAG ACCEPT MAIL
    }
   
} else

    FLAG TO REJECT
...


Yes headers other than the first "Received:" are easy to forge, but for
the moment spammers don't waste time to add a forged  S/MIME or PGP
header. So it could be a way to avoid delay for S/MIME and PGP mail
until ...



> 
> You can pares the mailtext in data stage with regular expressions,
> but this is more recoure consuming and as said by Kai Sch\ufffdtzl these
> headers can be forged.
> 
> 
> 
> 
> --------------------------------------------------------------------------------
> M.Menge                                Tel.: (49) 7071/29-70316
> Universit\ufffdt T\ufffdbingen                   Fax.: (49) 7071/29-5912
> Zentrum f\ufffdr Datenverarbeitung          mail:  
> michael.menge@...-tuebingen.de
> W\ufffdchterstra\ufffde 76
> 72074 T\ufffdbingen
-- 
Christian P\ufffdlissier
Office National d'\ufffdtudes et de Recherches A\ufffdrospatiales
BP 72 92322 Chatillon
Tel: 33 1 46 73 44 19, Fax: 33 1 46 73 41 50

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.