Auto-mail filters and penet-remiler loophole?
Hm. Seems someone sent a message to my frienly-mailer filter using penet remailer. So of course that person will get an anonymized reply, thus being able to know what my anon-id there is. Fortunetly I don't use penet or rely on it for any form of security. That's one situation where it would be nice to specify in a line somewhere *not* to anonymize mail sent through there (a command in header saying X-Do-Not-Anonymize maybe?) Rob.
-----BEGIN PGP SIGNED MESSAGE----- On Sun, 23 Jun 1996, Deranged Mutant wrote:
Hm.
Seems someone sent a message to my frienly-mailer filter using penet remailer. So of course that person will get an anonymized reply, thus being able to know what my anon-id there is.
Fortunetly I don't use penet or rely on it for any form of security.
That's one situation where it would be nice to specify in a line somewhere *not* to anonymize mail sent through there (a command in header saying X-Do-Not-Anonymize maybe?)
Non-anonymous mail can already be sent through penet by sending the message to na[anon id] instead of an[anon id]. The problem you describe with your mail filter also exists for mailing lists and other instances where a person obliviously sends e-mail to an anonymous id. Unfortunately, other double-blind, pseudonymous remailers have the same problem. The only way to solve the problem is to not have remailers enable a double-blind by default (or conversely, have all mail programs rearrange the address so the reply is sent non-anonymously). - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm@voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "In Christianity neither morality nor religion come into contact with reality at any point." -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMc3kJ7Zc+sv5siulAQHm+QP/XhK9YdV2uSbady21ekMe4j//YzDDR32w fvwwgZntjCQ7mP9thJzMxIziZ+RlA/DiXFf7A+eUieF+Tqbn4gyCh2/InQWrwssK l7Qh5ZC9OuSCJZnbwlCi+G/XfLAO+OdskoiTkW3YYlz2YO5KRAKhCBJwzIDPiWNh AIrN19vyI9k= =gyEu -----END PGP SIGNATURE-----
Hasn't anyone here heard of penet's password system? or does your autoresponder automatically insert your penet password into all your autoresponses??? Even if you only got your penet account on accident, you could at least read the documentation on it. Don -- <don@cs.byu.edu> http://students.cs.byu.edu/~don PGP 0x994B8F39 fRee cRyPTo! Linux was made by foreign terrorists to take money from true US companies like Microsoft." -Some AOL'er. "To this end we dedicate ourselves..." -Don ** This user insured by the Smith, Wesson, & Zimmermann insurance company **
On Sun, 23 Jun 1996, Deranged Mutant wrote:
Date: Sun, 23 Jun 1996 16:49:07 +0000
Seems someone sent a message to my frienly-mailer filter using penet
If you are using procmail, then what you want is a recipes at the begining like this: LOG=penet$NL :1hW: ^From.*.penet.fi .mailbox/penet Respond to the penet.fi messages as you wish. Alternatively, you can just send the message to /dev/null That recipe hasn't been tested, so it may need some tweeking on it. xan jonathon grafolog@netcom.com NETCOM --- when only the worst in internet service will suffice.
participants (4)
-
Deranged Mutant -
Don -
jonathon -
Mark M.