Why strip headers?
Tom Anderson
tanderso at oac-design.com
Sun May 8 14:24:48 CEST 2005
On Sat, 2005-05-07 at 23:22, Ben Finney wrote:
> On 07-May-2005, Ben Finney wrote:
> > configuration option which allows:
> >
> > - discard all X-Foo (same as the current default)
> > - discard all X-Foo and permit the rest
> > - permit some X-Foo and discard the rest
> > - permit all X-Foo (same as using the current s option)
>
> Typo (or cut and paste error). That list should read:
>
> - discard all X-Foo (same as the current default)
Current default: permit all headers
- permit all X-Foo (same as using the current s option)
Current s switch: strip non-standard headers
> - discard some specific X-Foo and permit the rest
This seems dangerous from a security perspective. You always want to
define permissible fields and deny the rest, as you can never guess the
full range of user input. I see no value in defining the set of discard
fields.
> - permit some specific X-Foo and discard the rest
Proposed function: pass in list of allowable header fields in addition
to standard RFC fields, discarding anything not in either of these sets
This is not particularly difficult to implement. In fact, let me do so
quickly now... http://orderamidchaos.com/bogofilter/spamitarium. Try it
out.
Tom
More information about the Bogofilter
mailing list