Re: [OT] Re: ATTACK TO MY SYSTEM

[Jörn Engel]

On Wed, 24 September 2003 10:46:16 +0200, Willy Tarreau wrote:
> On Wed, Sep 24, 2003 at 08:40:35AM +0100, John Bradford wrote:
>  
> > RFC 822, section 3.4.7, makes clear that case is _not_ significant for
> > these field names.  RFC 2822 doesn't change this.
> 
> Sorry John about the mis-information. Of course case is not significant,
> otherwise we would simply not receive these mails. I should have said
> "common usage" and not "protocols", since I really thought the former
> eventhough I wrote the later.
> 
> > Just because no commonly used E-Mail application seems to generate
> > uppercase field names, how do you know something like a password
> > auto-responder script won't?
> 
> I don't know. It's only an empirical choice based on observations. Many of us
> are more concerned by hundreds of mails a day than risking to get a rare
> false-positive. But I agree, I should have been clearer.
> 
> I have nearly the same .procmailrc as the one Joern Engel proposed :
> 
>   :0 D
>   * ^FORM:
>   spam/swen
> 
> And I too agree that I have 0% false positive so far. But just like any filter,
> use at your own risk...

All right, let's do this on-list *once* before the already off-topic
thread spreads too far.

o Filtering by all-uppercase subject, etc. if effective for swen.
o This filter has produces 0% false positives *so far*.
o This filter, just like any filter, can produce false positives.
o Anyone using filters without checking for false positives it at his
  and her own mercy.  Tough luck, deal with it.

EOT.

Jörn

-- 
A defeated army first battles and then seeks victory.
-- Sun Tzu
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/