You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Andrew Donkin <ar...@waikato.ac.nz> on 2006/01/19 00:19:29 UTC
Making the hashcash plugin more useful.
I think it is a crying shame that every SpamAssassin installation is a
tiny step away from taking advantage of hashcash headers, but nothing
is prompting mail admins to take that step. We could do it for them.
I sent this to spamassassin-users a while ago, but I think it was the
wrong audience. Please read on:
A while ago the hashcash list was lamenting the lack of support in
transfer agents. They are stuck in a chicken and egg situation where
no user agents will add hashcash headers because no spam checkers are
looking for them.
I think we could bootstrap that process very easily with a simple
addition to SA.
Configuring my own SA setup to benefit from hashcash headers was as
simple as adding "hashcash_accept %u@waikato.ac.nz". Voila, instant
potential benefit. Zero actual benefit, since nobody is adding
hashcash headers to their outgoing email, but that's a whole new
crusade.
I think SA distributions should contain a comment block in
"rules/local.cf" along the lines of:
# If you use the Hashcash plugin, uncomment this and change it
# to suit your domain:
#
# hashcash_accept %u@YOUR_EMAIL_DOMAIN
Better still, the Hashcash plugin could determine the domain
algorithmically, and use it in the absence of any other
hashcash_accept configuration. Schemes for doing that based on the
hostname are all half-baked and non-portable, involving trimming
components off the host's DNS domain, but just about anything is
better than nothing.
How about this: use the last three components of the DNS domain if the
last component has two letters, otherwise use the last two components.
Prefix that with %u@(?:.*\.)?
At worst, it will cause the plugin to accept hashcash payments
computed for an address with the correct username but at the wrong
domain. Hashcash's double-spend protection will prevent the same
payment working twice, so I don't see this as much of a loophole.
What do you think? At the very least, I would like to see a comment
in local.cf or init.pre. I see no reason not to. It is a shame to
see so many SA installations a tiny, tiny step away from taking
advantage of hashcash.
Here are some minor points for Perl programmers and pedants:
- I actually use ^%u@.*waikato.ac.nz$". I think the hashcash plugin
should anchor the pattern at both ends.
- More paranoid sites, or those inside .com which is easily polluted,
should use "^%u@(?:.*\.)?theirdomain.com$" or just
"^%u@theirdomain.com$"
--
_________________________________________________________________________
Andrew Donkin Waikato University, Hamilton, New Zealand
Re: Making the hashcash plugin more useful.
Posted by Tony Finch <do...@dotat.at>.
On Thu, 19 Jan 2006, Andrew Donkin wrote:
>
> I think it is a crying shame that every SpamAssassin installation is a
> tiny step away from taking advantage of hashcash headers, but nothing
> is prompting mail admins to take that step.
Hashcash is useless in the presence of large zombie armies.
Tony.
--
f.a.n.finch <do...@dotat.at> http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
GOOD.