You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Kenneth Porter <sh...@sewingwitch.com> on 2006/08/25 21:20:32 UTC
Discourage broken content (was: Broken images in mails)
--On Friday, August 25, 2006 12:05 AM -0700 Plenz <pa...@lenz-online.de>
wrote:
> I disagree. To check out what happens I converted a JPG picture into a GIF
> file
> and sent it to myself. One time I converted it with IrfanView and the
> second time with PaintShop Pro. Both GIF files had the result
> "giftopnm: EOF or error reading data portion..." So I produced a corrupt
> (?) image, but it was not spam.
I think we should discourage all broken content in email and on the web.
At one time we could assume that broken content was an honest mistake and
make an attempt at fixing it. But with the rise of malicious content
attempting to exploit bugs in content handlers (like overruns in image
libraries), we should simply reject anything that fails to pass validation,
on the assumption that's it out to get us.
This includes not just broken images but also broken HTML, which is so
commonly used to conceal spam.
We need to stop giving a free pass to broken content creation software just
because it's popular. When someone sends you broken content, you should
react the same way you would if they sent you documents on dirt-smeared
paper. Stop letting your emperor walk around naked.
Re: Discourage broken content (was: Broken images in mails)
Posted by John Andersen <js...@pen.homeip.net>.
On Friday 25 August 2006 11:20, Kenneth Porter wrote:
> We need to stop giving a free pass to broken content creation software just
> because it's popular. When someone sends you broken content, you should
> react the same way you would if they sent you documents on dirt-smeared
> paper. Stop letting your emperor walk around naked.
Actually there is very little broken content IMAGE software out there in any
modern mailer, even microsoft crapware does not break images. The image
corruption is intentional, and may be malicious (not JUST spam).
So I agree with you there.
Broken html is another issue, because there is broken, and there is simply
lame (lazy) html. Which of the several versions of the standards are you
going to impose? The agreed upon standards? or the defacto ones?
--
_____________________________________
John Andersen
Re: Discourage broken content
Posted by jdow <jd...@earthlink.net>.
From: "Kris Deugau" <kd...@vianet.ca>
> John Andersen wrote:
>> Mailscanner
>
> ... or any other mail-handling software...
>
>> has no business changing content.
>
> ... unless you explicitly configure it to do so. (ATTN: AVG for
> Windows POP3/SMTP interface/hook authors, This Means You! Among others.)
Use POP3S. That is MUCH harder to place an AVG man in the middle
rewrite into.
{^_-}
Re: Discourage broken content
Posted by Kris Deugau <kd...@vianet.ca>.
John Andersen wrote:
> Mailscanner
... or any other mail-handling software...
> has no business changing content.
... unless you explicitly configure it to do so. (ATTN: AVG for
Windows POP3/SMTP interface/hook authors, This Means You! Among others.)
-kgd
Re: Discourage broken content
Posted by John Andersen <js...@pen.homeip.net>.
On Friday 25 August 2006 11:24, decoder wrote:
> I've heard that it truncates the mail at 30kb, no matter if that is
> within a MIME block or not... So my plugin gets a broken image..
> though it was not broken originally...
How better to get that fixed than to put them on notice, and
start tagging based on the mere fact that the image is broken.
Mailscanner has no business changing content.
--
_____________________________________
John Andersen
Re: Discourage broken content
Posted by Kenneth Porter <sh...@sewingwitch.com>.
--On Tuesday, August 29, 2006 9:41 AM +0100 Anthony Peacock
<a....@chime.ucl.ac.uk> wrote:
> This issue is currently being discussed on the MailScanner users list,
> under the Subject "Max SpamAssassin Size problems".
Which can be found here:
<http://lists.mailscanner.info/pipermail/mailscanner/
2006-August/thread.html>
Re: Discourage broken content
Posted by Anthony Peacock <a....@chime.ucl.ac.uk>.
Rick Cooper wrote:
>
>> -----Original Message-----
>> From: decoder [mailto:decoder@own-hero.net]
>> Sent: Friday, August 25, 2006 4:23 PM
>> To: Rick Cooper
>> Cc: users@spamassassin.apache.org
>> Subject: Re: Discourage broken content
>>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Rick Cooper wrote:
>>>> -----Original Message----- From: decoder
>>>> [mailto:decoder@own-hero.net] Sent: Friday, August 25, 2006 2:24
>>>> PM To: users@spamassassin.apache.org Subject: Re: Discourage
>>>> broken content
>>>>
>>>>
>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> [...]
>>>> I've heard that it truncates the mail at 30kb, no matter if that
>>>> is within a MIME block or not... So my plugin gets a broken
>>>> image.. though it was not broken originally...
>>>>
>>> That is patently false. I have a graphics design/advertising
>>> department at one of my locations and these fellas send huge
>>> graphics files back and forth when they have emergency
>>> proofs/changes and MailScanner has *never* damaged anything, ever,
>>> anywhere. Now, there is a setting for scanning (much like exiscan
>>> IIRCC) that allows you to truncate the message and only scan xxx
>>> amount, it's optional and doesn't modify the actual message in
>>> anyway.
>>>
>>> Rick
>> I did not say it damages the mail. I said it feds only a given amount
>> of the message to SpamAssassin and THAT breaks plugins requiring the
>> whole message, especially when MailScanner breaks messages in the
>> middle of attachments.
>>
>> And as far as I know, it is the default setting of mailscanner to feed
>> only a given amount of kb to SpamAssassin. That does not mean it
>> truncates the message before delivering it.
>>
>
> My apologies, the way I interpreted the original I thought you were saying
> it truncates the email and breaks they message. I will bring this up on the
> Mailscanner list that the default, given the recent image spams, should be
> disabled so the entire message is sent to spam assassin. Before the current
> spat of image spam you could generally tell within 20k or so if a message
> was spam or not, this is not the case in today's world and the entire
> message really should be fed to SA. I have never used the default setting
> myself.
This issue is currently being discussed on the MailScanner users list,
under the Subject "Max SpamAssassin Size problems".
The size limit is configurable
(http://www.mailscanner.info/MailScanner.conf.5.html#SpamAssassin "Max
SpamAssassin Size), so people can raise the size limit or disable it to
get around this issue at the moment.
There is some concern about removing the limit completely, so the
current discussion is about a scheme that checks ahead for a Mime
boundary within a fixed window after the max size value is reached.
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
"If you have an apple and I have an apple and we exchange apples
then you and I will still each have one apple. But if you have an
idea and I have an idea and we exchange these ideas, then each of us
will have two ideas." -- George Bernard Shaw
RE: Discourage broken content
Posted by Rick Cooper <rc...@dwford.com>.
> -----Original Message-----
> From: decoder [mailto:decoder@own-hero.net]
> Sent: Friday, August 25, 2006 4:23 PM
> To: Rick Cooper
> Cc: users@spamassassin.apache.org
> Subject: Re: Discourage broken content
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Rick Cooper wrote:
> >
> >> -----Original Message----- From: decoder
> >> [mailto:decoder@own-hero.net] Sent: Friday, August 25, 2006 2:24
> >> PM To: users@spamassassin.apache.org Subject: Re: Discourage
> >> broken content
> >>
> >>
> >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[...]
> >>
> >> I've heard that it truncates the mail at 30kb, no matter if that
> >> is within a MIME block or not... So my plugin gets a broken
> >> image.. though it was not broken originally...
> >>
> >
> > That is patently false. I have a graphics design/advertising
> > department at one of my locations and these fellas send huge
> > graphics files back and forth when they have emergency
> > proofs/changes and MailScanner has *never* damaged anything, ever,
> > anywhere. Now, there is a setting for scanning (much like exiscan
> > IIRCC) that allows you to truncate the message and only scan xxx
> > amount, it's optional and doesn't modify the actual message in
> > anyway.
> >
> > Rick
> I did not say it damages the mail. I said it feds only a given amount
> of the message to SpamAssassin and THAT breaks plugins requiring the
> whole message, especially when MailScanner breaks messages in the
> middle of attachments.
>
> And as far as I know, it is the default setting of mailscanner to feed
> only a given amount of kb to SpamAssassin. That does not mean it
> truncates the message before delivering it.
>
My apologies, the way I interpreted the original I thought you were saying
it truncates the email and breaks they message. I will bring this up on the
Mailscanner list that the default, given the recent image spams, should be
disabled so the entire message is sent to spam assassin. Before the current
spat of image spam you could generally tell within 20k or so if a message
was spam or not, this is not the case in today's world and the entire
message really should be fed to SA. I have never used the default setting
myself.
Rick
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: Discourage broken content
Posted by decoder <de...@own-hero.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rick Cooper wrote:
>
>> -----Original Message----- From: decoder
>> [mailto:decoder@own-hero.net] Sent: Friday, August 25, 2006 2:24
>> PM To: users@spamassassin.apache.org Subject: Re: Discourage
>> broken content
>>
>>
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> Kenneth Porter wrote:
>>> --On Friday, August 25, 2006 12:05 AM -0700 Plenz
>>> <pa...@lenz-online.de> wrote:
>>>
>>>> I disagree. To check out what happens I converted a JPG
>>>> picture into a GIF file and sent it to myself. One time I
>>>> converted it with IrfanView and the second time with
>>>> PaintShop Pro. Both GIF files had the result "giftopnm: EOF
>>>> or error reading data portion..." So I produced a corrupt (?)
>>>> image, but it was not spam.
>>> I think we should discourage all broken content in email and on
>>> the web.
>>>
>>> At one time we could assume that broken content was an honest
>>> mistake and make an attempt at fixing it. But with the rise of
>>> malicious content attempting to exploit bugs in content
>>> handlers (like overruns in image libraries), we should simply
>>> reject anything that fails to pass validation, on the
>>> assumption that's it out to get us.
>>>
>>> This includes not just broken images but also broken HTML,
>>> which is so commonly used to conceal spam.
>>>
>>> We need to stop giving a free pass to broken content creation
>>> software just because it's popular. When someone sends you
>>> broken content, you should react the same way you would if they
>>> sent you documents on dirt-smeared paper. Stop letting your
>>> emperor walk around naked.
>> I completely agree, the problem is, some implementations makes
>> this impossible. For example MailScanner.
>>
>> I've heard that it truncates the mail at 30kb, no matter if that
>> is within a MIME block or not... So my plugin gets a broken
>> image.. though it was not broken originally...
>>
>
> That is patently false. I have a graphics design/advertising
> department at one of my locations and these fellas send huge
> graphics files back and forth when they have emergency
> proofs/changes and MailScanner has *never* damaged anything, ever,
> anywhere. Now, there is a setting for scanning (much like exiscan
> IIRCC) that allows you to truncate the message and only scan xxx
> amount, it's optional and doesn't modify the actual message in
> anyway.
>
> Rick
I did not say it damages the mail. I said it feds only a given amount
of the message to SpamAssassin and THAT breaks plugins requiring the
whole message, especially when MailScanner breaks messages in the
middle of attachments.
And as far as I know, it is the default setting of mailscanner to feed
only a given amount of kb to SpamAssassin. That does not mean it
truncates the message before delivering it.
Chris
>
>
> -- This message has been scanned for viruses and dangerous content
> by MailScanner, and is believed to be clean.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE71wLJQIKXnJyDxURAtxUAJ9/O5F4cC/1vlsE6EsRb6vLcepH+ACfcTCA
x4CmnLDyZbUFtAr2kWK9koY=
=Ckpc
-----END PGP SIGNATURE-----
RE: Discourage broken content
Posted by Rick Cooper <rc...@dwford.com>.
> -----Original Message-----
> From: John Andersen [mailto:jsa@pen.homeip.net]
> Sent: Friday, August 25, 2006 4:20 PM
> To: users@spamassassin.apache.org
> Subject: Re: Discourage broken content
>
>
> On Friday 25 August 2006 12:10, Rick Cooper wrote:
> > That is patently false. I have a graphics design/advertising
> department at
> > one of my locations and these fellas send huge graphics files back and
> > forth when they have emergency proofs/changes and MailScanner
> has *never*
> > damaged anything, ever, anywhere. Now, there is a setting for scanning
> > (much like exiscan IIRCC) that allows you to truncate the
> message and only
> > scan xxx amount, it's optional and doesn't modify the actual message in
> > anyway.
>
> Yes, Rick, that is correct, but the situation under discussion is that
> mailscanner passes a partial file to the spamassassin proceess,
> which in turn
> passes that partial file to the image analysis plugins, which
> decide that the
> image is broken.
>
> Upon being passed by spamassassin, the entire, unchanged mail is sent
> on its way intact by mailscanner.
> Amavis-New does something similar. Shreds mail into
> pieces, launches scanners on the pieces.
>
> The problem is that the spam scanner (and presumably virus
> scanner) plugins
> are being handed partial files. Not a good practice in my view.
>
I misunderstood what decoder was saying. And no, MailScanner doesn't give
the virus scanners partial messages. In fact it goes to great pains to
completely unpack all attachments (including tnef) and sanitize the file
names, etc. The option to give partial messages to SA is due in part to the
historical lack of need to hand a large message to SA to determine ham/spam
and there are/were vulnerabilities in the tnef processing that could be
exploited by very large tnef attachments. Mailscanner currently handles tnef
in a way I doubt there would be a problem and can in fact (optionally)
decode tnef attachments and recreate them as standard attachments that any
mail client can handle. In any event I plan to bring this up on the
MailScanner list and suggest the default behavior should no longer be
handing only a part of the message to SA.
Rick
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: Discourage broken content
Posted by John Andersen <js...@pen.homeip.net>.
On Friday 25 August 2006 12:10, Rick Cooper wrote:
> That is patently false. I have a graphics design/advertising department at
> one of my locations and these fellas send huge graphics files back and
> forth when they have emergency proofs/changes and MailScanner has *never*
> damaged anything, ever, anywhere. Now, there is a setting for scanning
> (much like exiscan IIRCC) that allows you to truncate the message and only
> scan xxx amount, it's optional and doesn't modify the actual message in
> anyway.
Yes, Rick, that is correct, but the situation under discussion is that
mailscanner passes a partial file to the spamassassin proceess, which in turn
passes that partial file to the image analysis plugins, which decide that the
image is broken.
Upon being passed by spamassassin, the entire, unchanged mail is sent
on its way intact by mailscanner.
Amavis-New does something similar. Shreds mail into
pieces, launches scanners on the pieces.
The problem is that the spam scanner (and presumably virus scanner) plugins
are being handed partial files. Not a good practice in my view.
--
_____________________________________
John Andersen
RE: Discourage broken content
Posted by Rick Cooper <rc...@dwford.com>.
> -----Original Message-----
> From: decoder [mailto:decoder@own-hero.net]
> Sent: Friday, August 25, 2006 2:24 PM
> To: users@spamassassin.apache.org
> Subject: Re: Discourage broken content
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Kenneth Porter wrote:
> > --On Friday, August 25, 2006 12:05 AM -0700 Plenz
> > <pa...@lenz-online.de> wrote:
> >
> >> I disagree. To check out what happens I converted a JPG picture
> >> into a GIF
> >> file
> >> and sent it to myself. One time I converted it with IrfanView and the
> >> second time with PaintShop Pro. Both GIF files had the result
> >> "giftopnm: EOF or error reading data portion..." So I produced a
> >> corrupt
> >> (?) image, but it was not spam.
> >
> > I think we should discourage all broken content in email and on the
> > web.
> >
> > At one time we could assume that broken content was an honest
> > mistake and make an attempt at fixing it. But with the rise of
> > malicious content attempting to exploit bugs in content handlers
> > (like overruns in image libraries), we should simply reject anything
> > that fails to pass validation, on the assumption that's it out to
> > get us.
> >
> > This includes not just broken images but also broken HTML, which is
> > so commonly used to conceal spam.
> >
> > We need to stop giving a free pass to broken content creation
> > software just because it's popular. When someone sends you broken
> > content, you should react the same way you would if they sent you
> > documents on dirt-smeared paper. Stop letting your emperor walk
> > around naked.
>
> I completely agree, the problem is, some implementations makes this
> impossible. For example MailScanner.
>
> I've heard that it truncates the mail at 30kb, no matter if that is
> within a MIME block or not... So my plugin gets a broken image..
> though it was not broken originally...
>
That is patently false. I have a graphics design/advertising department at
one of my locations and these fellas send huge graphics files back and forth
when they have emergency proofs/changes and MailScanner has *never* damaged
anything, ever, anywhere. Now, there is a setting for scanning (much like
exiscan IIRCC) that allows you to truncate the message and only scan xxx
amount, it's optional and doesn't modify the actual message in anyway.
Rick
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: Discourage broken content
Posted by decoder <de...@own-hero.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Logan Shaw wrote:
> On Fri, 25 Aug 2006, enediel gonzalez wrote:
>>> From: decoder <de...@own-hero.net> Kenneth Porter wrote:
>
>>> I completely agree, the problem is, some implementations makes
>>> this impossible. For example MailScanner.
>>>
>>> I've heard that it truncates the mail at 30kb, no matter if
>>> that is within a MIME block or not... So my plugin gets a
>>> broken image.. though it was not broken originally...
>
> Yes, if you leave the default "Max SpamAssassin Size = 30000"
> setting in place, it will do this.
>
>> Could somebody explain to me the reason why MailScanner acts this
>> way?
>
> Performance. The theory, I think, is that if a message is spam,
> there should be some evidence of that in the first 30000 bytes, so
> there is no need to pass the whole message to SpamAssassin.
>
> I think this was a good assumption and a good plan when
> SpamAssassin didn't check a lot of attachments. Now that there are
> plugins which do check attachments, leaving the MIME structure of
> the message intact is more important, but MailScanner hasn't caught
> up with this reality.
I heard that a proposal on letting the MIME structure intact has been
made... so at least if the message was truncated, it wouldn't be
truncated in the middle of an attachment (which would make absolutely
no sense, either you truncate before or after the attachment, a broken
attachment doesnt help anyone and will only cause unnecessary errors)
Chris
>
> Of course, you can always just remove the limitation by changing
> the MailScanner configuration file.
>
>> A good question could be decide if you adapt this plugin to be
>> compatible with MailScanner or tha last one should change this
>> practice.
>
> MailScanner calls SpamAssassin, so no adaptation needed in most
> cases. Unless you are talking about workarounds for issues like
> the above.
>
> - Logan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE71X+JQIKXnJyDxURAnGdAKC2aHFPzyX8lFhhsoSsrIgl+ci6QgCeJO4q
58fKQR01gJE0I/0P2Zpdprw=
=MU3c
-----END PGP SIGNATURE-----
Re: Discourage broken content
Posted by Logan Shaw <ls...@emitinc.com>.
On Fri, 25 Aug 2006, enediel gonzalez wrote:
>> From: decoder <de...@own-hero.net>
>> Kenneth Porter wrote:
>> I completely agree, the problem is, some implementations makes this
>> impossible. For example MailScanner.
>>
>> I've heard that it truncates the mail at 30kb, no matter if that is
>> within a MIME block or not... So my plugin gets a broken image..
>> though it was not broken originally...
Yes, if you leave the default "Max SpamAssassin Size = 30000"
setting in place, it will do this.
> Could somebody explain to me the reason why MailScanner acts this way?
Performance. The theory, I think, is that if a message is spam,
there should be some evidence of that in the first 30000 bytes,
so there is no need to pass the whole message to SpamAssassin.
I think this was a good assumption and a good plan when
SpamAssassin didn't check a lot of attachments. Now that
there are plugins which do check attachments, leaving the
MIME structure of the message intact is more important, but
MailScanner hasn't caught up with this reality.
Of course, you can always just remove the limitation by changing
the MailScanner configuration file.
> A good question could be decide if you adapt this plugin to be compatible
> with MailScanner or tha last one should change this practice.
MailScanner calls SpamAssassin, so no adaptation needed in
most cases. Unless you are talking about workarounds for
issues like the above.
- Logan
Re: Discourage broken content
Posted by enediel gonzalez <en...@hotmail.com>.
>From: decoder <de...@own-hero.net>
>To: users@spamassassin.apache.org
>Subject: Re: Discourage broken content
>Date: Fri, 25 Aug 2006 21:24:14 +0200
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Kenneth Porter wrote:
> > --On Friday, August 25, 2006 12:05 AM -0700 Plenz
> > <pa...@lenz-online.de> wrote:
> >
> >> I disagree. To check out what happens I converted a JPG picture
> >> into a GIF
> >> file
> >> and sent it to myself. One time I converted it with IrfanView and the
> >> second time with PaintShop Pro. Both GIF files had the result
> >> "giftopnm: EOF or error reading data portion..." So I produced a
> >> corrupt
> >> (?) image, but it was not spam.
> >
> > I think we should discourage all broken content in email and on the
> > web.
> >
> > At one time we could assume that broken content was an honest
> > mistake and make an attempt at fixing it. But with the rise of
> > malicious content attempting to exploit bugs in content handlers
> > (like overruns in image libraries), we should simply reject anything
> > that fails to pass validation, on the assumption that's it out to
> > get us.
> >
> > This includes not just broken images but also broken HTML, which is
> > so commonly used to conceal spam.
> >
> > We need to stop giving a free pass to broken content creation
> > software just because it's popular. When someone sends you broken
> > content, you should react the same way you would if they sent you
> > documents on dirt-smeared paper. Stop letting your emperor walk
> > around naked.
>
>I completely agree, the problem is, some implementations makes this
>impossible. For example MailScanner.
>
>I've heard that it truncates the mail at 30kb, no matter if that is
>within a MIME block or not... So my plugin gets a broken image..
>though it was not broken originally...
>
>Chris
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.5 (GNU/Linux)
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>iD8DBQFE705eJQIKXnJyDxURAiGZAJ4q2f5KIxWjrYN3U6vB4kFhLbZ2igCfVM1l
>n13w21PXoSH7IethDVc3uio=
>=IWPe
>-----END PGP SIGNATURE-----
>
Could somebody explain to me the reason why MailScanner acts this way?
A good question could be decide if you adapt this plugin to be compatible
with MailScanner or tha last one should change this practice.
IMHO, any kind of information included into an email could be revised but
shouldn't be transformed.
greetings
Enediel
Re: Discourage broken content
Posted by decoder <de...@own-hero.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kenneth Porter wrote:
> --On Friday, August 25, 2006 12:05 AM -0700 Plenz
> <pa...@lenz-online.de> wrote:
>
>> I disagree. To check out what happens I converted a JPG picture
>> into a GIF
>> file
>> and sent it to myself. One time I converted it with IrfanView and the
>> second time with PaintShop Pro. Both GIF files had the result
>> "giftopnm: EOF or error reading data portion..." So I produced a
>> corrupt
>> (?) image, but it was not spam.
>
> I think we should discourage all broken content in email and on the
> web.
>
> At one time we could assume that broken content was an honest
> mistake and make an attempt at fixing it. But with the rise of
> malicious content attempting to exploit bugs in content handlers
> (like overruns in image libraries), we should simply reject anything
> that fails to pass validation, on the assumption that's it out to
> get us.
>
> This includes not just broken images but also broken HTML, which is
> so commonly used to conceal spam.
>
> We need to stop giving a free pass to broken content creation
> software just because it's popular. When someone sends you broken
> content, you should react the same way you would if they sent you
> documents on dirt-smeared paper. Stop letting your emperor walk
> around naked.
I completely agree, the problem is, some implementations makes this
impossible. For example MailScanner.
I've heard that it truncates the mail at 30kb, no matter if that is
within a MIME block or not... So my plugin gets a broken image..
though it was not broken originally...
Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE705eJQIKXnJyDxURAiGZAJ4q2f5KIxWjrYN3U6vB4kFhLbZ2igCfVM1l
n13w21PXoSH7IethDVc3uio=
=IWPe
-----END PGP SIGNATURE-----
Re: Discourage broken configs (was: Discourage broken content (was: Broken images in mails)
Posted by "George R. Kasica" <ge...@netwrx1.com>.
>>> I think we should discourage all broken content in email and on the
>>> web.
>>>
>>> At one time we could assume that broken content was an honest
>>> mistake and make an attempt at fixing it. But with the rise of
>>> malicious content attempting to exploit bugs in content handlers
>>> (like overruns in image libraries), we should simply reject
>>> anything that fails to pass validation, on the assumption that's it
>>> out to get us.
>>>
>>> This includes not just broken images but also broken HTML, which is
>>> so commonly used to conceal spam.
>>>
>>> We need to stop giving a free pass to broken content creation
>>> software just because it's popular. When someone sends you broken
>>> content, you should react the same way you would if they sent you
>>> documents on dirt-smeared paper. Stop letting your emperor walk
>>> around naked.
>>
>> I would, and do, go even further and discourage broken Server/DNS
>> configurations.
>>
>> I've downright had it with all this crap hitting my server.
>>
>> I'm now doing checks right at the MTA and if the sending server fails
>> any hostname, HELO, domain name, SPF etc., checks they don't even get
>> to my content filters. The biggest thing we have in our favour is
>> that the spambots are mostly broken or running on machines that will
>> fail most of these checks.
>>
>> For legitimate email, I send an message to the admins responsible for
>> the broken configs with my log entries explaining why their email was
>> blocked. It's up to them to fix it if they want to send email my way.
>>
>> I know this isn't practical in an environment where you're
>> administering hundreds or thousands of accounts, and I feel your
>> pain, but I think it's time we encouraged proper and correct server
>> and DNS configurations so we can use all the tools at our disposal to
>> our advantage.
>
>I am with you right up until the moment my head says, "Who defines
>proper content?" Then I come back to "email format rwars" and say
>"Fahgeddit."
>
>One man's cilantro spice is another man's intolerable bitterness.
>Do we try to force the bitterness on the other man or do we try to
>accommodate? "Who gets to define how much we must tolerate?" It's
>purely an rwar issue when you apply this to formatting wars. It is
>best to do what YOU will and not get evangelistic about it. If you
>do characters like me get contrary.
>
>{^_^} Joanne, The Stubborn
A great and a wonderful idea until you have users paying you for
e-mail service and you start bouncing their mails because someone or
some program has a bug in it that they have no control over and they
lose that email from their employer, client or whatever and I can
assure you that they will find another provider right quick.
===[George R. Kasica]=== +1 262 677 0766
President +1 206 374 6482 FAX
Netwrx Consulting Inc. Jackson, WI USA
http://www.netwrx1.com
georgek@netwrx1.com
ICQ #12862186
Re: Discourage broken configs (was: Discourage broken content (was: Broken images in mails)
Posted by jdow <jd...@earthlink.net>.
From: "Gino Cerullo" <gc...@pixelpointstudios.com>
> On 25-Aug-06, at 3:20 PM, Kenneth Porter wrote:
>
>> --On Friday, August 25, 2006 12:05 AM -0700 Plenz <paul@lenz-
>> online.de> wrote:
>>
>>> I disagree. To check out what happens I converted a JPG picture
>>> into a GIF
>>> file
>>> and sent it to myself. One time I converted it with IrfanView and the
>>> second time with PaintShop Pro. Both GIF files had the result
>>> "giftopnm: EOF or error reading data portion..." So I produced a
>>> corrupt
>>> (?) image, but it was not spam.
>>
>> I think we should discourage all broken content in email and on the
>> web.
>>
>> At one time we could assume that broken content was an honest
>> mistake and make an attempt at fixing it. But with the rise of
>> malicious content attempting to exploit bugs in content handlers
>> (like overruns in image libraries), we should simply reject
>> anything that fails to pass validation, on the assumption that's it
>> out to get us.
>>
>> This includes not just broken images but also broken HTML, which is
>> so commonly used to conceal spam.
>>
>> We need to stop giving a free pass to broken content creation
>> software just because it's popular. When someone sends you broken
>> content, you should react the same way you would if they sent you
>> documents on dirt-smeared paper. Stop letting your emperor walk
>> around naked.
>
> I would, and do, go even further and discourage broken Server/DNS
> configurations.
>
> I've downright had it with all this crap hitting my server.
>
> I'm now doing checks right at the MTA and if the sending server fails
> any hostname, HELO, domain name, SPF etc., checks they don't even get
> to my content filters. The biggest thing we have in our favour is
> that the spambots are mostly broken or running on machines that will
> fail most of these checks.
>
> For legitimate email, I send an message to the admins responsible for
> the broken configs with my log entries explaining why their email was
> blocked. It's up to them to fix it if they want to send email my way.
>
> I know this isn't practical in an environment where you're
> administering hundreds or thousands of accounts, and I feel your
> pain, but I think it's time we encouraged proper and correct server
> and DNS configurations so we can use all the tools at our disposal to
> our advantage.
I am with you right up until the moment my head says, "Who defines
proper content?" Then I come back to "email format rwars" and say
"Fahgeddit."
One man's cilantro spice is another man's intolerable bitterness.
Do we try to force the bitterness on the other man or do we try to
accommodate? "Who gets to define how much we must tolerate?" It's
purely an rwar issue when you apply this to formatting wars. It is
best to do what YOU will and not get evangelistic about it. If you
do characters like me get contrary.
{^_^} Joanne, The Stubborn
Discourage broken configs (was: Discourage broken content (was: Broken images in mails)
Posted by Gino Cerullo <gc...@pixelpointstudios.com>.
On 25-Aug-06, at 3:20 PM, Kenneth Porter wrote:
> --On Friday, August 25, 2006 12:05 AM -0700 Plenz <paul@lenz-
> online.de> wrote:
>
>> I disagree. To check out what happens I converted a JPG picture
>> into a GIF
>> file
>> and sent it to myself. One time I converted it with IrfanView and the
>> second time with PaintShop Pro. Both GIF files had the result
>> "giftopnm: EOF or error reading data portion..." So I produced a
>> corrupt
>> (?) image, but it was not spam.
>
> I think we should discourage all broken content in email and on the
> web.
>
> At one time we could assume that broken content was an honest
> mistake and make an attempt at fixing it. But with the rise of
> malicious content attempting to exploit bugs in content handlers
> (like overruns in image libraries), we should simply reject
> anything that fails to pass validation, on the assumption that's it
> out to get us.
>
> This includes not just broken images but also broken HTML, which is
> so commonly used to conceal spam.
>
> We need to stop giving a free pass to broken content creation
> software just because it's popular. When someone sends you broken
> content, you should react the same way you would if they sent you
> documents on dirt-smeared paper. Stop letting your emperor walk
> around naked.
I would, and do, go even further and discourage broken Server/DNS
configurations.
I've downright had it with all this crap hitting my server.
I'm now doing checks right at the MTA and if the sending server fails
any hostname, HELO, domain name, SPF etc., checks they don't even get
to my content filters. The biggest thing we have in our favour is
that the spambots are mostly broken or running on machines that will
fail most of these checks.
For legitimate email, I send an message to the admins responsible for
the broken configs with my log entries explaining why their email was
blocked. It's up to them to fix it if they want to send email my way.
I know this isn't practical in an environment where you're
administering hundreds or thousands of accounts, and I feel your
pain, but I think it's time we encouraged proper and correct server
and DNS configurations so we can use all the tools at our disposal to
our advantage.
--
Gino Cerullo
Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6
416-247-7740