Re: Dangers of discarding duplicated messages

From: Gene Rackow (rackow_at_mcs.anl.gov)
Date: 02/18/05

  • Next message: Andres Tarasco: "Re: [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability"
    To: Maciej Soltysiak <maciej@soltysiak.com>
    Date: Fri, 18 Feb 2005 16:57:55 -0600
    
    

    There are lots of other things that may need to be done to handle
    dealing with duplicated message-id's as well. Note that the RFC's
    mandate that the message-id is unique per message.

    A number of IMAP packages use the message-id as a way of keeping
    track of the message in the various folders.
    Having messages with the message-id breaks the standards, may
    cause problems in message handling, etc.

    The problem is bigger than just the anti-spam packages out there.

    From the original message it was indicated that these many dups
    might be picked up by the AV/AS software on the server. If it is,
    the blocking of the message should happen before the message-id
    gets entered into the users cache of delivered messages. Therefore
    the 1st non-spam message should still be able to get through to the
    end user.

    -_Gene

    Maciej Soltysiak made the following keystrokes:
    >Hello Adrian,
    >
    >Thursday, February 17, 2005, 7:57:01 PM, you wrote:
    >
    >> It seems to be required that programs that automatically discard
    >> duplicate messages have to use a checksum over the body and part of the
    >> header of the emails instead of relying on the message ID.
    >Very interesting indeed Adrian.
    >So to sum it all up just for now, the advisories are two.
    >One for users, one for developers of MUAs.
    >
    >Users: Beware of the fact that automatic discarding of duplicated messages
    > may result in you not getting the original mail in case someone exploi
    > ts
    > the effect Adrian depicted.
    >
    >Developers: Consider using checksum of the email messages, not only the
    > Message-ID to distinguish between duplicated messages.
    >
    >Am I correct?
    >
    >Fortunately I was never using this MUA feature - I just take care of the
    >duppies manually, which is not a big chore for me I must say.
    >
    >
    >--
    >Best regards,
    >Maciej Soltysiak
    >
    >
    >


  • Next message: Andres Tarasco: "Re: [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability"