On 2003-06-21, 02:55:01 (-0700), Paul Wallingford wrote:
> The following code sneaks through and does not get defanged. It is
> valid HTML / XML and renders in the mail reader (Mozilla). This is a
> security problem because it can be used by attackers to track recipients
> and possibly download malicious code to the victim's machine. In this
> message, it may appear on separate lines, but it appeared all on one
> line in the original message.
> <img border="0" src="http://www.lunarlandrush.com/images/moon_032303_1.gif"/>
Are you saying you think all external IMG references should be
Alot of people would disagree with you! :-) So that behavior is
The default is to block external references to various "unusual"
non-http protocols such as hcp:// or smb:// or the various internal
If you also want to block anything e-mail images originating via.
HTTP or FTP, just set "feat_webbugs = 1". That should do the trick.
-- Bjarni R. Einarsson PGP: 02764305, B7A3AB89 email@example.com -><- http://bre.klaki.net/
Check out my open-source email sanitizer: http://mailtools.anomy.net/ Spammers, please send lots of mail to: firstname.lastname@example.org
Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=Juggler