From owner-freebsd-questions Mon Nov 12 18: 0:23 2001 Delivered-To: freebsd-questions@freebsd.org Received: from avocet.prod.itd.earthlink.net (avocet.mail.pas.earthlink.net [207.217.120.50]) by hub.freebsd.org (Postfix) with ESMTP id 4875537B416 for ; Mon, 12 Nov 2001 18:00:20 -0800 (PST) Received: from dialup-209.247.138.52.dial1.sanjose1.level3.net ([209.247.138.52] helo=blossom.cjclark.org) by avocet.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 163Ss5-0003ab-00; Mon, 12 Nov 2001 18:00:19 -0800 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id fAD1xcs45799; Mon, 12 Nov 2001 17:59:38 -0800 (PST) (envelope-from cjc) Date: Mon, 12 Nov 2001 17:59:38 -0800 From: "Crist J. Clark" To: Drew Tomlinson Cc: FreeBSD user , questions@FreeBSD.ORG Subject: Re: What is "Defanged Link"? Message-ID: <20011112175938.A45158@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <036c01c169fc$94ee12f0$0301a8c0@bigdaddy> <20011111003339.I69195@blossom.cjclark.org> <005701c16ac3$c021eba0$0301a8c0@bigdaddy> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <005701c16ac3$c021eba0$0301a8c0@bigdaddy>; from drew@mykitchentable.net on Sun, Nov 11, 2001 at 07:15:51AM -0800 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Nov 11, 2001 at 07:15:51AM -0800, Drew Tomlinson wrote: > ----- Original Message ----- > From: "Crist J. Clark" > To: "Drew Tomlinson" > Cc: > Sent: Sunday, November 11, 2001 12:33 AM > Subject: Re: What is "Defanged Link"? > > > > On Sat, Nov 10, 2001 at 07:30:09AM -0800, Drew Tomlinson wrote: > > > This morning I was reviewing the daily output run from one of my > > > machines. What is the meaning of "DEFANGED_LINK"? The following > is a > > > snip of the report: > > [snip] > > > You wouldn't be running your mail through some kind of > procmail-based > > (or another mail scanner) defanger? > > Umm, yep. I just started experimenting with the E-mail Sanitizer. So > I assume this is just something it does? Do you have any idea why? "Use the source, Luke." $ fgrep -i link html-trap.procmail * 1^1 \<(html|title|body|meta|app|script|object|embed|i?frame|style|img|bgsound|layer|link) s/<(META|APP|SCRIPT|OBJECT|EMBED|FRAME|IFRAME|LAYER|LINK)/ I > reread the docs at > http://www.impsec.org/email-tools/procmail-security.html but do not > see any mention of this. The sanitizer code treats "" as a potentially hostile tag. > And FWIW, I see this on both of my FBSD > boxes but I am only running the sanitizer on one. The other is a > firewall only. Is the mail from the firewall relayed through the machine running the sanitizer? It is clearly the sanitizer doing this. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message