• hpt & unsecure compressed netmail

    From Warpslide@21:3/110 to All on Fri May 17 13:44:48 2024
    Hi All,

    I recently had two applications sent to me via unsecure netmail, one for Fido & another for an othernet. Normally hpt will process unsecure netmail without issue, but both of these happened to be compressed and the files were renamed to .sec.

    I monitor both in & outbound directories and noticed the two .sec files there and processed manually. I found a thread on Fidonet where this was discussed back in 2021, but it's colloquially referred to fight-o-net for a reason.

    Oli suggested over in Fido to not accept compressed mail from unsecure sources while others mentioned using a script outside of hpt to process them.

    It's still certainly possible to "mailbomb" someone today by creating a large zero-filled file, zipping it up & sending it off in an attempt to fill up someones disk, though I don't know how probable that is today. (Please don't mailbomb me...)

    What are others who use hpt doing, or what would be the best practice here?

    Add this line to binkd.conf:
    skip unsecure 0 *.[STFWMstfwm][ouaherOUAHER][0-9A-Za-z]

    Write a script that will uncompress any .sec file in the unsecure inbound or maybe just continue monitoring the inbound as I have been doing?

    Both of these ftn applications were from Mystic. Does Synchronet compress netmail if an archiver is configured?


    Jay

    ... Best file compression around: "DEL *.*" = 100% compression

    --- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
    * Origin: Northern Realms (21:3/110)
  • From Atreyu@21:1/176 to Warpslide on Fri May 17 13:54:56 2024
    On 17 May 24 13:44:48, Warpslide said the following to All:

    Oli suggested over in Fido to not accept compressed mail from unsecure sourc

    Oli is a clueless idiot and there are no threats of mailbombs in 2024.

    Atreyu

    --- Renegade vY2Ka2
    * Origin: Joey, do you like movies about gladiators? (21:1/176)