[HacktionLab] how to turn off logging

ekes ekes at aktivix.org
Mon Nov 28 18:04:17 UTC 2011

On 28-11-11 17:12, Charlie Harvey wrote:
> - From that page:
>> store the IPs and emails in the greylisting database using a one-way
> SHA-1 hash function instead of clear-text tuples.
> I've always thought you weren't supposed to do that , cos an attacker
> can just pre-calculate the SHA-1s of all the IP4 addresses.

I assume (*) they are creating a hash of the full triplet used by
postgrey: client ip, sender e-mail address, recipient e-mail address.

So the entire space and possibility of calculating all collisions would
be much more difficult than just the ip address.


(*) So I looked for the patch it's here:

In one instance it hashes the client_address (this is, at least on my
server, the reverse DNS record not the IP address):-

         $cawl_key = $attr->{client_address};
+	 if ($self->{postgrey}{privacy}) {
+	     $cawl_key = sha1_hex($cawl_key);
+	 }

And in the other it hashes the combined ip/sender-email/recipient-email

     my $key    = lc "$client_net/$sender/$attr->{recipient}";
+    if ($self->{postgrey}{privacy}) {
+	$key = sha1_hex($key);
+    }

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <https://lists.aktivix.org/mailman/private/hacktionlab/attachments/20111128/309a7941/attachment.pgp>

More information about the HacktionLab mailing list