[HacktionLab] how to turn off logging
ekes
ekes at aktivix.org
Mon Nov 28 18:04:17 UTC 2011
On 28-11-11 17:12, Charlie Harvey wrote:
> - From that page:
>> store the IPs and emails in the greylisting database using a one-way
> SHA-1 hash function instead of clear-text tuples.
>
> I've always thought you weren't supposed to do that , cos an attacker
> can just pre-calculate the SHA-1s of all the IP4 addresses.
I assume (*) they are creating a hash of the full triplet used by
postgrey: client ip, sender e-mail address, recipient e-mail address.
So the entire space and possibility of calculating all collisions would
be much more difficult than just the ip address.
ekes
(*) So I looked for the patch it's here:
https://we.riseup.net/debian/postgrey
In one instance it hashes the client_address (this is, at least on my
server, the reverse DNS record not the IP address):-
$cawl_key = $attr->{client_address};
+ if ($self->{postgrey}{privacy}) {
+ $cawl_key = sha1_hex($cawl_key);
+ }
And in the other it hashes the combined ip/sender-email/recipient-email
my $key = lc "$client_net/$sender/$attr->{recipient}";
+ if ($self->{postgrey}{privacy}) {
+ $key = sha1_hex($key);
+ }
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <https://lists.aktivix.org/mailman/private/hacktionlab/attachments/20111128/309a7941/attachment.pgp>
More information about the HacktionLab
mailing list