Also sprach Petr M. Swedock
Is't possible to use this to 'poison' the catalogue: that is to say, how easy is it to create a denial-of-service for legitimate mail?
I'm not an expert on how Vipul's Razor does its cataloguing, but I suspect its quite easy to do so, yes. The man page (perldoc) for razor-report shows you how to set up a "trolling" address that auto-submits every received email via razor-report. Simply subscribe an address set up that way to BUGTRAQ or other mailing lists and every BUGTRAQ post (or whatever list its subscribed to) would be auto-submitted to razor as spam. Then for the other people on the list that are using razor-check...whether the post would get flagged as spam would be a race condition...do you get your copy before the trolling address gets its copy and gets it submitted to the catalogue? I think the idea of the razor is good...but needs some refinement...maybe ability to set a threshold on the number of reports needed to flag something as spam? -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456