From Warpslide@21:3/110 to All on Fri May 17 13:44:48 2024
Hi All,
I recently had two applications sent to me via unsecure netmail, one for Fido & another for an othernet. Normally hpt will process unsecure netmail without issue, but both of these happened to be compressed and the files were renamed to .sec.
I monitor both in & outbound directories and noticed the two .sec files there and processed manually. I found a thread on Fidonet where this was discussed back in 2021, but it's colloquially referred to fight-o-net for a reason.
Oli suggested over in Fido to not accept compressed mail from unsecure sources while others mentioned using a script outside of hpt to process them.
It's still certainly possible to "mailbomb" someone today by creating a large zero-filled file, zipping it up & sending it off in an attempt to fill up someones disk, though I don't know how probable that is today. (Please don't mailbomb me...)
What are others who use hpt doing, or what would be the best practice here?
Add this line to binkd.conf:
skip unsecure 0 *.[STFWMstfwm][ouaherOUAHER][0-9A-Za-z]
Write a script that will uncompress any .sec file in the unsecure inbound or maybe just continue monitoring the inbound as I have been doing?
Both of these ftn applications were from Mystic. Does Synchronet compress netmail if an archiver is configured?
Jay
... Best file compression around: "DEL *.*" = 100% compression