Subj : hpt & unsecure compressed netmail
To   : All
From : Warpslide
Date : Fri May 17 2024 01:44 pm

Hi All,

I recently had two applications sent to me via unsecure netmail, one for Fido & 
another for an othernet.  Normally hpt will process unsecure netmail without 
issue, but both of these happened to be compressed and the files were renamed 
to .sec.

I monitor both in & outbound directories and noticed the two .sec files there 
and processed manually.  I found a thread on Fidonet where this was discussed 
back in 2021, but it's colloquially referred to fight-o-net for a reason.

Oli suggested over in Fido to not accept compressed mail from unsecure sources 
while others mentioned using a script outside of hpt to process them.

It's still certainly possible to "mailbomb" someone today by creating a large 
zero-filled file, zipping it up & sending it off in an attempt to fill up 
someones disk, though I don't know how probable that is today. (Please don't 
mailbomb me...)

What are others who use hpt doing, or what would be the best practice here?

Add this line to binkd.conf:
skip unsecure 0 *.[STFWMstfwm][ouaherOUAHER][0-9A-Za-z]

Write a script that will uncompress any .sec file in the unsecure inbound or 
maybe just continue monitoring the inbound as I have been doing?

Both of these ftn applications were from Mystic.  Does Synchronet compress 
netmail if an archiver is configured?


Jay

.... Best file compression around: "DEL *.*" = 100% compression

--- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
 * Origin: Northern Realms (21:3/110)

.