From: Kevin <ass...@la...> - 2007-11-30 11:01:01
|
Philippe Schelté wrote: > Hello, > > I use the LDAP user verification, it works well but seems that it can be > bypassed bye a "|" at the first letter place, I know this is seally > because it must be a valid email address that must follow the "|". > > example : > > I have a valid address : goo...@my... > if a spammer sends a spam to : |goo...@my... > assp will check goo...@my... in the LDAP directory so it will > validate it. the spam will be detected and will fall in my spam-bin > mailbox instead of beiing rejected at the first time. I've been getting the same spam messages and they ahve not have gotten past my LDAP lookups. Kevin |