mixmaster auto-block feature now check (in
rem.c:blockrequest()) if the address to be blocked is
not the remailer address.
It should check also if the address is not of a
remailer or ignore it, because an attacker can send a
spoofed request to block a remailer from the remailer
Also before to send reply.txt (that contains a
DESTINATION-BLOCK line) it should check if the
destination address is a remailer.
Log in to post a comment.