On Fri, 10 Dec 1999, Marc Haber wrote:
> When I use my normal setup, the MUA delivers the messages to the MTA
> via SMTP. This works flawlessly. However, when I use a UNIX MUA like
> mutt that way (which presumably delivers messages directly by calling
> exim or /bin/mail), a Sender: header is added which in turn causes
> some mailing list managers (this happened in fact on this mailing
> liste ;-) ) to reject my message because they honor Sender: instead of
> From: for sender verification.
Exim does this as a security measure, and also in accordance with RFC
822:
4.4.2. SENDER / RESENT-SENDER
This field contains the authenticated identity of the AGENT
(person, system or process) that sends the message. It is
intended for use when the sender is not the author of the mes-
sage, or to indicate who among a group of authors actually
sent the message. If the contents of the "Sender" field would
be completely redundant with the "From" field, then the
"Sender" field need not be present and its use is discouraged
(though still legal). In particular, the "Sender" field MUST
be present if it is NOT the same as the "From" Field.
The only authenticated identity Exim has is the login id of the process
that called it.
It is true that these days, when anybody can connect a personal computer
to the net and inject any old mail they like, Sender is not as important
as it used to be. Nevertheless, on shared systems it is of use for
tracking who among thousands of users sent that abusive message. I
suppose that now Exim is also used on non-shared systems, I should
provide an option for not adding Sender.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
