Re: [Exim] Re: Untrusted users setting the return-path

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Ian Jackson
CC: exim-users
Subject: Re: [Exim] Re: Untrusted users setting the return-path
On Wed, 18 Oct 2000, Ian Jackson wrote:

> > Firstly, is this patch correct ? Secondly, is it likely to go into
> > the standard Exim ? If so then I'll send you another patch for the
> > documentation. If not I'll try to persuade the Debian maintainer to
> > accept it :-).


It is not correct, or rather, it is not complete, because it doesn't
interact well with the rules for inserting Sender: and other things that
get done for local senders. I am considering implementing it as
"allow_untrusted_return_path", but I really have to tidy up all these
other interactions, which have got into a mess as various cases have
been added to the original code.

> > The new behaviour is supposed to be that -f and MAIL FROM (in SMTP
> > sessions) will now be honoured from all local users, regardless of
> > trusted_users/groups.


That is all I plan to implement; the handing of Sender: etc. will be as
before (but is turn-off-able already).

> > NB that the patch makes this behaviour the default. I think this is
> > helpful because problems caused by (eg) mailing list programs not
> > being able to set their return path seem to outnumber problems caused
> > by programs using `-f' inappropriately.


I will not make it the default, for compatibility, and also because I
prefer to have "security"-type doors closed by default.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.