Author: Ian Jackson Date: To: Philip Hazel CC: exim-users Subject: Re: [Exim] Re: Untrusted users setting the return-path
Philip Hazel writes ("Re: [Exim] Re: Untrusted users setting the return-path"): > On Wed, 18 Oct 2000, Ian Jackson wrote:
> > > Firstly, is this patch correct ? Secondly, is it likely to go into
> > > the standard Exim ? If so then I'll send you another patch for the
> > > documentation. If not I'll try to persuade the Debian maintainer to
> > > accept it :-).
>
> It is not correct, or rather, it is not complete, because it doesn't
> interact well with the rules for inserting Sender: and other things that
> get done for local senders. I am considering implementing it as
> "allow_untrusted_return_path", but I really have to tidy up all these
> other interactions, which have got into a mess as various cases have
> been added to the original code.
Right.
> > > The new behaviour is supposed to be that -f and MAIL FROM (in SMTP
> > > sessions) will now be honoured from all local users, regardless of
> > > trusted_users/groups.
>
> That is all I plan to implement; the handing of Sender: etc. will be as
> before (but is turn-off-able already).
Great.
> > > NB that the patch makes this behaviour the default. I think this is
> > > helpful because problems caused by (eg) mailing list programs not
> > > being able to set their return path seem to outnumber problems caused
> > > by programs using `-f' inappropriately.
>
> I will not make it the default, for compatibility, and also because I
> prefer to have "security"-type doors closed by default.
