Re: [Exim] Weird behavious WRT Sender: header

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Dave C.
CC: exim-users
Subject: Re: [Exim] Weird behavious WRT Sender: header
On Wed, 28 Nov 2001, Dave C. wrote:

> Ok, the source doesnt lie, and it answers this question.
>
> if there is a Sender: header present in the incoming messages, it is
> removed (Its still in the -Mvh output, and I just figured out the "*"
> before it means it was 'removed'), presumably becuase exim is going to
> force insert a Sender: headers with the local users login info.


Correct.

> Apparently the code that removes the Sender: header wasn't updated to
> allow for untrusted_set_sender.


No, the current state is deliberate. The point of untrusted_set_sender
is to allow untrusted users to set the envelope sender of the message.
It does not make such users "trusted". Because they are not trusted,
Exim insists on recording the true sender of the message somewhere,
namely, in the Sender: header, if From: doesn't match the sender.

Setting no_local_from_check means "don't check that From: matches the
real sender". That turns off *adding* a Sender:. I'm not at all sure
this should also include not removing an existing Sender, but perhaps it
should.

> That doesnt make me happy though. This particular webserver is running
> suidCGI type scripts, but the local user logins dont corrospond to
> any valid email addresses. I just want to force a
>
> "Sender: <MAILER-DAEMON@???>"
>
> on all messages sent through this script..



1. Make the caller of Exim trusted. Then Sender: headers won't be
stripped.

or

2. Detect the messages in a system filter, and use "headers remove" and
"headers add".


On Wed, 28 Nov 2001, Dave C. wrote:

> I've attached a very short patch which skips removing the "Sender:"
> header if untrusted_set_sender is set..


Is there some reason that you can't make the caller trusted?

I think this patch, if added, should be conditional on
no_local_from_check, not on untrusted_set_sender.

(In Exim 4, untrusted_set_sender is extended to be a list of possible
senders which can be set ["*" means "anything"], incidentally.)

Philip

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.