"Fred Viles" wrote:
> On 11 Apr 2005 at 9:49, Ian FREISLICH wrote about
> "Re: [exim] Sender callouts ":
>
> | "Fred Viles" wrote:
> |...
> | > Still, ISTM it doesn't make sense to try use_sender as a fallback (as
> | > opposed to use_postmaster) since it is entirely reasonable for sites
> | > to block spoofed local sender addresses.
> |
> | use_postmaster
> |
> | This parameter applies to recipient callouts only. For example:
> |...
> | Either way exim requires a patch.
>
> Right, I didn't mean to imply otherwise.
>
> | Either way it allows you to do
> | some foot shooting, besides exim is so flexible, if used incorrectly
> | allows some severe foot shooting. On that case alone, I'd argue
> | for both use_postmaster and use_sender to be allowed in sender
> | callouts.
>
> OTOH, use_postmaster is potentially usefull and does not tell lies,
> while use_sender tells lies for no usefull purpose (IMHO).
>
> It's true that extra care must be taken to avoid verify loops if you
> use the option (don't do callout sender verification for postmaster),
> but that is easy and would be documented. Perhaps it could even be
> made automatic...
>
> | The latter, because if you allow use_postmaster, you can
> | set the postmaster address, so you don't really gain anything by
> | denying use_sender.
>
> I'd argue that the existance of an explicit option to do something
> implies that that there are cases where that something is a good
> thing to do. So implementing options just for orthogonality does
> have a negative aspect in certain cases.
Very well (white-space mangled):
--- acl.c.orig Tue Apr 12 07:51:20 2005
+++ acl.c Tue Apr 12 07:52:06 2005
@@ -1240,11 +1240,9 @@
else if (verify_sender_address != NULL)
{
- if ((verify_options & (vopt_callout_recipsender|vopt_callout_recippmaster))
- != 0)
+ if ((verify_options & vopt_callout_recipsender) != 0)
{
- *log_msgptr = US"use_sender or use_postmaster cannot be used for a "
- "sender verify callout";
+ *log_msgptr = US"use_sender cannot be used for a sender verify callout";
return ERROR;
}
Ian
--
Ian Freislich