On Thu, 8 Sep 2005, Tony Finch wrote:
> When putting together the patch I noticed something odd in
> rf_get_errors_address:
>
> DEBUG(D_route|D_verify)
> debug_printf("------ Verifying errors address %s ------\n", s);
> if (verify_address(snew, NULL, vopt_is_recipient | vopt_qualify, -1, -1, -1,
> NULL, NULL, NULL) == OK) *errors_to = snew->address;
> DEBUG(D_route|D_verify)
> debug_printf("------ End verifying errors address %s ------\n", s);
>
> Shouldn't the errors_to address be verified as a sender address?
Well, you have really opened a can of worms there. I tried removing
vopt_is_recipient as an experiment, and a lot of tests fell apart. The
verify function thought it was verifying *the* sender address, and it
modified sender_address. Turns out there is a flag to stop this,
vopt_fake_sender, and with that set, the tests do work.
However, I am not convinced this is right. Sender verification is about
checking the incoming sender of the message, and we aren't checking that
at this point. Perhaps there is no "right" answer. Given the dilemma, I
have left the code alone, but put in a long comment.
Regards,
Philip
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.