[exim] Re: Dovecot pidgeonhole transport untaint $sender

Página Inicial
Delete this message
Reply to this message
Autor: Bill Cole
Data:  
Para: Martin Waschbüsch via Exim-users
Assunto: [exim] Re: Dovecot pidgeonhole transport untaint $sender
On 2023-05-11 at 11:39:50 UTC-0400 (Thu, 11 May 2023 17:39:50 +0200)
Martin Waschbüsch via Exim-users <martin@???>
is rumored to have said:

> Am 11.05.23 um 17:25 schrieb Jeremy Harris via Exim-users:
>> On 11/05/2023 16:12, Evgeniy Berdnikov via Exim-users wrote:
>>>   What about proposal in 1st comment to strip out "-f
>>> $sender_address"?
>>>
>>>   IMHO, dovecot-lda doesn't need sender address. Unless sieve is
>>> used,
>>>   with explicit reference to sender address.
>>
>> I assumed the most likely use of something called "pidginhole"
>> was delivery to distinct folders, often by inspecting the sender.
>> But perhaps it can use the From: header?
>
> If I read the dovecot docs correctly, lda will use the From: header if
> present and no -f <sender address> is given:
>
> "-f <address>: Envelope sender address. If not specified and message
> data begins with a valid mbox-style “From ” line, the address is
> taken from it."
> (https://doc.dovecot.org/configuration_manual/protocols/lda/)


That's not the "From:" RFC5322 message header, it is the prepended "From
" (no colon) line that acts as a delimiter for mbox files. That's good,
because that line contains the envelope sender, which the "From:"
message header may not.

> However, pidginhole provides extensive sieve language support and you
> can use almost any piece of an email to move, copy, filter, forward,
> autoreply, etc.
> (https://datatracker.ietf.org/doc/html/rfc5228)
> (https://pigeonhole.dovecot.org/)
>
> My guess is: Just removing the -f $sender_address just might change
> mail processing for some people.


Provided Exim is properly adding the no-colon From line to messages that
it pipes into dovecot-lda, there should be no change.

--
Bill Cole
bill@??? or billcole@???
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/