Vincenzo Gianferrari Pini wrote:
Vincenzo,As just said, it is imperative for me that only *local users* may send messages to such lists, and it must be verifiable in the logs. The matcher I wrote works perfectly, but anyone from outside could just fake the sender email address using a legitimate local user address and have a spam or nasty message sent to lots of people, even customers, acting as someone else (also someone from inside could use someone else's name and damage).
You've stumbled across why we include RecipientIsLocal, but not SenderIsLocal, since it effectively is meaningless.
For James 3.0 we are planning to add arbitrary attributes to Mail objects, and with that we'll be able to pass along that this Mail object was sent by an authenticated user.
--
Serge Knystautas
President
Lokitech >> software . strategy . design >> http://www.lokitech.com
p. 301.656.5501
e. [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
