Dirk Alboth <[EMAIL PROTECTED]> writes:
| As I understand RFC 822 this is not violating the standard but in this
| case a "Sender:" field should reveal the true sender's identity
| (agreed?).
Should != Must. You can't stop people from lying.
Your only recourse is to cryptographically sign messages. Then the
recipients have some way to check the veracity of the putative sender.
I wouldn't bother hacking qmail when the cryptographic solution is
philosophically and practically superior.
| Now the "true" sender name will be ${TCPREMOTEINFO}@${TCPREMOTEHOST}
Pointless, since TCPREMOTEINFO is whatever the sender wants it to be.
It's for debugging, not security.
