[
https://issues.apache.org/jira/browse/JAMES-3032?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17028671#comment-17028671
]
Benoit Tellier commented on JAMES-3032:
---------------------------------------
Hello [~remi_kowalski],
This ticket misses in my opinion some critical aspects in its description in
order to discuss it correctly (and review the related work you did).
Especially the wording: "any alias of the connected user" needs to be correctly
explained.
It of course includes "user alias". Should it include "domain alias too? Should
recursion be supported? How about 'non-alias' items, should they be taken into
account in the recursion?
I believe, as I stated in
https://github.com/linagora/james-project/pull/3071#pullrequestreview-351998772
, that regarding questions I stated above, we might need some additional APIs
as part of RecipientRewriteTable class (to allow recursive resolution on a
subset of mapping types). I believe such method addtions would need to be
documented here too.
> [JMAP] Allow a user to send an email with a from address containing one of
> her alias
> ------------------------------------------------------------------------------------
>
> Key: JAMES-3032
> URL: https://issues.apache.org/jira/browse/JAMES-3032
> Project: James Server
> Issue Type: Improvement
> Affects Versions: 3.5.0
> Reporter: RĂ©mi Kowalski
> Priority: Major
>
> Currently James checks that the user connected matches the user is the From
> header of a mail being sent.
> Instead, James should allow that the From header contains any alias of the
> connected user.
> This also matches the current JMAP specification security considerations:
> https://jmap.io/spec-mail.html#permission-to-send-from-an-address
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
