> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have a suggestion for a feature that I think will make setup of > statusnet easier for some people. I think there should be a way to use > a POP or IMAP mailbox (or potentially just POP for simplicity) to do the > post via email system, not all hosting environments work well with > script aliases, I know mine does not work with them at all. I think it > should be able to be run as a cronjob and potentially inside the queue > handling system though I think that because this is a fairly basic > feature that most people will want and not everyone runs the queues or > wants to the cronjob way is more important. One way it could be > implemented fairly easily is to just call whatever function processes > the mail in the script alias passing it the parameters from the mail it > downloaded. The other option to implement this is to mimic the script > alias behavior for each email, however that creates more load on the > server because it has to reload PHP and the script for each email. > Another reason the cronjob would be good if not done the second way is > it would create less load on the server to do this even when you can > script alias because loading PHP into memory for each email and then > interpreting the script and executing it for each email is a lot higher > load on a busy server than say once every 10 minutes executing the > script, it would probably be better in a few situations even if run > every 5 minutes. What do others think of this idea?
In theory, the idea sounds good. However, there are some problems with it in practice. Say I sent an email to this new bucket email address. How does the recipient processing script who the email is from? The obvious approach is to read the "From" field in the email, then lookup who owns that email address is in the database. This is what I believe you are asking for, and what sounds so easy in theory. In practice, it will work for "nice" users. But let's say a malicious user wants to send a notice posing as someone else. He simply forges the "from" field! If everyone suddenly started using DKIM (or some other system that ensures the sender is really who they say they are), our script could trust the "from" field and this problem goes away... but that's not likely to happen any time soon (or perhaps ever). So I believe we are stuck with our current system where each user gets a unique email address that only they know. ~Craig _______________________________________________ StatusNet-dev mailing list StatusNet-dev@lists.status.net http://lists.status.net/mailman/listinfo/statusnet-dev
