>> If I am unable to get the confirmation emails to my mailbox without >> stripping the Tags (+confirm etc) can I use formail or something to >> extract the TO: from the rfc822 headers? > > The "To:" header doesn't offer reliable information. It's often > forged, particularly in the case of spam messages.
If I can use rewrite rules so that [EMAIL PROTECTED] and [EMAIL PROTECTED] get to my login (procmail script) then I get control... I can do some checking to make sure that the extracted TO is either tom@ or tom+*@ to validate it, it would be hard for a spammer to corrupt BOTH the rewritten envelope and the rfc822 header... No? May be able to use $LOGNAME instead of hardcoded 'tom' Am I missing something or possibly on the right track? > How about upgrading Sendmail then? Or better yet, replacing it with a > more modern MTA? Old versions of Sendmail are riddled with security > holes anyway. That is not going to happen quickly... my server provider has a lot of custom hooks in lots of places... been with them for almost 10 years and I'm not going anywhere soon... ;) tom _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
