"Jason R. Mastaler" <[EMAIL PROTECTED]> writes: > Change TMDA so that if an incoming message contains an > ``X-TMDA-From'' header, it will CONFIRM_APPEND that address instead > of the Return-Path address when the message is confirmed. > > Also, change TMDA so that it checks the address in ``X-TMDA-From'' > against FILTER_INCOMING along with the envelope sender, From and > Reply-To.
Here's one potential problem/objection to this. It took me a bit to recall why I hadn't already added such a mechanism. This would allow me to add arbitrary addresses to another user's whitelist. For example, I send Tim mail with this header: X-TMDA-From: [EMAIL PROTECTED] Tim's TMDA challenges the envelope sender address (me), and I respond. Now ``[EMAIL PROTECTED]'' is on Tim's whitelist. This can't happen currently because the challenged address is the one which gets whitelisted. Of course, I don't know how likely this attack is. First because it doesn't buy the attacker much---some extraneous addresses get on your whitelist until you notice this and close the gap. Also, there is an audit trail, as afterall _someone_ has to actually send messages and then reply to the challenges. But this is a theoretical weakness nonetheless. The question is, does this weakness negate the idea completely? Or, does the convenience of this feature outweigh its risks? _________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
