Ingo Claro ha scritto:
tonix (Antonio Nati) wrote:
Ingo Claro ha scritto:
tonix (Antonio Nati) wrote:
Ingo Claro ha scritto:
Hello list:
has anyone integrared this patch:
http://www.camscape.ro/opensource/qmail-smtpd-auth-secure.htm
chkuser already has such feature, enabled by
*CHKUSER_EXTRA_MUSTAUTH_VARIABLE.*
How much is different what you point from this feature?
Tonino:
this part:
Further more it only allows messages which have the same MAIL FROM:
and SMTP AUTH user to avoid sender misrepresentation.
What about NULL senders? Is allowed? A read receipt has a null sender
address.
good point, I didn't knew that. I looked at the code and this is the
check:
if (authd && strcmp(addr.s,user.s)) { err_authmismatch(); return; }
so it doesn't consider the null senders (unless thay are sent without
auth )
I think the patch is a good idea, but don't know for the moment how to
fix the null sender part.
This is the reason for which I did not put this check inside chkuser. If
you stop NULL sender, you block user's normal activity when sending
receipts. If you don't, checking is unuseful for smart users. Not
speaking about using "reply to:" different from "return to:" different
from "mail from".
Anyway, as auth is always putting the real authenticated sender inside
mail headers, so, personally, I don't see this as a huge problem.
Regards,
Tonino
regards,
Ingo.-
--
------------------------------------------------------------
[EMAIL PROTECTED] Interazioni di Antonio Nati
http://www.interazioni.it [EMAIL PROTECTED]
------------------------------------------------------------
