On Sunday 16 October 2005 17:44, Sönke Ruempler wrote: > On 15.10.2005 13:50, Dick van der Kaaden wrote: > > Davide, > > > > What you think about a version of sendmail that has an option to use the > > From: header address as smtp mail from. Do you envision any problems with > > this? > > > > The thing is that the current behavior does not work well in the shared > > hosting environment that we operate for our customers. Most of the these > > sites use php and the php mail function. This function does not allow you > > to set the smtp mail from and it simply calls xmail's sendmail. > > It does, if you don't use PHP's safe_mode - see here: > > http://php.speedbone.de/manual/en/function.mail.php >
I must admit that I had not RTFM and did not realize it was possible under normal operation. Unfortunately, we do use safe mode for our virtual hosts. Most of our customers run standard php scripts that occasionally have security issues. Reading the php manual I realized that my change does have a security impact. Allowing an arbitrary mail from address from an untrusted source is not a good thing. I think it will be better to limit the domain part of the smtp mail from to the virtualhost servername. The user part must be configurable. I will have to think about this a little longer Dick - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
