Envelope from, sender, from, etc.
In 1.0rc1 USE_ENVELOPE_SENDER = 0 by default, but still it didn't work for me. After investigating it turned out that the documentation misled me. I think the documentation or the function should be changed, preferrably the latter.
According to the section in NEWS where USE_ENVELOPE_SENDER is added:
# With this variable set to true, the envelope sender (e.g. Unix # "From_" header) is used to match addresses, otherwise the From: # header is used.
The FAQ also speaks about the difference being between using envelope from and From:.
The comments in Defaults.py indicate that this is perhaps not the whole truth as they say
# The envelope sender is set by the SMTP delivery and is thus less easily # spoofed than the sender, which is typically just taken from the From: header
"Typically" is the key word here. The actual code uses GetSender which prefers to use Sender: but uses From: if there is no Sender:. So my messages which said
From: starback@ling.uu.se
Sender: starback@objekt.ling.uu.sewhere rejected when only "starback@ling.uu.se" was a subscriber.
Am I missing something here? It seems to me that the point of USE_ENVELOPE_SENDER=0 is that we are willing to accept the lesser security we get when we just accept who the sender says they are and don't insist that the "technical stuff" (envelope from) has to match. Why then refuse because of a Sender: header that probably echoes what was in envelope from?
-- Per Starback starback@ling.uu.se http://stp.ling.uu.se/~starback/me.html "Life is but a gamble! Let flipism chart your ramble!"
Per Starback wrote:
"Typically" is the key word here. The actual code uses GetSender which prefers to use Sender: but uses From: if there is no Sender:. So my messages which said
From: starback@ling.uu.se Sender: starback@objekt.ling.uu.sewhere rejected when only "starback@ling.uu.se" was a subscriber.
According to my understanding of RFC822, GetSender should be the other way around, using Sender: as a fallback to From:. In fact, I had to patch it this way to enable me to subscribe to my mailing lists using Communicator, which was using "Sender: tony" (which is also incorrect, but that's besides the point. all other mailing list software works with From:) MailMan was trying to send the confirmation requests to the Sender: address, which was not working. In fact, for the purpose of sending such replies, it should actually be looking for a Reply-To: first. I don't really know the code, but I think this would require creating a separate GetSender for a) authorizing postings to a closed list, and b) generating replies to administrative requests.
-t
--
Tony Abbott tabbott@intekom.co.za
Systems Administrator, Intekom Tel: +27-11-266-7800
http://www.intekom.co.za Fax: +27-11-315-0707The information in this email and in any attachments is confidential and intended solely for the attention and use of the named addressee(s). This information may be subject to attorney and client or other privilege. It must not be disclosed to any person without Intekom's permission.
participants (2)
-
Per Starback -
Tony Abbott