http://bugzilla.spamassassin.org/show_bug.cgi?id=2292
[EMAIL PROTECTED] changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From [EMAIL PROTECTED] 2004-04-26 15:39 -------
"whitelist_from_rcvd" is always better to use, and you don't really ever want
to whitelist yourself for the
reason of forging, but the problem, for those interested, is that
whitelist_from initiates this process:
@addrs = $self->{main}->find_all_addrs_in_line
($self->get ('From') . # std
$self->get ('Envelope-Sender') . # qmail: new-inject(1)
$self->get ('Resent-Sender') . # procmailrc manpage
$self->get ('X-Envelope-From') . # procmailrc manpage
$self->get ('EnvelopeFrom')); # SMTP envelope
which looks for anything that looks like an address, and goes from there.
I just committed a fix which uses the get('...:addr') code instead. These are
all From headers, so there
should only be 1 address per header, and the :addr code knows how to deal with
comments, etc. Note:
whitelist_from is still vulnerable to forging (just set the From header to the
address you want,) but
that's why whitelist_from_rcvd is favored. :)
r10293
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
