On Wed, 14 Jul 2004, Jim Ramsay wrote:
> Tim Rice wrote:
>
> > TMDA 1.0.3/sendmail
> >
> > I discovered that if I sent an e-mail from an account that was not
> > whitelisted but the Reply-To: header was my address that is whitelisted,
> > the message gets delivered unchallenged.
> >
> > Is this the intended behavior?
>
> I didn't think so, but a read of the code shows me that it is.
>
> Basically, it looks like when a message comes in TMDA checks the following
> addresses against your incoming filter in this order:
> - The envelope sender
> - The X-Primary-Address: header
> - The From: header
> - The Reply-To: header
> As soon as even one of these match, the action specified by the filter is
> carried out.
I started looking into this and so far I've only found some things
that don't work. About the time of my original post I had tried
this incoming filter rule without sucess.
reply-to [EMAIL PROTECTED] hold
Tonight I tried hacking on tmda-rfilter with partial success.
....
--- tmda-rfilter.old Mon May 30 18:16:31 2005
+++ tmda-rfilter Tue Feb 6 22:25:41 2007
@@ -808,8 +808,9 @@
if confirm_append_address and confirm_append_address != envelope_sender:
sender_dict[confirm_append_address] = None
from_list = getaddresses(msgin.get_all('from', []))
- replyto_list = getaddresses(msgin.get_all('reply-to', []))
- for list in from_list, replyto_list:
+ # replyto_list = getaddresses(msgin.get_all('reply-to', []))
+ # for list in from_list, replyto_list:
+ for list in from_list:
for a in list:
emaddy = a[1]
sender_dict[emaddy] = None
....
With the above patch the Reply-To hole is closed but local users (that
are whitelisted) using dated envelope get challenged. Not what I wanted.
Has anyone else looked into this?
--
Tim Rice Multitalents (707) 887-1469
[EMAIL PROTECTED]
_________________________________________________
tmda-workers mailing list ([email protected])
http://tmda.net/lists/listinfo/tmda-workers
