tonix (Antonio Nati) wrote:
Ingo Claro ha scritto:
tonix (Antonio Nati) wrote:
Ingo Claro ha scritto:
Hello list:
has anyone integrared this patch:
http://www.camscape.ro/opensource/qmail-smtpd-auth-secure.htm
chkuser already has such feature, enabled by
*CHKUSER_EXTRA_MUSTAUTH_VARIABLE.*
How much is different what you point from this feature?
Tonino:
this part:
Further more it only allows messages which have the same MAIL FROM:
and SMTP AUTH user to avoid sender misrepresentation.
What about NULL senders? Is allowed? A read receipt has a null sender
address.
good point, I didn't knew that. I looked at the code and this is the check:
if (authd && strcmp(addr.s,user.s)) { err_authmismatch(); return; }
so it doesn't consider the null senders (unless thay are sent without auth )
I think the patch is a good idea, but don't know for the moment how to
fix the null sender part.
regards,
Ingo.-
