tags 521372 - patch thanks On fredagen den 27 mars 2009, Simon McVittie wrote: > The attached patch adds a trust_from_address option, which is basically the > opposite of fix_from_address. If set, then each user's configurable From > address is used as the SMTP envelope sender (if possible), and the user's > authenticated username is placed in an X-header. It builds on > usernames_with_at.patch. > > (Also, as a bugfix for usernames_with_at.patch, if the authenticated > username contains '@', return_domain is no longer appended.) > > This is analogous to Exim's untrusted_set_sender option, and Postfix's > default behaviour.
Even if we can trust the users not to use forged sender addresses, I think we still need to sanitize the input before passing it to the shell. -- Magnus Holmgren holmg...@debian.org Debian Developer
signature.asc
Description: This is a digitally signed message part.
