BOn Mon, 23 Aug 2010, Cord Beermann wrote: > First message should be from i-ask-for-someth...@$number.example.com, > the confirmation should be come from > i-do-not-want-anyth...@$number.example.com. > > In your try you used the same address for both?!
Hmm. I see there is a problem with $number.example.com, but not one which is fixed by modifying the "subscribe" script. If I send a message like this: From: someb...@example.com To: test-request Subject: subscribe someb...@41-3.com then someb...@example.com receives a cookie which enables him to subscribe the someb...@example.com address (wrong, but not particularly dangerous). We clearly want someb...@41-3.com to receive such mail instead, and we want the cookie to be for someb...@41-3.com. This patch seems to fix that: --- extraddr.old 2010-08-23 16:05:42.000000000 +0200 +++ extraddr 2010-08-23 16:06:05.000000000 +0200 @@ -61,13 +61,13 @@ $sed -n -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/' \ -e '/^[ ]*[^ a-z]/ q' \ -e 's/^...@]*add[ ]*'\ -'[^ ]*[ ]\([^ ]*[-a-z0-9...@!][a-z][^ ]*\).*/\1/p' \ +'[^ ]*[ ]\([^ ]*[-a-z0-9...@!][a-z0-9][^ ]*\).*/\1/p' \ -e 's/^...@]*address[ ]*'\ -'[^ ]*[ ]\([^ ]*[-a-z0-9...@!][a-z][^ ]*\).*/\1/p' \ +'[^ ]*[ ]\([^ ]*[-a-z0-9...@!][a-z0-9][^ ]*\).*/\1/p' \ -e 's/^...@]*sub[ ]*'\ -'[^ ]*[ ]\([^ ]*[-a-z0-9...@!][a-z][^ ]*\).*/\1/p' \ +'[^ ]*[ ]\([^ ]*[-a-z0-9...@!][a-z0-9][^ ]*\).*/\1/p' \ -e 's/^...@]*subscribe[ ]*'\ -'[^ ]*[ ]\([^ ]*[-a-z0-9...@!][a-z][^ ]*\).*/\1/p' ` +'[^ ]*[ ]\([^ ]*[-a-z0-9...@!][a-z0-9][^ ]*\).*/\1/p' ` fromaddr=`$cat $tmpfrom` I also see that once this is fixed, the message which is sent to someb...@41-3.com still says "To: someb...@example.com" in the message *body* but it's sent to someb...@41-3.com anyway. It would be nice to fix this as well, but I don't see that the suggested patch for "subscribe" fixes it. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
