[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Qmail issues (was Re: Volunteer for command-line work)

From: Brian Behlendorf <brian_at_collab.net>
Date: 2000-10-17 02:30:59 CEST

On Mon, 16 Oct 2000, Matthew Braithwaite wrote:
> How does paying attention to the envelope sender help to prevent spam?

Actually it's not spam that it really addresses, but the fact that some
poorly coded MTAs will bounce messages by sending them back to the mail
server as the same message, with maybe an extra header or two indicating
the reasons for the bounce - which other valid MTAs will interpret as a
new message from the original poster. In those cases, the envelope from
will be the safest protection for mail loops. On less technically clueful
lists, it's also generally the case that envelope sender (being set by a
sysadmin) is more likely to be correct and free of dumb typos than the
From: header (set by users in some MTAs). Finally, not having to parse
the message headers for the From: header (and parse whatever screwy format
for From: people want to use) means that many fewer chances for
exploitable code.

There is no correct answer to the debate on whether it should look at the
envelope header or the From: header; I've managed a large majordomo
installation before and a small mailman installation, so my opinions on
what makes a good mailing list program are hard-won. =)

> So people who like to use a separate address for lists, such as
> mab+subversion-dev, are screwed,

Actually it's trivially easy to subscribe an alternate address to the
list, though your situation is that you'd like to send from that
subscribed address as well. No problem, just make sure that your envelope
sender address is subscribed to the allow list (as I sent you details on,
and is also documented in the help page emailed to you for the list). So
I'm not sure that:

> [ezmlm] ignores the needs of the non-qmail-using world.

isn't accurate.

        Brian
Received on Sat Oct 21 14:36:11 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.