From: Jim Meyering <jim@meyering•net>
To: Andy Parkins <andyparkins@gmail•com>
Cc: git@vger•kernel.org
Subject: Re: [PATCH] hooks--update: new, required, config variable: hooks.envelopesender,
Date: Sat, 24 Mar 2007 12:27:12 +0100 [thread overview]
Message-ID: <87wt1651bj.fsf@rho.meyering.net> (raw)
In-Reply-To: <200703231615.28350.andyparkins@gmail.com> (Andy Parkins's message of "Fri, 23 Mar 2007 16:15:26 +0000")
> On Friday 2007 March 23 15:25, Jim Meyering wrote:
>> Andy Parkins <andyparkins@gmail•com> wrote:
>> > On Friday 2007 March 23 13:29, Jim Meyering wrote:
>> >> It works for me using the sendmail from sendmail, and I have tested
>> >> this with the one from postfix, too.
>> >
>> > Is your user set as a trusted user for sendmail though?
>>
>> No. There is no need for that.
>>
>> > As a normal user wouldn't be allowed to do it.
>>
>> You mean with exim's sendmail?
>> sendmail -f alt-envelope-sender works just fine when run by a
>> non-privileged user when it's Sendmail's sendmail or the one from Postfix.
>> It's a shame if it doesn't work with exim's implementation.
>
> Okay; I went and found a sendmail manpage:
>
> "-fname Sets the name of the ``from'' person (i.e., the sender of the
> mail). -f can only be used by ``trusted'' users (normally
> root, daemon, and network) or if the person you are trying to
> become is the same as the person you are."
>
> Seems the same as exim to me. Perhaps your distribution sets it up to allow
> if for anyone?
I suspect that the above is from older documentation.
As you'll see in the excerpts below, the "can only be used"
is replaced with "should...", to permit using -f in cases like mine.
The documentation from sendmail-8.11.7/doc/op/op.me says this:
-f addr The envelope sender address is set to addr. This
address may also be used in the From: header if
that header is missing during initial submission.
The envelope sender address is used as the recipi-
ent for delivery status notifications and may also
appear in a Return-Path: header.
Then, in cf/README, they explain the trusted-users file is solely
to avoid a warning:
use_ct_file Read the file /etc/mail/trusted-users file to get the
names of users that will be ``trusted'', that is, able to
set their envelope from address using -f without generating
a warning message. The actual filename can be overridden
by redefining confCT_FILE.
A quick search found lots like this:
http://www.linuxmanpages.com/man8/sendmail.8.php
-fname
Sets the name of the ``from'' person (i.e., the envelope sender of
the mail). This address may also be used in the From: header if
that header is missing during initial submission. The envelope
sender address is used as the recipient for delivery status
notifications and may also appear in a Return-Path: header. -f
should only be used by ``trusted'' users (normally root, daemon,
and network) or if the person you are trying to become is the
same as the person you are. Otherwise, an X-Authentication-Warning
header will be added to the message.
So that was classic sendmail (8.11.7). Here's the description of -f
for postfix's sendmail (man sendmail):
-f sender
Set the envelope sender address. This is the address where
delivery problems are sent to. With Postfix versions before 2.1,
the Errors-To: message header overrides the error return
address.
In addition, I have tested this by sending myself a message
via printf '...' |sendmail -f nobody@nowhere•com -oi -t -v, and
examined the headers in the received messages. The first I sent
from a system running sendmail-8.11.7, the second from one running
Debian/unstable's Postfix 2.3.8-2. Both were sent by a "regular" (non-root)
user, and the envelope sender was the requested "nobody@nowhere•com"
in each case.
> So; in short: I don't have a good answer to offer you, and it seems that "-f"
> is working for you.
Yes, it does work for me. And it would work for anyone with
sendmail or Postfix. Whether it works for an exim-based
sendmail is a question of policy, and the default in Debian-based
systems is to allow it:
>From /etc/exim4/conf.d/main/02_exim4-config_options:
.ifndef MAIN_FORCE_SENDER
local_from_check = false
local_sender_retain = true
untrusted_set_sender = *
.endif
> However, I'm still not convinced that this is the
> correct thing to do in the default hook. My main gripe is still all
> these "trusted user" paragraphs in the MTA manual pages.
There is a legitimate need for this functionality, and -f does
usually work, so how about a compromise:
Include support for using sendmail's "-f envelope-sender" option
in the default hook, but enable it only if/when hooks.envelopesender
is set in the config file.
next prev parent reply other threads:[~2007-03-24 11:27 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-23 12:11 [PATCH] hooks--update: new, required, config variable: hooks.envelopesender, Jim Meyering
2007-03-23 12:58 ` Andy Parkins
2007-03-23 13:29 ` Jim Meyering
2007-03-23 14:05 ` Jakub Narebski
2007-03-23 14:12 ` Andy Parkins
2007-03-23 15:25 ` Jim Meyering
2007-03-23 16:15 ` Andy Parkins
2007-03-24 11:27 ` Jim Meyering [this message]
2007-03-24 12:16 ` Andy Parkins
2007-03-24 19:58 ` [PATCH] hooks--update: new, optional, config variable: hooks.envelopesender Jim Meyering
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wt1651bj.fsf@rho.meyering.net \
--to=jim@meyering$(echo .)net \
--cc=andyparkins@gmail$(echo .)com \
--cc=git@vger$(echo .)kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox