[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Curious response



On Friday 12 December 2003 12:51, Peter van den Heuvel wrote:

> YES PLEASE!!!
>
> There's of course various things that we can do ourselves but I
> feel that including the real sender-address is not desirable
> anymore.

Hm, I remember that we had this discussion before on another list. I 
recall that we would all be out of the wood if we used one of these 
`geek' mail clients like mutt. ;-)

As far as I remember, the thing is: ezmlm doesn't (necessarily) 
check the FROM address in the header of an e-mail sent to the list 
in order to verify if you are subscribed or not. The thing that 
matters is the envelope address header, which is not included when 
ezmlm forwards a message to all list members. So, you could have a 
fake address in the FROM field as long as the envelope address is 
set to the address used for subscription.

(Please correct me, if I'm wrong!)

/Sven


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here