From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/36559
Path: main.gmane.org!not-for-mail
From: Amos Gouaux <amos+lists.ding@utdallas.edu>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: Sender header?
Date: 02 Jun 2001 16:44:12 -0500
Message-ID: <q6mu21yk15f.fsf@spartacus.utdallas.edu>
References: <vafg0dwrpyh.fsf@lucy.cs.uni-dortmund.de>
	<01May23.141128edt.115245@gateway.intersys.com>
	<vaf3d9uq4c4.fsf@lucy.cs.uni-dortmund.de>
	<01May24.115917edt.115250@gateway.intersys.com>
	<vafsnhuk8t2.fsf@lucy.cs.uni-dortmund.de>
	<01May24.143521edt.115214@gateway.intersys.com>
	<m3r8xeh8qw.fsf@multivac.cwru.edu>
	<01May24.153439edt.115213@gateway.intersys.com>
	<m3itiqh6by.fsf@multivac.cwru.edu>
	<01May24.163305edt.115259@gateway.intersys.com>
	<m33d9uh3ri.fsf@multivac.cwru.edu>
	<01May24.172056edt.115272@gateway.intersys.com>
	<m366eqe3ot.fsf@ecube.local> <m1g0du18rx.fsf@ptw.com>
	<m37kz5e73g.fsf@multivac.cwru.edu> <m1g0dtz5gx.fsf@ptw.com>
	<vafy9rl2ivz.fsf@lucy.cs.uni-dortmund.de> <m17kz5xaln.fsf@ptw.com>
	<87y9rknm6e.fsf@bandersnatch.i-did-not-set--mail-host-address--so-shoot-me>
	<m1g0dsyu5k.fsf@reader.notalegal.fqdn>
NNTP-Posting-Host: coloc-standby.netfonds.no
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: main.gmane.org 1035172124 9215 80.91.224.250 (21 Oct 2002 03:48:44 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Mon, 21 Oct 2002 03:48:44 +0000 (UTC)
Return-Path: <amos+lists.ding@utdallas.edu>
Return-Path: <amos+lists.ding@utdallas.edu>
Original-Received: (qmail 17104 invoked from network); 2 Jun 2001 21:44:10 -0000
Original-Received: from ns0.utdallas.edu (129.110.10.1)
  by gnus.org with SMTP; 2 Jun 2001 21:44:10 -0000
Original-Received: from spartacus.utdallas.edu (spartacus.utdallas.edu [129.110.3.11])
	by ns0.utdallas.edu (Postfix) with SMTP id DA68A1A0052
	for <ding@gnus.org>; Sat,  2 Jun 2001 16:43:50 -0500 (CDT)
Original-To: ding@gnus.org
In-Reply-To: <m1g0dsyu5k.fsf@reader.notalegal.fqdn> (Harry Putnam's message of "26 May 2001 09:05:20 -0700")
User-Agent: Gnus/5.090003 (Oort Gnus v0.03) XEmacs/21.1 (Cuyahoga Valley)
Original-Lines: 67
Xref: main.gmane.org gmane.emacs.gnus.general:36559
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:36559

Frightening thread.  

Personally, what I'm most concerned about is the envelope sender.
If I set an identity in PINE, the "Sender:" will be
me@mymachine.domain, but the "From:" and the envelope sender
(eventually "Return-Path:") will be the identity address.  If the
envelope sender doesn't match the "From:" (before posting to a
list), then it's really hell to deal with.

Currently, to deal with this in gnus, I use the following (this was
done a while ago, so the comments might be way out of date now):

;;; Using smtpmail because it allows me to easily keep the "From:" address
;;; and envelope sender the same, just by setting `user-mail-address' via
;;; some posting styles (see below).  Why is this important?  Well, some
;;; MLMs are really anal about using the envelope sender rather than the
;;; "From:" address.  So this just makes sure I don't have too many headaches.
(load "smtpmail" nil t) ;;;; loading my hacked version.....
(add-hook
 'message-load-hook
 (function
  (lambda ()
    ;;; Envelope sender still a problem... try this...
    (add-to-list 'message-syntax-checks '(sender . disabled))
    (require 'smtpmail)
    (setq send-mail-function 'smtpmail-send-it)
    (setq message-send-mail-function 'smtpmail-send-it)
    (setq smtpmail-smtp-server "smtp.utdallas.edu"))))

I guess I also have to add that while the new RFCs do seem to
clarify some points, there still seems to be some room for
interpretation.  For example, take this portion from 2821:

B. Generating SMTP Commands from RFC 822 Headers

   2. The return address in the MAIL command SHOULD, if possible, be
      derived from the system's identity for the submitting (local)
      user, and the "From:" header field otherwise.  If there is a
      system identity available, it SHOULD also be copied to the Sender
      header field if it is different from the address in the From
      header field.  (Any Sender field that was already there SHOULD be
      removed.)

which seems to confirm what Rat has been saying.  HOWEVER, the very
next sentence reads:

      Systems may provide a way for submitters to override the
      envelope return address, but may want to restrict its use to 
      privileged users.  This will not prevent mail forgery, but may
      lessen its incidence; see section 7.1.

Well, this seems to weaken the SHOULDs above.  Section 7.1 then goes
on to say:

   Efforts to make it more difficult for users to set envelope return
   path and header "From" fields to point to valid addresses other than
   their own are largely misguided: they frustrate legitimate
   applications in which mail is sent by one user on behalf of another
   or in which error (or normal) replies should be directed to a special
   address.

Oh well, so much for that.  Not meaning to be a pain in the ass, but
I sure rely on such identities (with Cyrus shared folders) bloody
heavily........ 

-- 
Amos