[ZendTo] Re: Why is sendmail -f option disabled?
Jules at Zend.To
Wed Feb 20 14:27:11 GMT 2013
I removed that as it forces the envelope sender address to be the person
who sent the drop-off. Which may well not be an address within the
site's own domain.
So a lot of mail systems (particularly Exchange) will then reject the
message as a bad relay attempt, as they relay based on the envelope
sender and not the source IP address (which most sendmail-based mail
systems will use to control relaying).
Also, if the message ends up leaving the site, the SPF for the message
will be screwed as it originated from totally the wrong place, causing a
lot of sites to drop the message (including big guys like Gmail).
That's most of what I can remember about why I stopped faking the
envelope sender, it looked better initially but caused all sorts of
problems for people as the messages often wouldn't get through due to
email security controls.
Hope that helps,
P.S. Of course, you have the source, so if you want to re-enable it and
know it will work fine for your site/company/institution, then feel free
to edit the code! :-)
On 20/02/2013 13:55, tibz wrote:
> We are currently evaluating zendto and have deployed the CentOS Virtual
> Appliance for ESXi, running zendto 4.11-9
> We noticed that the return-path was set to "apache at domain.tld"
> After looking at the code, I noticed that the option to set the
> return-path is disabled in NSSDropbox.php:
> return mail(
> $headers // JKF Commented out for now due to security
> concerns ,
> // JKF Commented out for now due to security concerns
> // '-f "'.$fromAddr.'"'
> Can you explain why is it commented? (what are the security concerns you
> are referring to)
> ZendTo mailing list
> ZendTo at zend.to
> Julian Field MEng MBCS CITP CEng
> 'We face neither East nor West: we face forward.' - Kwame Nkrumah
> Twitter: @JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the ZendTo