Steffen Kaiser wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 26 Apr 2007, Steffen Kaiser wrote:
Hello,
after digging in the CMU Sieve lib sources, I found where the problem stems from.
Somehow (I don't know why) in dovecot-sieve-1.0.1/src/libsieve/script.c:671
/* first, let's figure out if we should respond to this */ ret = makehash(hash, a->u.vac.send.addr, a->u.vac.send.msg);u.vac.send.addr is NULL.
Although, in dovecot-sieve-1.0.1/src/libsieve/bc_eval.c:256 I get the impression that this error handled by silently skipping vacation, if no return-path is available. It didn't happened for me. BTW: I want to have those replys ;-)
The reason is that by default sendmail does not pass forth Return-Path to the MDA and Dovecot deliver does not use the -f option for this reason.
The attached patch changes this by leting deliver_get_return_address() return any information available:
str = mail_get_first_header(mail, "Return-Path"); if(!str) str = envelope_sender != DEFAULT_ENVELOPE_SENDER ? envelope_sender /* -f option */ : mail_get_first_header(mail, "From"); /* That's not the most correct one, but alas */
oh no. never ever send to the From header address. if your mail system doesn't provide the necessary informations, fix it or do whatever you want, but please don't add yet another broken outscatter system...
this is clear in RFC 3834:
<excerpt source=rfc3834>
If the response is to be generated after delivery, and there is no Return-Path field in the subject message, there is an implementation or configuration error in the SMTP server that delivered the message or gatewayed the message outside of SMTP. A Personal or Group responder SHOULD NOT deliver a response to any address other than that in the Return-Path field, even if the Return-Path field is missing. It is better to fix the problem with the mail delivery system than to rely on heuristics to guess the appropriate destination of the response. Such heuristics have been known to cause problems in the past. </excerpt>
In case you read the following sections, note that vacation is not a service responder.
The problem still exists, if neither of the three information is available, but, well ... .
If you don't have the necessary informations, don't send a vacation. stay on the safe side.
Now, vacation is working.
maybe for you, probably not for the masses of backscatter victims...