Sieve "redirect" changes envelope sender in 2.3. / pigeonhole 0.5
Bill Shirley
bill at KnoxvilleChristian.org
Sat Apr 21 16:25:09 EEST 2018
On 4/20/2018 8:53 AM, Olaf Hopp wrote:
> On 04/20/2018 02:01 PM, Olaf Hopp wrote:
>> Hi (Stephan?),
>> is it a new feature of dovecot 2.3 /pigeonhole 0.5 that a sieve "redirect" changes the envelope sender of
>> a redirected mail or simply a bug ?
>>
>> A sends mail to B, B redirects to C
>> C sees B (not A!) as envelope sender.
>> It is not a problem if C gets the mail but if that mail bounces
>> for various reasons it goes back to B and A will never know about this.
>>
>> I thick this is came with 2.3 / pigeonhole 0.5 ?
>>
>> # 2.3.1 (c5a5c0c82): /etc/dovecot/dovecot.conf
>> # Pigeonhole version 0.5.devel (61b47828)
>> # OS: Linux 2.6.32-696.23.1.el6.x86_64 x86_64 CentOS release 6.9 (Final)
>>
>>
>> Regards,
>> Olaf
>>
>
> I moved one version back, same config except those changes in 10-ssl.conf necessary for the 2.2->2.3 upgrade
>
> # 2.2.35 (b1cb664): /opt/dovecot/etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.23 (b2e41927)
> # OS: Linux 2.6.32-696.23.1.el6.x86_64 x86_64 CentOS release 6.9 (Final)
>
> and this version keeps the envelope sender untouched.
> So this a regression with 2.3 / 0.5
> Envelope *senders* should never ever be modified.
>
> Regards,
> Olaf
>
>
My father is subscribed to a mailing list that instead of using list at xyz.org in the envelope
it actually modifies the envelope to the poster's email address. When they try to send
the email to my server and the envelope says "Hi, I'm coming from bob at example.com",
I know they are lying because *my mail server is the mail handler* for example.com. REJECT
If you accept mail that's obviously forging the envelope sender, any spammer can just
send email saying I am you and get passed by a whitelist statement in Spamassassin
because... user at example.com "oh, he's a good guy. Let him through."
Bill
More information about the dovecot
mailing list