[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Virtusertable, SiteAdmins and accept-email-for-domain...

Hello Robert!

"Robert G. Fisher" wrote:

> On Thu, Jul 13, 2000 at 01:01:55PM -0700, Jeff Lasman wrote:
> > Not necessarily fine.  See "sendmail" the O'Reilly book, Bryan Costales
> > with Eric Allman, page 274:
> >
> >   Note that sendmail does a single lookup, so one line may not reference
> >   another.  The following won't work:
> >
> >     info@xxxxxxxxxxxxxxxxxx   forsale@xxxxxxxxxxxxx
> >     @fictional.com            user@xxxxxxxxxxxx
>
> If both 'stuff.for.sale.com' and 'fictional.com' are in the W class
> then it WILL evaluate to 'user@xxxxxxxxxxxx'.  At least this is the
> case with sendmail 8.9.3.

Same here.

> Which is really the same as what the original post was covering.
>
> The issue was/is the Cobalt UI didn't provide a way to enter a
> default entry for a domain.  It shouldn't be that hard, just add
> a location and check box with 'receive email for this domain'
> for a 'catch all' alias, either you put one or it sends it to an
> alias like 'no-such-user' which is a non-existent user or alias
> so that the sendmail maps it to the NO SUCH USER error.

Alright, but the real issue here is that not adding such an error redirection
automatically whilst providing site administrators with the infamous
"accept-email-for-domain" checkbox leads to a possible security compromise,
which in reality means that I can be anyone I want *in another domain* on the
same RaQ3. Also, reporting the error can be done directly by a mapping in the
virtusertable (map to "error:No such user for this domain") using custom error
messages.

Jan