jonas at qad.org
Thu Sep 23 14:56:48 UTC 1999
[ Quoting brister at vix.com <brister at vix.com> ]:
> We should be careful how configurable we make it: we don't want to make it too
> easy for the admin's to create illegal message id's, nor do want to make it
IMHO there's an even bigger problem if we leafe it as is. Most
leafsites (even if they have a vaid FQDN somehow) are configured to
return something like "localhost.localdomain" to GetFQDN - which is as
worse as it can be. Even worse - there are scripts around to STRIP the
ID before posting the article to the upstream provider - a bunch of
dupes is usually the result if the pathexclude is not set correctly.
> too easy for them to generate message id's appearing to come from another
> completely separate domain. Of course anyone with the source can do this now,
> but still...
I'd consider the danger of some kind of misconfiguration bigger than
the danger that comes from a inn.conf-directive.
More information about the inn-workers