Proposed death of verifycancels

Russ Allbery rra at stanford.edu
Thu Jun 8 07:45:03 UTC 2000


Does anyone use and want to keep the verifycancels inn.conf option?  If
so, speak up now; I'm proposing removing it from the CURRENT tree.  The
current USEFOR standard says not to verify cancels in that fashion and I
don't think it serves any useful purpose these days.

For those not familiar with it, the current verifycancels option checks
the From/Sender of the message against the From/Sender of the cancel and
only allows the cancel if they match.  Of course, the canceller can just
forge the From/Sender (and most of them know to do this), plus the check
isn't and can't be performed if the cancel arrives before the original
message.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the inn-workers mailing list