Proposed death of verifycancels

Russ Allbery rra at
Thu Jun 8 07:45:03 UTC 2000

Does anyone use and want to keep the verifycancels inn.conf option?  If
so, speak up now; I'm proposing removing it from the CURRENT tree.  The
current USEFOR standard says not to verify cancels in that fashion and I
don't think it serves any useful purpose these days.

For those not familiar with it, the current verifycancels option checks
the From/Sender of the message against the From/Sender of the cancel and
only allows the cancel if they match.  Of course, the canceller can just
forge the From/Sender (and most of them know to do this), plus the check
isn't and can't be performed if the cancel arrives before the original

Russ Allbery (rra at             <>

More information about the inn-workers mailing list