Proposed death of verifycancels
Russ Allbery
rra at stanford.edu
Thu Jun 8 07:45:03 UTC 2000
Does anyone use and want to keep the verifycancels inn.conf option? If
so, speak up now; I'm proposing removing it from the CURRENT tree. The
current USEFOR standard says not to verify cancels in that fashion and I
don't think it serves any useful purpose these days.
For those not familiar with it, the current verifycancels option checks
the From/Sender of the message against the From/Sender of the cancel and
only allows the cancel if they match. Of course, the canceller can just
forge the From/Sender (and most of them know to do this), plus the check
isn't and can't be performed if the cancel arrives before the original
message.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the inn-workers
mailing list