innd and rejects of dates

Julien ÉLIE julien at
Mon Jul 11 14:51:04 UTC 2011

Hi Russ and Thomas,

>> What about replay of signed control messages, i.e. old checkgroups?
>> Currently you can't reinject an old checkgruops successfully because
>> its Message-ID is in history or it'll be rejected because its Date is
>> too old; both are signed headers. If INN will accept old articles with
>> a current Injection-Date - which was and is not signed, and even not
>> signable as it will be appended by the injecting agent (?) -, it will
>> be possible to replay a checkgroups from five year ago which will be
>> executed due to its valid signature. What do I miss here?
> Nothing.  Injection-Date should be signed when issuing control messages as
> well, but that gets tricky since the posting agent isn't supposed to
> provide one.  I suspect what that means is that control message processing
> software should impose a Date cutoff regardless of Injection-Date.

OK, the check has just been added to controlchan.
If artcutoff (an inn.conf parameter) is > 0, then a control article will 
be processed by controlchan only if it is less than artcutoff days old.
The date should similarly be less than 1 day in the future.

In order to parse the date, I added a dependency to 
DateTime::Format::Mail (checked at configure time).

I am going to merge this change to INN 2.5.3 too.  Of course the Perl 
new dependency will be mentioned at the top of the changes.
If someone complains now about that, I can delay the patch for INN 2.6.0 
only, and adapt INN 2.5.3 not to bypass the check made by innd on the 
Date: header field when an Injection-Date: header field is present.

Julien ÉLIE

« La vie est un sommeil, l'amour en est le rêve et vous aurez vécu
   si vous avez aimé. » (Alfred de Musset)

More information about the inn-workers mailing list