innd and rejects of dates
Julien ÉLIE
julien at trigofacile.com
Mon Jul 11 14:51:04 UTC 2011
Hi Russ and Thomas,
>> What about replay of signed control messages, i.e. old checkgroups?
>>
>> Currently you can't reinject an old checkgruops successfully because
>> its Message-ID is in history or it'll be rejected because its Date is
>> too old; both are signed headers. If INN will accept old articles with
>> a current Injection-Date - which was and is not signed, and even not
>> signable as it will be appended by the injecting agent (?) -, it will
>> be possible to replay a checkgroups from five year ago which will be
>> executed due to its valid signature. What do I miss here?
>
> Nothing. Injection-Date should be signed when issuing control messages as
> well, but that gets tricky since the posting agent isn't supposed to
> provide one. I suspect what that means is that control message processing
> software should impose a Date cutoff regardless of Injection-Date.
OK, the check has just been added to controlchan.
If artcutoff (an inn.conf parameter) is > 0, then a control article will
be processed by controlchan only if it is less than artcutoff days old.
The date should similarly be less than 1 day in the future.
In order to parse the date, I added a dependency to
DateTime::Format::Mail (checked at configure time).
I am going to merge this change to INN 2.5.3 too. Of course the Perl
new dependency will be mentioned at the top of the changes.
If someone complains now about that, I can delay the patch for INN 2.6.0
only, and adapt INN 2.5.3 not to bypass the check made by innd on the
Date: header field when an Injection-Date: header field is present.
--
Julien ÉLIE
« La vie est un sommeil, l'amour en est le rêve et vous aurez vécu
si vous avez aimé. » (Alfred de Musset)
More information about the inn-workers
mailing list