Ian T Zimmerman <itz(_at_)transbay(_dot_)net> writes:
...
Yes and no. I still don't see WHY this particular (quite complex)
behavior was deemed useful. Basically, it only makes difference in a
suspect situation - when someone is trying to forge the info. Why
would they care in what way precisely they're foiled?
For the same reason that sendmail allows anyone to change the envelope
from using the -f flag, but adds an X-Authentication-Warning: header
when the user is 'untrusted': because there are legitimate reasons for
an untrusted user to change the envelope sender, but at the same time
th recipient should be given warning that the address is less than
completely trustworthy.
Why would an untrusted user use the -o flag? Well, it's silly to use
it with the -f flag (except -f-), so it would presumably be used when
there might be an existing "From " line and the user wanted to have his
or her address in the "From " line instead (that is, they _want_ to
tell the truth).
Hmm, in that case they should just be saying "-f $USER". <pause> I
think you may be right: the logic is more complicated than it needs to
be; there should be three options for untrusted users, a choice between:
a) just their username in the "From " line,
b) some other address in the "From " line and their username in a
">From " line, or
c) no "From " line at all.
I'll have to think about this more and how it would work with older
applications that use the -o option. Perhaps the -o option should just
be trated like "-f $USER"?
Philip Guenther