[imp] IMP (apache) abuse ?

[Eric Rostetter]

Quoting Federico Petronio <petronio@agro.uba.ar>:

> apache set sender to atencionaclientes@scapsa.shell.com using -f: 1 Times(s)
> apache set sender to ramirocarretero@datafull.com using -f: 1 Times(s)
> apache set sender to 19970047@correo.lamolina.edu.pe using -f: 1 imes(s)
>  
> As far as I understand that means that a mail was sent using apache and 
> setting the From to those address.

Correct.  To get rid of the warning messages, you need to set "apache" as
a "trusted user" in your sendmail.cf file.

> What do you think ? could this be a config problem in IMP?, a security 
> bug? some problem in something else than HORDE/IMP ?
> 
> Any help is welcome.

In sendmail.cf, Find a Section that looks something like:

#####################
#   Trusted users   #
#####################

# this is equivalent to setting class "t"
#Ft/etc/sendmail.ct
Troot
Tdaemon
Tuucp

And add Tapache if it looks like above, or if it uses (rather than comments
out) the file sendmail.ct, then add the apache user to that file.

If you use sendmail.mc, then add something to it like:

define(`confTRUSTED_USERS',`apache')

and then rebuild (m4) the sendmail.cf file from the sendmail.mc file.

> I run RH 7.2 (updated) and IMP 2.2.8.

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

"TAD (Technology Attachment Disorder) is an unshakable, impractical devotion
to a brand, platform, product line, or programming language. It's relatively
harmless among the rank and file, but when management is afflicted the damage
can be measured in dollars. It's also contagious -- someone with sufficient
political clout can infect an entire organization."

--"Enterprise Strategies" columnist Tom Yager.