[sork] Re: Vacation From?

Eric Rostetter eric.rostetter at physics.utexas.edu
Mon Apr 18 13:05:23 PDT 2005 

Quoting Carl Boberg <carl at blackside.org>:

> My mailserver is unfortunately hosting several domains and all responses
> from vacation are from user at firtshost.firstdomain.com when they ought to
> be from second/third/fourth -host/domain.com

You would need someway to map them to the correct address.  Since I don't
know your setup, I can't help there.

> But I would still gladly see it as an configurable option :-)

You should probably file an enhancement bug request at
http://bugs.horde.org/ for this to be added to the vacation module.

> On a side note, about hindering users from forging the From:
> They can already do that in IMP by using different identities where they
> easily can set their From: address and such(yes it can be disabled but
> still).

Yes, but this was added to IMP long after the vacation module was done.
And my point about mistakes/typos still supports my decision, as I know
a significant portion of my user base can not correctly type their email
address every time (or even one time in some cases).

Besides, they wouldn't want to type it in each time, so we'd have to
default it to their address somehow (IMP default identity comes to mind,
or maybe just the Horde::Auth() but IMP would be more reliable, if set).

> And if I would like to fake my from address it probably wouldnt be by
> using auto respons function from vacation...

Once you put that on the screen, it becomes obvious and clear how to do it,
and could create mischieve.  Now, if they have any brains at all, they will
find another way to forge it.  But why add one more option to their supply
of ways to do it?

> And also; Is there any colaboration between horde modules to take care
> of theese kind of securityconcerns?

Well, depends on the severity of the security concern.  In this case, I 
don't think it is a real strong threat, and the benefit of personalities
in IMP was so create, that they went opposite ways.  In other cases, the
ties are much stronger.  So, I'd say, that like IMP's personalities, this
should probably be added with a way to disable it.

> / Cheers
> Carl

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin
 
Why get even? Get odd!

More information about the sork mailing list