[Savannah-help-public] [support #103775] From address used in CVS log messages

[Onno Molenkamp]

This is an automated notification sent by Savannah.
It relates to:
                support #103775, project Savannah Administration

==============================================================================
 LATEST MODIFICATIONS of support #103775:
==============================================================================

               Posted by: Onno Molenkamp <onno>
               Posted on: 2005-01-13 19:35 (Europe/Amsterdam)
    _______________________________________________________

Follow-up Comment:
Then you'll have a big problem when more sites start deploying SPF,
DomainKeys, etc. and your mails will be dropped.



It might be your personal view that it's ok to forge addresses, but in
general this isn't considered acceptable.



In case of a mailinglist, there are mechanisms to make it work, if the
original mail /was/ sent by an approved mailserver. That's not the case here.

==============================================================================
 OVERVIEW of support #103775:
==============================================================================

URL:
  <http://savannah.gnu.org/support/?func=detailitem&item_id=103775>

                 Summary: From address used in CVS log messages
                 Project: Savannah Administration
            Submitted by: onno
            Submitted on: Thu 01/13/2005 at 18:59
                Category: Mail server
                Priority: 5 - Normal
                Severity: 5 - Average
                  Status: Wont Do
                 Privacy: Public
             Assigned to: Beuc
        Originator Email: 
        Platform Version: None
             Open/Closed: Open

    _______________________________________________________


For a while, address@hidden was used as From address in CVS log
mails. This is the correct thing to do.



But now, the user specified address is used again. Can this be changed back?
The current behaviour doesn't work with SPF and other spam fighting
mechanisms, because you're simply forging the From address. Your mail server
isn't authorized to send mails on behalf of /other/ domains, and they will be
rejected by the receiving mailserver.

    _______________________________________________________

Follow-up Comments:


-------------------------------------------------------
Date: Thu 01/13/2005 at 19:35       By: Onno Molenkamp <onno>
Then you'll have a big problem when more sites start deploying SPF,
DomainKeys, etc. and your mails will be dropped.



It might be your personal view that it's ok to forge addresses, but in
general this isn't considered acceptable.



In case of a mailinglist, there are mechanisms to make it work, if the
original mail /was/ sent by an approved mailserver. That's not the case here.

-------------------------------------------------------
Date: Thu 01/13/2005 at 19:20       By: Sylvain Beucler <Beuc>
This cannot be done, because addresses @savannah.gnu.org are not valid (no MX
field in the DNS, no SMTP server). This caused other people to miss
notifications.



As far as I am concerned, I expect a SMTP server to be able to forge e-mails.
I send all my mails using different addresses using the same SMTP server.



Likewise, the mailing lists server send mail on behalf of the subscribees.








==============================================================================

This item URL is:
  <http://savannah.gnu.org/support/?func=detailitem&item_id=103775>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/