Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 473946 - gentoo-dev-announce posts without Reply-To
Summary: gentoo-dev-announce posts without Reply-To
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Infrastructure
Classification: Unclassified
Component: Mailing Lists (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Infrastructure
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-06-20 17:23 UTC by Robin Johnson
Modified: 2018-01-29 06:46 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2013-06-20 17:23:24 UTC 
From original mail by betelgeuse:
> can we implement a filter to gentoo-dev-announce that does not allow                                                                                       
> mails to get in without Reply-To being set? If it needs procmail etc                                                                                       
> work I can help with that.
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2013-06-20 17:24:51 UTC 
I have added the following rule to the mlmmj access control:
deny !^Reply-To:
Comment 2 Markos Chandras (RETIRED) gentoo-dev 2013-06-20 17:53:54 UTC 
I am afraid this is not enough. My original e-mail had a Reply-To header set properly. The problem is that I cross-posted to multiple mailing lists. So what we need here is to prevent more than one entries in the CC: field when you send something to gentoo-dev-announce.
Comment 3 Markos Chandras (RETIRED) gentoo-dev 2013-06-20 17:55:05 UTC 
Sorry I've just read your e-mail. Well, I feel the problem is partially solved so can we keep this bug open?
Comment 4 Manuel Rüger (RETIRED) gentoo-dev 2013-11-11 09:33:55 UTC 
Can infra add a proper auto-reply if the mail got rejected?
Right now the sender doesn't receive anything, right?
Comment 5 William Hubbs gentoo-dev 2014-07-20 18:38:18 UTC 
I submit that we shouldn't be munging the reply-to headers at all; this violates RFC2822. The below reference offers solutions for this issue.  [1].

Thanks for your consideration,

William

[1] https://woozle.org/~neale/papers/reply-to-still-harmful.html
Comment 6 Andreas K. Hüttel archtester gentoo-dev 2018-01-28 19:18:51 UTC 
Nothing to do for comrel here.
Comment 7 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2018-01-29 06:46:20 UTC 
We don't munge Reply-To for gentoo-dev-announce, but we do REQUIRE they are set by the author.