To: flexfax@sgi.com
Subject: faxmail from hylafax Beta 18
Date: Mon, 22 Jul 1996 12:07:38 +0200
From: Rainer Krienke
<...stuff deleted...>
The next problem is, that faxmail (in delivery mode) sends all
mail-faxes under
the user id of faxmail instead of the user who issued the mail (for us
this used
to work, since the mailfax delivery agent is run by sendmail under the
user id
of the user who sent the mail). This is a problem in so far, that the
user who
sent the mail is not allowed to delete it from the queue, since it does
not
belong to him any longer.
I checked and faxmail(1) does not describe the MailUser config parameter;
I've fixed this in my sources.
To elaborate on this issue--which I thought a bit about when doing the
work on faxmail--the problem is that it is hard to reliably map the
sender's identity (e.g. the From identity) into an account name that
should be used to submit the facsimile because From information can be
trivially forged. There are also issues of how to convert email addresses
(user@host) to a simple account name to use for logging in to the server.
In the end I "punted" on the problem and noted the difficulty in the
manual page. It would be nice if someone would add support for something
like the PGP-signed multipart/signed MIME type. With this you could
authenticate the sender and reliably map the sender's identity to a
login account on the server. Otherwise one could envision an untrusted
scheme whereby you use some mapping scheme to convert From addresses to
login accounts (though this could just as easily be done by having the
sender or a gateway script insert an x-fax-mailuser header in the envelope).
BTW, I did only enough builtin support to handle simple formatting of
multipart/digest mail that goes through my mail->fax gateway. Folks are
welcome to improve/extend what's there.
Sam
Matthias Apitz / guru@softcon.de ; (07:34:58 AM 01/27/97)