Milter-greylist

On Mon, May 11, 2009 at 09:35:20AM +0200, Petar Bogdanovic wrote:
> On Mon, May 11, 2009 at 07:17:39AM +0000, Emmanuel Dreyfus wrote:
> > On Mon, May 11, 2009 at 09:13:53AM +0200, Petar Bogdanovic wrote:
> > >  	snprintf(buffer, SPAMD_BUFLEN,
> > > -	  "CHECK SPAMC/1.2\r\nContent-length: %d\r\n\r\n",
> > > -	  (unsigned int)(priv->priv_msgcount + strlen(rcvhdr)));
> > > +	  "CHECK SPAMC/1.2\r\n"
> > > +	  "Content-length: %d\r\n"
> > > +	  "User: %s\r\n\r\n",
> > > +	  (unsigned int)(priv->priv_msgcount + strlen(rcvhdr)),
> > > +	   priv->priv_queueid);
> > 
> > Is it reasonable to abuse the User field?
> 
> I'm not entirely sure (...)

At least you can't rely on the value of this header since the only thing
which prevents you from providing a bogus value is a correctly compiled
spamc or a strict suid-environment which is not an option if spamd is
listening to an internet socket.



   Petar Bogdanovic