Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

send.publickey and send.privateorpublickey are weird #363

Open
taggart opened this issue Jul 3, 2018 · 2 comments
Open

send.publickey and send.privateorpublickey are weird #363

taggart opened this issue Jul 3, 2018 · 2 comments
Labels
bug

Comments

@taggart
Copy link
Contributor

taggart commented Jul 3, 2018

send.publickey seems to allow anyone with an account on the server (subscribed or not) or any request with a proper DKIM sig to send. I guess that's slightly better than allowing anyone (send.public) but why not use a sceneri that does: is_subscriber -> request_auth or checks DKIM? I can't think of a case where someone sending to a list would authenticate with a different account than the subscribed one.

send.privateorpublickey allows subscribers to send without auth (#362) but for non-subscribers it does request_auth, like the above just requiring having an account on the server(subscribed or not).

Maybe I am missing something about these? If not maybe they can start to go away?

Version

6.2.32 and older.

Installation method

Expected behavior

Actual behavior

Additional information
@ikedas
Copy link
Member

ikedas commented Jul 4, 2018

IMHO send.publickey would be better to be send.publicdkim or such.

@ikedas ikedas added the bug label Jul 14, 2018
@ikedas
Copy link
Member

ikedas commented Oct 19, 2018

Related PR: #365

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@taggart @ikedas