-
Notifications
You must be signed in to change notification settings - Fork 154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sieve: allow private Final-Recipient in rejects, allow non-Original-Recipient header for original recipient. #5162
Conversation
894b2ad
to
a04620e
Compare
Shouldn't merge until v3.12 forked. Will require tweak to Fm internal builds. |
lgtm, but I think we also need a changes/next/* entry? Like b48001d |
Great catch, thank you. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One nit about four-space indents, but I'm approving it now because it does not need my re-review once that's fixed.
I'll add the Do Not Merge label so it (hopefully) doesn't get merged accidentally |
cca019d
to
969f7a8
Compare
631cb1e
to
2bddca9
Compare
f69efad
to
a976fab
Compare
a976fab
to
649c4ee
Compare
This replaces a longstanding private commit in Fastmail's Cyrus, which replaces Final-Recipient with an encrypted version of the original recipient. The goal is to provide a string that can be traced back to a recipient by the Cyrus operator, but doesn't disclose the final delivery username to the bounce recipient. Using session_id should accomplish the same result, at least if logs are maintained. It's also a lot less complex than shipping our own little RC4 implementation!
This eliminates custom code in Fastmail builds.
649c4ee
to
39569ff
Compare
This replaces a longstanding private commit in Fastmail's Cyrus, which replaces Final-Recipient with an encrypted version of the original recipient. The goal is to provide a string that can be traced back to a recipient by the Cyrus operator, but doesn't disclose the final delivery username to the bounce recipient.
Using session_id should accomplish the same result, at least if logs are maintained. It's also a lot less complex than shipping our own little RC4 implementation!
This then replaces another private commit, allowing the Sieve rejection code to pluck the original recipient from a header other than Original-Recipient.