Previously we only stopped at a blank or "content" line if there'd been a keyword. Now we also stop if there wasn't, which is correct.
Closes #535
We will drop the usage of dirmanager in the next (upcoming) major release: !386 (merged)
But in general this might be an issue different environments and thus the 2 different processes are looking in different places for the socket.
Schleuder purely relies on the signature (and thus a matching key) to identify an account and thus check whether somebody is allowed to do an action. So far we did not really see a value in checking on the sending e-mail address, since can be spoofed easily. So I would conclude that your first observation is by design and I cannot really come up with a benefit of checking the sender's address at all.
The second observation is rather weird. I agree that confirmations should be sent back to the original sender of a request and thus we should definitely look into why this seem to have happened.
In the meantime, it would be helpful if you could share which version of schleuder you are using.
This is a change in 4.0:
https://schleuder.org/schleuder/docs/changes.html
User-relevant changes in version 4.0 compared to version 3.6:
It is now mandatory to use a blank line to separate keywords from email content.
I would say this works as intendend. Since x-add-key
is supposed to look in the body of the email and without a blank line there is no body to detect.
From henk via IRC (origin)
ng (ee78c172) at 07 Nov 22:23
Merge branch 'feat/exim_doc_sqlite_lookup' into 'main'
... and 1 more commit
From henk via IRC (origin)
We want to discourage using them.
Closes #520
Closes #525
Can we make it without a warning on Ruby 3.2?
Ruby 3.2.2 says:
Socket.gethostbyname(Socket.gethostname).first
(irb):2: warning: Socket.gethostbyname is deprecated; use Addrinfo.getaddrinfo instead.
This runs tests against Ruby 3.2 and fixes one incompatibility.
It also updates some dependencies and fixes deprecation warnings.
CI wise, the authroized key was uploaded but not actived.
Otherwise, changes are fine, since exim hardened config usage and these changes are necessary with newer versions.
Changes to fix the exim config example from https://git.netwichtig.de/cgit/user/henk/code/schleuder-website.git
ng (a33b3d70) at 08 Sep 13:38
Merge branch 'fix/exim_config_tainted' into 'main'
... and 3 more commits
Changes to fix the exim config example from https://git.netwichtig.de/cgit/user/henk/code/schleuder-website.git
ng (ec37752f) at 18 Aug 07:07
gitlab issue titles are limited to 255 characters
Strip all non text/plain parts in multipart/alternative if keywords are present to stop leaking them, even when it is encapsulated in multipart/mixed. This makes sure that emails with the following structure don't leak keywords:
multipart/mixed
'- multipart/alternative
|- text/plain
'- multipart/related
|- text/html
'- image/png
This kind of structure is generated by Thunderbird 102.3.0 when images are included in the email. Other email clients might do that as well.
See also:
https://www.rfc-editor.org/rfc/rfc2046#section-5.1.3
https://www.rfc-editor.org/rfc/rfc2046#section-5.1.4
https://www.rfc-editor.org/rfc/rfc2387
fixes #523
We want our specs to be reliable as possible, for obvious reasons. Relying on UTC helps with that, as it doesn't have a concept of 'Daylight Saving Time', in contrast to other timezones.
Ref !402