matching keywords in body is too permissive (information leak)
If i write an e-mail and it happens to mention schleuder commands in it, it might look something like:
Hey, i think what you meant to do was to get this thing re-sent to
alice@example.net. on the current version of schleuder, that would
look something like this:
x-listname: thislist@example.biz
x-resend-encrypted-only: alice@example.net
Does that look OK to you?
The result appears to be that schleuder will instead act on those lines, sending out (and re-sending to alice) an e-mail which looks like:
Hey, i think what you meant to do was to get this thing re-sent to
alice@example.net. on the current version of schleuder, that would
look something like this:
Does that look OK to you?
This is seriously problematic, as the resend could have been intended for internal consumption, and instead it was also re-sent to someone outside the list, leaking internal discussion and information.