[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)

To: msmtp-users@lists.sourceforge.net
Subject: Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
From: Martin Lambers <marlam@...23...>
Date: Mon, 8 Feb 2010 21:49:12 +0100
In-reply-to: <20100208194052.GB7374@...214...>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=msmtp-users>
List-help: <mailto:msmtp-users-request@lists.sourceforge.net?subject=help>
List-id: "General discussion, questions & answers" <msmtp-users.lists.sourceforge.net>
List-post: <mailto:msmtp-users@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/msmtp-users>, <mailto:msmtp-users-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/msmtp-users>, <mailto:msmtp-users-request@lists.sourceforge.net?subject=unsubscribe>
Mail-followup-to: msmtp-users@lists.sourceforge.net
Openpgp: id=15BC348B; url=http://www.marlam.de/key.txt
References: <20100202171834.GG3750@...214...> <20100202182545.GA25836@...161...> <20100202220419.GB3815@...214...> <20100207110906.GA12879@...161...> <20100208194052.GB7374@...214...>
User-agent: Mutt/1.5.18 (2008-05-17)

On Mon, 08. Feb 2010, 20:40:52 +0100, Marcus C. Gottwald wrote:
> I may add that there seems to be a (small, theoretical) risk
> with the way command-line arguments are treated: At least
> "--tls-fingerprint" can be given multiple times, and the value
> of the last one supersedes the value of previous ones. Since
> "Mutt" wants to add "-f <envelopefrom>", "--" can't be used to
> tell "msmtp" that only recipients' email addresses are supposed
> to follow, and there might be a chance that someone could make
> me send an email addressed to "--host=mail.badguy.com
> --tls-fingerprint=...", so that the bad guy gets a chance to
> sniff my password.

That is always a problem when '--' is not used, even if the options can
only be given once.

But my version of Mutt adds '--' itself: the arguments to the configured
sendmail command are '-f marlam@...23... -- <recip1> <recip2>...'.
And every program that builds a sendmail command line from untrusted
input should do the same. Furthermore, mail addresses are even allowed
to start with '-', so the '--' is needed to recognize these.

Martin

References:
- [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
  - From: "Marcus C. Gottwald" <mcg@...213...>
- Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
  - From: Martin Lambers <marlam@...23...>
- Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
  - From: "Marcus C. Gottwald" <mcg@...213...>
- Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
  - From: Martin Lambers <marlam@...23...>
- Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
  - From: "Marcus C. Gottwald" <mcg@...213...>

Prev by Date: Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
Next by Date: [msmtp-users] Mail to root
Previous by thread: Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
Next by thread: [msmtp-users] Mail to root
Index(es):
- Date
- Thread