Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 5/3/83; site ukc.UUCP
Path: utzoo!linus!philabs!cmcl2!seismo!mcvax!ukc!lmcl
From: lmcl@ukc.UUCP (L.M.McLoughlin)
Newsgroups: net.unix-wizards
Subject: Re: deceptive mail
Message-ID: <4576@ukc.UUCP>
Date: Sat, 10-Nov-84 20:26:59 EST
Article-I.D.: ukc.4576
Posted: Sat Nov 10 20:26:59 1984
Date-Received: Sun, 11-Nov-84 22:13:29 EST
References: <331@uvm-cs.UUCP>
Reply-To: lmcl@eagle.UUCP (PUT YOUR NAME HERE)
Organization: Computing Laboratory, U of Kent at Canterbury, UK
Lines: 12
Summary: 

In article <331@uvm-cs.UUCP> hartley@uvm-cs.UUCP (Stephen J. Hartley) writes:
>Somebody here noticed the following "feature" of mail (4.2 BSD).  Under
>certain conditions, a user "xyzu" can do a "set user=abcd" and send mail
>to user "pqrs".  To "pqrs" it appears that "abcd" sent the mail (xyzu <>
>abcd).  This could cause misunderstandings or such if "xyzu" were malicious.
>Is this a feature or a bug?  Thanks.

I thought it was a bug.  When we switched to MMDF it agreed with me.
The From: line and who is posting the message must agree or mmdf tells
you to drop dead (to be honest it says something like invalid author spec).
So I change the rmail to ignore the USER enviroment variable and alway go by
uid.