From a3ab32789a1bdb6716b2d8c2eb96cfb6fcb3cbf4 Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan@rename-it.nl>
Date: Sat, 27 Dec 2008 21:52:31 +0100
Subject: [PATCH] Enotify: added FIXME.

---
 .../plugins/enotify/ext-enotify-common.c      | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/lib-sieve/plugins/enotify/ext-enotify-common.c b/src/lib-sieve/plugins/enotify/ext-enotify-common.c
index fc7bda216..62734ec81 100644
--- a/src/lib-sieve/plugins/enotify/ext-enotify-common.c
+++ b/src/lib-sieve/plugins/enotify/ext-enotify-common.c
@@ -19,6 +19,26 @@
 
 #include <ctype.h>
 
+/* FIXME: (from draft RFC)
+ *
+ * Header/envelope tests [Sieve] together with Sieve variables can be
+ * used to extract the list of users to receive notifications from the
+ * incoming email message or its envelope.  This is potentially quite
+ * dangerous, as this can be used for Deny Of Service attacks on
+ * recipients controlled by the message sender.  For this reason
+ * implementations SHOULD NOT allow use of variables containing values
+ * extracted from the email message in the method parameter to the
+ * notify action.  Note that violation of this SHOULD NOT may result in
+ * the creation of an open relay, i.e. any sender would be able to
+ * create specially crafted email messages that would result in
+ * notifications delivered to recipients under the control of the
+ * sender.  In worst case this might result in financial loss by user
+ * controlling the Sieve script and/or by recipients of notifications
+ * (e.g. if a notification is an SMS message).
+ *
+ * --> This is currently not possible to check.
+ */
+
 /*
  * Notify capability
  */
-- 
GitLab