Added comment about verifying errors_to as a recipient, not a sender.

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 0db8b4300c4d7936305e81c2ba14bbb97ec9e96a..7e8392eae9848471ea019d67d7054c38e044d0d8 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.225 2005/09/13 09:54:14 fanf2 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.226 2005/09/13 10:35:52 ph10 Exp $
 
 Change log file for Exim from version 4.21
 -------------------------------------------
@@ -173,6 +173,9 @@ PH/42 (But a TF fix): In a domain list, Exim incorrectly matched @[] if the IP
 PH/43 (Again a TF fix): In the dnslookup router, do not apply widen_domains
       when verifying a sender address, unless rewrite_headers is false.
 
+PH/44 Wrote a long comment about why errors_to addresses are verified as
+      recipients, not senders.
+
 TF/01 Add missing LIBS=-lm to OS/Makefile-OpenBSD which was overlooked when
       the ratelimit ACL was added.
 

diff --git a/src/src/routers/rf_get_errors_address.c b/src/src/routers/rf_get_errors_address.c
index e0eb0f0269cad26db65ae247d4e26cea03d69cd9..e766613841cd32a1e902c7b5c0e9f7eb6171ae17 100644 (file)
--- a/src/src/routers/rf_get_errors_address.c
+++ b/src/src/routers/rf_get_errors_address.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/routers/rf_get_errors_address.c,v 1.4 2005/09/12 15:09:55 ph10 Exp $ */
+/* $Cambridge: exim/src/src/routers/rf_get_errors_address.c,v 1.5 2005/09/13 10:35:52 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -100,10 +100,23 @@ else
     address_expansions_save[i++] = **p++;
   address_test_mode = FALSE;
 
+  /* NOTE: the address is verified as a recipient, not a sender. This is
+  perhaps confusing. It isn't immediately obvious what to do: we want to have
+  some confidence that we can deliver to the address, in which case it will be
+  a recipient, but on the other hand, it will be passed on in SMTP deliveries
+  as a sender. However, I think on balance recipient is right because sender
+  verification is really about the *incoming* sender of the message.
+
+  If this code is changed, note that you must set vopt_fake_sender instead of
+  vopt_is_recipient, as otherwise sender_address may be altered because
+  verify_address() thinks it is dealing with *the* sender of the message. */
+
   DEBUG(D_route|D_verify)
     debug_printf("------ Verifying errors address %s ------\n", s);
-  if (verify_address(snew, NULL, vopt_is_recipient | vopt_qualify, -1, -1, -1,
-    NULL, NULL, NULL) == OK) *errors_to = snew->address;
+  if (verify_address(snew, NULL,
+      vopt_is_recipient /* vopt_fake_sender is the alternative */
+      | vopt_qualify, -1, -1, -1, NULL, NULL, NULL) == OK)
+    *errors_to = snew->address;
   DEBUG(D_route|D_verify)
     debug_printf("------ End verifying errors address %s ------\n", s);