~runxiyu/smlmp#3: 
Local command archive delivery

While the support for an external archive via email forwarding will still be supported (I mean, probably...), using this to deliver to a user that runs public-inbox in .forward, which requires public-inbox to read the List-ID header to identify mailing lists, is a security vulnerability as malicious users who want to inject content into the mailing list archives could send email with List-ID directly to the public inbox user.

Archival should support calling local mail delivery agents, setting necessary environment variables (especially ORIGINAL_RECIPIENT) as appropriate.

Status
REPORTED
Submitter
~runxiyu (unverified)
Assigned to
No-one
Submitted
1 year, 6 months ago
Updated
1 year, 6 months ago
Labels
No labels applied.