Forum OpenACS Development: Re: RFC: Callbacks for Incoming Emails

Collapse
Posted by Peter Alberer on
I would propose to forget about exposing any system internals in the email adress. It is totally unnecessary and creates security risks. A user could (in the current implementation CAN) forge a forums post just by guessing an object_id and a user_id (both are easily found out).

So my proposal is to send all emails from an address like openacs-XXXXXXXXX. The XXX is a secret token that is generated individually for each mail sent out and is registered in the database together with all necessary info about the reply (object_id, notif_type_id, user_id, whatever). When a mail comes back we can look into the "incoming_mail_allowed_tokens" table and get all of the details to process the reply. (i have not thought about any details of this process, but using callbacks sounds good)

This way we do not have to care about modyfiying postfix files for every new package that wants to get incoming mail.