Very Computer

Problem description:

    The Pine email client allows users to define the "From:"
    address independent of their Unix username.  This is an
    indispensable feature for help desks and other role accounts.

    Unfortunately, user names and/or ids can still be leaked due to
    Pine's insertion of "Sender:" and/or "X-Sender:" headers.  Pine
    versions earlier than 4.44 may also insert the Unix username
    into other envelope and header fields.

Solution:

    Applying the following patch to pine 4.4 will cause
    {X-}Sender:  headers to be omitted.  Users may also need to
    define a remote "smtp-server" to prevent certain local MTAs
    from inserting this information.  Other details on changing
    Pine's "From:" line are detailed in the FAQ at:

        http://www.washington.edu/pine/faq/config.html#9.5

    To apply this patch, download the source code from:

        ftp://ftp.cac.washington.edu/pine/

    Unpack (tar xzvf ...) and cd into the source directory, apply
    the patch (patch < patch_file_name) and recompile per the
    documentation.

Disclaimers:

    This patch has been tested under Solaris and FreeBSD operating
    systems using the gcc compiler, however, no warranty is made
    regarding its accuracy or reliability.  Use it at your own
    risk.

    Pine and Pico are registered trademarks of the University of
    Washington. No commercial use of these trademarks may be made
    without prior written permission of the University of
    Washington.  Pine, Pico, and Pilot software and its included
    text are Copyright 1989-2002 by the University of Washington.

--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/

--------------------------------------------------------------------
--- pine/send.c.orig    Tue Jan  8 12:59:37 2002

        outgoing->return_path = rfc822_cpy_adr(outgoing->from);

+
        /*
         * Don't ever believe the sender that is there.
         * If From doesn't look quite right, generate our own sender.
         */
+       /**** fix u-washington anti-privacy loophole
        if(outgoing->sender)
          mail_free_address(&outgoing->sender);
+       /****

        /*

         *
         * Don't add a personal_name since the user can change that.
         */
+       /**** fix u-washington anti-privacy loophole
        if(!outgoing->from
           || !outgoing->from->mailbox

            outgoing->sender->mailbox = cpystr(ps_global->VAR_USER_ID);
            outgoing->sender->host    = cpystr(ps_global->hostname);
        }
+       /****

         /*----- Message is edited, now decide what to do with it ----*/
        if(editor_result & (COMP_SUSPEND | COMP_GOTHUP | COMP_CANCEL)){
--------------------------------------------------------------------