Index: includes/mail.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/mail.inc,v
retrieving revision 1.17
diff -u -r1.17 mail.inc
--- includes/mail.inc	7 Nov 2008 16:59:36 -0000	1.17
+++ includes/mail.inc	14 Dec 2008 04:26:40 -0000
@@ -102,10 +102,10 @@
     'X-Mailer'                  => 'Drupal'
   );
   if ($default_from) {
-    // To prevent e-mail from looking like spam, the addresses in the Sender and
-    // Return-Path headers should have a domain authorized to use the originating
-    // SMTP server. Errors-To is redundant, but shouldn't hurt.
-    $headers['From'] = $headers['Sender'] = $headers['Return-Path'] = $headers['Errors-To'] = $default_from;
+    // To prevent e-mail from looking like spam, 'Sender' and 'Return-Path'
+    // should be addresses of a domain authorized to use the originating
+    // SMTP server. 'Errors-To' is redundant, but shouldn't hurt.
+    $headers['From'] = $headers['Sender'] = $headers['Errors-To'] = $headers['Return-Path'] = $default_from;
   }
   if ($from) {
     $headers['From'] = $from;
@@ -177,6 +177,16 @@
     return drupal_mail_wrapper($message);
   }
   else {
+    // If 'Return-Path' isn't already set in php.ini, we pass it separately
+    // as an additional parameter instead of in the header.
+    // However, if PHP's 'safe_mode' is on, this is not allowed.
+    if (isset($headers['Return-Path']) && !ini_get('safe_mode')) {
+      $return_path_set = strpos(ini_get('sendmail_path'), ' -f');
+      if (!$return_path_set) {
+        $message['Return-Path'] = $headers['Return-Path'];
+        unset($headers['Return-Path']);
+      }
+    }
     $mimeheaders = array();
     foreach ($message['headers'] as $name => $value) {
       $mimeheaders[] = $name . ': ' . mime_header_encode($value);
@@ -189,7 +199,9 @@
       str_replace("\r", '', $message['body']),
       // For headers, PHP's API suggests that we use CRLF normally,
       // but some MTAs incorrecly replace LF with CRLF. See #234403.
-      join("\n", $mimeheaders)
+      join("\n", $mimeheaders),
+      // Pass the Return-Path via sendmail's -f command.
+      $message['Return-Path'] ? '-f ' . $message['Return-Path'] : ''
     );
   }
 }