procmail
[Top] [All Lists]

Re: A file server in procmail: advices required

1996-11-11 21:13:48
Stephane(_dot_)Bortzmeyer(_at_)globenet(_dot_)org (Stephane Bortzmeyer) writes:
I need to implement a mail file server (the "clients" are mostly in Africa,
where many people still have only email access to the net). After reading
the procmailex man page, I made a prototype in procmail but I would like to
have some advices, specially on security issues.
...
Does anyone have comments to make? Do you know an already made fileserver
somewhere (I got many examples, such as the small one in procmailex or the
procmail library of Alan Stebbens <aks(_at_)sgi(_dot_)com> but I did not find a
ready-to-go software with my requirements)?

It looks safe to me, and if I dare say so, I'd call it well written.
You're properly paranoid and handle all the error cases in a reasonable
fashion.  I have just one comment on usage.  You write things similar to:

...
               # Check it doesn't include .. (cheating attempt), etc.
               :0
               * ^Subject: INDEX .*\.\.
               {
                       :0f
                       | formail -i"X-Diagnostic: ERROR: SECURITY PROBLEM
(no reply sent)"
                       :0
                       ! $MAINTAINER
               }
...

It's more efficient to say:

        :0
        * ^Subject: INDEX .*\.\.
        | formail -i"X-Diagnostic: ERROR: SECURITY PROBLEM (no reply sent)" \
                | $SENDMAIL -oi $MAINTAINER


as it saves a process and pipes the formail output directly into
sendmail instead of back into procmail and then into sendmail (note
that filtering actions require procmail to fork to do the filtering
without causing deadlock).

Other than that small point of style, it looks fine to me!

Philip Guenther

<Prev in Thread] Current Thread [Next in Thread>