procmail
[Top] [All Lists]

Re: Local redelivery of procmail'd spool?

2001-08-17 10:38:02
Tris <tris(_at_)semireal(_dot_)net(_dot_)dhis(_dot_)org> writes:
Philip suggested to Dan,

| > # Extract the first Received: header field and then look for
| > # a "for" clause in it.
| > :0 w
| > * ^Received:\/.*
| > * MATCH ?? [ ]for[ ]+\/<[^>]+>
| > ! $MATCH

Would there be a problem here if the email address had spaces,
which are allowed I believe, and are used by some MS people.
Would

! "$MATCH"

be safer, or would that work just the same?

You are correct: $MATCH should be quoted here.  I missed that.


As a side-note re: the inclusion of the <>'s around the address: if we
_didn't_ include them, then we would need to deal with the possibility
that an address started with "-": we would need to prevent sendmail from
interpreting the address as a option and its argument.  The solution
to that problem is to put a "--" option before the 'untrusted' address;
that tells sendmail that there are no more options on the command line.


        :0 w
        * conditions that set MATCH
        ! -- "$MATCH"


(Of course, in the actual situation above, we're extracting 'local'
addresses.  I presume no one actually has a username of "-tfroot" or
"-C/tmp/evil.cf".  That's at risk from intentional malicious behavior
only.)


Philip Guenther
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail