Safely piping to a shell script
Adam Shostack
adam at shostack.org
Fri Feb 10 18:30:13 UTC 2017
Thanks for the previous answer on :execute. In thinking about
malicious input, I am worried about the possibility that mail will be
sent with a clever from line. (Section 7 of
http://www.ietf.org/rfc/rfc5229.txt is great, btw)
To address this, I'm considering the following, and would appreciate
feedback. I'm aware that this doesn't capture all emails, those with
non-alphanum are legit, and badly handled.
I think that this restricts the input of the grepfrom script to be
a single string, matching "a-zA-Z09 at ."
if not address :regex "from" "^[:alnum]*@[:alnum]*([:alnum].)*$" {
fileinto :create "wierd"; stop ; }
elsif address :regex "from" "*" {
set "sender" ${1};
if execute "grepfrom" "${sender}" {
keep ; stop; }
else {fileinto :create "neversent"}
As an aside,
https://www.joachim-breitner.de/blog/441-Goodbye_procmail,_Hello_Sieve
contains a nice pattern, creating an include file to test, and that
addresses many, but not all of my use cases. Should I worry if the
match there is 5000+ strings?
Adam
More information about the dovecot
mailing list